Gå till innehåll

Polisvirus Behöver hjälp

HåkanSand
 Dela

Recommended Posts

HåkanSand

HåkanSand

Postad
Postad

Har fått in polisvirus och kan inte komma in i datorn

Lägger ut min scannade fil från FRST64

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by SYSTEM on MININT-SHK88ST on 30-11-2014 17:46:29
Running from I:\
Platform: Windows 7 Home Premium (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [1704296 2014-06-13] (Baidu, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\mats\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\mats\...\Winlogon: [shell] C:\Users\mats\AppData\Roaming\Other.res [144384 2013-08-29] (Independent JPEG Group <www.ijg.org>) <==== ATTENTION 
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53320 2014-11-13] (Just Develop It) <==== ATTENTION
S4 BAVSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe [2038248 2014-06-13] (Baidu, Inc.)
S4 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [481432 2014-06-13] (Baidu, Inc.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 DCE; C:\Program Files\DCE\dce.exe [59392 2013-12-18] ()
S4 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [280120 2010-10-01] (Hewlett-Packard Company)
S4 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S4 Mobile Broadband. RunOuc; C:\Users\mats\Mobile Broadband\UpdateDog\ouc.exe [246112 2011-11-14] ()
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2010-03-06] (PDF Complete Inc)
S4 TrueMove H hi-speed connection. RunOuc; C:\Program Files (x86)\TrueMove H hi-speed connection\UpdateDog\ouc.exe [657504 2012-11-12] ()
S4 wifimansvc; C:\Program Files (x86)\TrueMove H hi-speed connection\eap\wifimansvc.exe [605696 2012-11-23] ()
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [148288 2014-03-26] (Baidu, Inc.)
S3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [24704 2014-05-27] (Baidu, Inc.)
S1 Bfilter; C:\windows\System32\drivers\Bfilter.sys [56640 2014-05-27] (Baidu, Inc.)
S1 Bfmon; C:\windows\System32\drivers\Bfmon.sys [37696 2014-05-27] (Baidu, Inc.)
S1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [91616 2014-05-27] (Baidu, Inc.)
S1 Bndef; C:\windows\System32\drivers\bndef64.sys [70912 2014-06-13] (Baidu, Inc.)
S1 Bprotect; C:\windows\System32\drivers\Bprotect.sys [144960 2014-06-13] (Baidu, Inc.)
S3 GTUHSBUS; C:\Windows\System32\DRIVERS\gtuhsbus.sys [88576 2009-05-13] (Option N.V.)
S3 GTUHSNDISIPXP; C:\Windows\System32\DRIVERS\gtuhs51.sys [129536 2009-05-13] (Option N.V.)
S3 GTUHSSER; C:\Windows\System32\DRIVERS\gtuhsser.sys [10496 2009-05-13] (Option N.V.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [241152 2012-12-03] (Huawei Technologies Co., Ltd.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-06-06] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-06-06] (CACE Technologies, Inc.)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [96384 2010-05-21] (Realtek Semiconductor Corp.)
S3 Spring; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [110336 2014-06-17] ()
S1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61120 2014-03-20] (StdLib)
S3 BprotectEx; \??\C:\windows\System32\drivers\BprotectEx.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-30 17:46 - 2014-11-30 17:46 - 00000000 ____D () C:\FRST
2014-11-30 10:56 - 2014-11-30 10:56 - 00000000 ____H () C:\Users\mats\BITF70A.tmp
2014-11-27 08:26 - 2014-11-30 10:56 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormats
2014-11-27 08:26 - 2014-11-30 10:56 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleFormats.job
2014-11-19 08:38 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-11-19 08:38 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2014-11-19 08:38 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 08:38 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 16:11 - 2014-11-18 16:11 - 00000000 ____D () C:\Users\mats\AppData\Local\{F19E241A-E88D-47EA-AC4A-8935CFFA15C2}
2014-11-18 08:39 - 2014-11-18 08:42 - 00000000 ____D () C:\05862ba5eff673bfe33526c2458e
2014-11-13 08:54 - 2014-11-13 08:54 - 00000000 __SHD () C:\Users\mats\AppData\Local\EmieBrowserModeList
2014-11-12 09:09 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-11-12 09:09 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-11-12 09:09 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-11-12 09:09 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-11-12 09:09 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2014-11-12 09:09 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-11-12 09:09 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2014-11-12 09:09 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2014-11-12 09:09 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 09:09 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 09:09 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 09:09 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 09:08 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-11-12 09:08 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 09:08 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-11-12 09:08 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-11-12 09:08 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-11-12 09:08 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-11-12 09:08 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-11-12 09:08 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-11-12 09:08 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-11-12 09:08 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-11-12 09:08 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-11-12 09:08 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-11-12 09:08 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-11-12 09:08 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-11-12 09:08 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-11-12 09:08 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-11-12 09:08 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 09:08 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-11-12 09:08 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-12 09:08 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-11-12 09:08 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 09:08 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 09:08 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 09:08 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 09:08 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 09:08 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-12 09:08 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 09:08 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 09:08 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 09:08 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-11-12 09:08 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 09:08 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-11-12 09:08 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 09:08 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 09:08 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-11-12 09:08 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 09:08 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 09:08 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-11-12 09:08 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-11-12 09:08 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-11-12 09:08 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-11-12 09:08 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 09:08 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 09:08 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 09:08 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-11-12 09:08 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 09:08 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 09:08 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 09:08 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 09:08 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-11-12 09:08 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-11-12 09:08 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 09:08 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-11-12 09:08 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 09:08 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 09:08 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 09:06 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\AUDIOKSE.dll
2014-11-12 09:06 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2014-11-12 09:06 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2014-11-12 09:06 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2014-11-12 09:06 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\EncDump.dll
2014-11-12 09:06 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 09:06 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 09:06 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 09:06 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-11-12 09:06 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-11-12 09:06 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-11-12 09:06 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-11-12 09:06 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-11-12 09:06 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-11-12 09:06 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 09:06 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 09:06 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 09:06 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 09:06 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 09:06 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 09:06 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-11-12 09:06 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-11-12 09:06 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 09:06 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 09:06 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2014-11-12 09:06 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 09:05 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2014-11-12 09:05 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 09:05 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2014-11-12 09:05 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 09:05 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-11-12 09:04 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2014-11-12 09:04 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-07 14:08 - 2014-11-18 15:49 - 00000746 _____ () C:\Windows\PFRO.log
2014-11-07 08:06 - 2014-11-07 08:06 - 01055936 _____ (Adobe) C:\Users\mats\Downloads\install_flashplayer15x32axau_mssa_aaa_aih.exe
2014-11-03 18:57 - 2014-11-03 18:57 - 00000000 ____D () C:\Users\mats\AppData\Local\{2649B50E-6626-4CB4-9887-D82D5AC5A10B}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-30 13:50 - 2010-12-07 20:09 - 00663818 _____ () C:\Windows\System32\perfh01D.dat
2014-11-30 13:50 - 2010-12-07 20:09 - 00142618 _____ () C:\Windows\System32\perfc01D.dat
2014-11-30 13:50 - 2009-07-14 06:13 - 01580554 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-11-30 13:27 - 2012-11-11 04:58 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 13:27 - 2011-07-06 18:50 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 13:27 - 2011-06-05 17:09 - 00001000 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-241389062-3633360052-1045992725-1001UA.job
2014-11-30 10:56 - 2011-06-03 09:38 - 00000000 ____D () C:\users\mats
2014-11-30 10:54 - 2009-07-14 05:45 - 00022704 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 10:54 - 2009-07-14 05:45 - 00022704 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 10:47 - 2013-01-28 06:26 - 00065536 _____ () C:\Windows\System32\Ikeext.etl
2014-11-30 10:47 - 2011-07-06 18:50 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 10:46 - 2014-10-21 06:26 - 00004536 _____ () C:\Windows\setupact.log
2014-11-30 10:46 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 10:21 - 2013-12-18 08:14 - 00000000 ____D () C:\ProgramData\Baidu
2014-11-30 10:21 - 2013-01-23 16:11 - 00000000 ____D () C:\Users\mats\AppData\Roaming\Skype
2014-11-30 10:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-11-30 09:57 - 2011-01-29 19:32 - 01662183 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 09:54 - 2013-11-24 12:23 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-11-30 09:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-11-30 09:53 - 2011-06-12 07:06 - 00000000 ____D () C:\Users\mats\AppData\Local\CrashDumps
2014-11-27 08:31 - 2013-03-17 19:30 - 00002354 _____ () C:\Users\mats\Desktop\Google Chrome.lnk
2014-11-22 16:48 - 2011-06-04 16:46 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-22 16:47 - 2011-10-30 05:39 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-19 09:10 - 2009-07-14 06:08 - 00032514 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-18 16:27 - 2011-06-05 17:09 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-241389062-3633360052-1045992725-1001Core.job
2014-11-18 16:22 - 2011-06-05 17:09 - 00003968 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-241389062-3633360052-1045992725-1001UA
2014-11-18 16:22 - 2011-06-05 17:09 - 00003572 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-241389062-3633360052-1045992725-1001Core
2014-11-14 08:38 - 2011-07-06 18:50 - 00003990 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 08:38 - 2011-07-06 18:50 - 00003738 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 16:08 - 2009-07-14 05:45 - 00268136 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-11-12 16:06 - 2014-05-06 16:05 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-11-12 09:35 - 2013-07-28 14:56 - 00000000 ____D () C:\Windows\System32\MRT
2014-11-12 09:24 - 2011-09-26 05:09 - 103374192 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-11-04 14:30 - 2011-06-03 09:54 - 00275080 _____ (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
 
Files to move or delete:
====================
C:\ProgramData\FileSplitUpLoad.dll
 
 
Some content of TEMP:
====================
C:\Users\mats\AppData\Local\Temp\yn-vhlvk.dll
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-09-15 14:16:22
Restore point made on: 2014-09-19 07:46:21
Restore point made on: 2014-09-23 07:46:42
Restore point made on: 2014-09-24 07:17:09
Restore point made on: 2014-09-30 13:32:54
Restore point made on: 2014-10-05 18:27:30
Restore point made on: 2014-10-05 18:51:55
Restore point made on: 2014-10-10 16:00:44
Restore point made on: 2014-10-14 13:34:32
Restore point made on: 2014-10-16 08:00:43
Restore point made on: 2014-10-17 07:39:20
Restore point made on: 2014-10-22 07:43:47
Restore point made on: 2014-10-28 08:44:15
Restore point made on: 2014-11-02 07:22:07
Restore point made on: 2014-11-07 08:23:04
Restore point made on: 2014-11-11 08:59:27
Restore point made on: 2014-11-12 09:21:06
Restore point made on: 2014-11-18 08:39:24
Restore point made on: 2014-11-19 09:05:00
Restore point made on: 2014-11-25 08:50:44
Restore point made on: 2014-11-30 09:58:55
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 1785.56 MB
Available physical RAM: 1258.64 MB
Total Pagefile: 1785.56 MB
Available Pagefile: 1250.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:280.79 GB) (Free:226.56 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:15 GB) (Free:2.79 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32
Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive i: () (Removable) (Total:7.47 GB) (Free:2.23 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D766B297)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2014-08-12 15:58
 
==================== End Of Log ============================

FRST.txt

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Hej Håkan!
 
SpyHunter som rekommenderas av många webbsidor är dåligt, och webbsidorna som rekommenderar det gör det bara för att de tjänar pengar när folk köper SpyHunter. Det är nödvändigt att köpa SpyHunter för att det ska åtgärda något.
 
Starta programmet Anteckningar.
Kopiera alla rader i rutan:

HKU\mats\...\Winlogon: [Shell] C:\Users\mats\AppData\Roaming\Other.res [144384 2013-08-29] (Independent JPEG Group <www.ijg.org>) <==== ATTENTION 
C:\Users\mats\AppData\Roaming\Other.res
Folder: C:\Users\mats\AppData\Roaming
File: C:\ProgramData\FileSplitUpLoad.dll
Folder: C:\users\mats
File: C:\Users\mats\AppData\Local\Temp\yn-vhlvk.dll

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på USB-minnet med namnet fixlist.txt.

På den infekterade datorn startar du FRST på samma sätt som sist.
Klicka på knappen Fix.
Vänta tills programmet är klart.

Programmet skapar en logg Fixlog.txt på USB-minnet.
Klistra in innehållet i den i ditt svar.

Kolla om det nu går att starta datorn på vanligt sätt.
Om det går så börja med att avinstallera "MyPC Backup" och flytta sen FRST från USB-minnet till skrivbordet.

Starta FRST.
Klicka på Scan-knappen.
När det är klart kommer det att ha skapats två loggar FRST.txt och Addition.txt på skrivbordet.
Klistra in dem i ditt svar men använd Spoiler-funktionen (tredje knappen) först så att du får särskilda Spoiler-taggar runt loggarna. Detta för att andra blir irriterade på att skrolla så mycket.

Länk till kommentar
Dela på andra webbplatser

Delta i dialogen

Du kan skriva svaret nu och registrera dig senare, Om du har ett konto, logga in nu för att svara på inlägget.

Gäst
Svara i detta ämne...

×   Du har klistrat in innehåll med formatering.   Ta bort formatering

  Only 75 emoji are allowed.

×   Din länk har automatiskt bäddats in.   Visa som länk istället

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Dela
Gå till ämneslista
×
×
  • Skapa nytt...