Arkiverat

Detta ämne är nu arkiverat och det går inte längre svara i det.

goranl

Ransomware Process, hur blir jag av med det.

Recommended Posts

Har en Windows 7 maskin som smittats med ett hot som mitt Trend Micro antivirus identifierar som Ransomware Process, den kan inte sätta den i karantän men verkar blockera den då inget verkar ha krypterats eller spridits till andra datorer.

Den smittade filen heter Rpcnetp.exe. Den ligger som tjänst och process. Dödar jag processen kan jag ta bort filen men inte tjänsten men när jag startat om datorn är den tillbaka igen. Jag har kört Trends offline thret utility den identifierar 6 saker och tar bort dem men viruset är kvar som tidigare.

Någon som har några idéer?

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Hittat åtskilliga som inte hjälpt mig men inte denna, skall testas,

Tack Ollebull.

 

Edit: Det är inte samma detta gäller Rpcnet.exe vårat gäller Rpcnetp.exe.

Funkade tyvärr inte varken i normalt startläge eller Felsäkert.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-10-2015

Ran by Administratör (administrator) on RK-P-00142 (29-10-2015 17:06:14)

Running from C:\Users\Administratör\Desktop

Loaded Profiles: Administratör (Available Profiles: Administratör & Anno.Nym & install)

Platform: Windows 7 Professional Service Pack 1 (X64) Language: Svenska (Sverige)

Internet Explorer Version 10 (Default browser: IE)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe

() C:\Windows\System32\rpcnetp.exe

(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe

(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe

(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe

( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

() C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNt.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111488 2012-10-25] (Intel Corporation)

HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [1889632 2015-10-05] (Trend Micro Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-29] (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-29] (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-29] (Microsoft Corporation)

Startup: C:\Users\install\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Wireless Connection Utility.lnk [2015-06-01]

ShortcutTarget: Scanner Wireless Connection Utility.lnk -> C:\Program Files\Canon Electronics\Scanner Wireless Connection Utility\Connect.exe (Canon Electronics Inc.)

BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 172.16.30.22 172.16.40.22

Tcpip\..\Interfaces\{0FC09C32-088B-44BE-B0E9-F863C29ECE86}: [DhcpNameServer] 172.16.30.22 172.16.40.22

Tcpip\..\Interfaces\{82A3833B-1C9E-474C-AD67-467EF32134BF}: [DhcpNameServer] 172.16.30.22 172.16.40.22

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1295921429-91151344-429411169-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.)

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-10-29] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-29] (Microsoft Corporation)

BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmIEPlg32.dll [2014-06-10] (Trend Micro Inc.)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-27] (Oracle Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-10-29] (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-29] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-27] (Oracle Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)

Toolbar: HKU\S-1-5-21-1295921429-91151344-429411169-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-23] (Google Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-20] (Microsoft Corporation)

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.)

Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmIEPlg32.dll [2014-06-10] (Trend Micro Inc.)

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.0.1.5 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File]

FF Plugin-x32: @bankid.com/BankID säkerhetsprogram,version=6.3.0.6 -> C:\Program Files (x86)\BankID\npBispBrowser.dll [No File]

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-27] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-08-27] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-05-28] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-11-04] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\FirefoxExtension

FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\FirefoxExtension [2015-10-25]

StartMenuInternet: FIREFOX.EXE - C:\Users\Anno.Nym\AppData\Local\Mozilla Firefox\firefox.exe

 

Chrome: 

=======

CHR Profile: C:\Users\Administratör\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Presentationer) - C:\Users\Administratör\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-26]

CHR Extension: (Google Presentationer) - C:\Users\Administratör\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-26]

CHR Extension: (Google Drive) - C:\Users\Administratör\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]

CHR Extension: (YouTube) - C:\Users\Administratör\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-26]

CHR Extension: (Google Search) - C:\Users\Administratör\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]

CHR Extension: (Google Presentationer) - C:\Users\Administratör\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-26]

CHR Extension: (Google Presentationer) - C:\Users\Administratör\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-29]

CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Administratör\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-26]

CHR Extension: (Gmail) - C:\Users\Administratör\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-26]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)

S3 MerakiVNCService; C:\windows\TEMP\winvnc.exe [2048248 2013-10-01] (UltraVNC)

R2 ntrtscan; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [3966672 2015-10-05] (Trend Micro Inc.)

R2 svcGenericHost; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [72192 2015-10-16] (Trend Micro Inc.)

R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [584704 2015-07-23] () [File not signed]

R3 TmCCSF; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe [662384 2015-10-05] (Trend Micro Inc.)

R2 tmlisten; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [4115232 2015-10-05] (Trend Micro Inc.)

R3 TmProxy; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [929328 2014-01-22] (Trend Micro Inc.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-10-29] (Emsisoft GmbH)

S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)

R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2013-10-24] (RICOH Company, Ltd.)

R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [303952 2012-08-17] (silex technology, Inc.)

S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-28] (Todos Data System AB)

R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [119336 2015-07-28] () [File not signed]

R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [324824 2015-07-28] () [File not signed]

R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [79720 2015-07-28] () [File not signed]

R2 TmFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [351032 2014-08-30] (Trend Micro Inc.)

R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [44856 2014-08-30] (Trend Micro Inc.)

R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-01-09] (Trend Micro Inc.)

S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [35840 2009-07-14] (Microsoft Corporation) [File not signed]

R2 VSApiNt; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2316600 2014-08-30] (Trend Micro Inc.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-29 17:26 - 2015-10-29 17:28 - 00000000 ____D C:\TMRescueDisk

2015-10-29 17:06 - 2015-10-29 17:06 - 00015374 _____ C:\Users\Administratör\Desktop\FRST.txt

2015-10-29 17:03 - 2015-10-29 17:03 - 00017920 _____ C:\windows\system32\rpcnetp.exe

2015-10-29 16:45 - 2015-10-29 17:06 - 00000000 ____D C:\FRST

2015-10-29 16:44 - 2015-10-29 16:35 - 02197504 _____ (Farbar) C:\Users\Administratör\Desktop\FRST64.exe

2015-10-29 14:19 - 2015-10-29 14:42 - 00000000 ____D C:\EEK

2015-10-29 13:56 - 2015-10-29 14:38 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files

2015-10-29 13:55 - 2015-10-29 13:56 - 00717656 _____ (Kaspersky Lab) C:\Users\Administratör\Downloads\setup.exe

2015-10-29 12:09 - 2015-10-29 13:33 - 00000000 ____D C:\Users\Administratör\AppData\Local\NPE

2015-10-29 12:09 - 2015-10-29 12:09 - 10093544 _____ (Symantec Corporation) C:\Users\Administratör\Downloads\NPE.exe

2015-10-29 12:09 - 2015-10-29 12:09 - 00000000 ____D C:\ProgramData\Norton

2015-10-29 12:07 - 2015-10-29 12:07 - 02348928 _____ () C:\Users\Administratör\Downloads\Downadup.exe

2015-10-29 12:07 - 2015-10-29 12:07 - 00000000 ____D C:\Users\Administratör\AppData\Roaming\Macromedia

2015-10-29 11:54 - 2015-10-29 17:03 - 00017920 _____ C:\windows\SysWOW64\rpcnetp.exe

2015-10-29 11:06 - 2015-10-29 11:06 - 00003316 _____ C:\windows\SysWOW64\BroomData.bit

2015-10-29 11:06 - 2013-04-08 16:30 - 00022752 _____ C:\windows\system32\PCloudBroom64.exe

2015-10-29 10:50 - 2015-07-21 10:57 - 00039672 _____ C:\windows\system32\Drivers\DasPtct.SYS

2015-10-29 10:50 - 2015-01-29 19:21 - 00050320 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys

2015-10-29 10:39 - 2015-10-29 10:39 - 00000000 ____D C:\Program Files (x86)\Panda Security

2015-10-29 10:37 - 2015-10-29 10:37 - 34928184 _____ (Panda Security ) C:\Users\Administratör\Downloads\PandaCloudCleaner.exe

2015-10-28 08:29 - 2015-10-28 08:29 - 00000000 ____D C:\Users\Administratör\AppData\Roaming\Xerox

2015-10-27 08:51 - 2015-10-29 15:40 - 00000036 _____ C:\Users\Administratör\AppData\Local\housecall.guid.cache

2015-10-26 16:20 - 2015-10-26 16:20 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-10-26 16:18 - 2015-10-26 16:18 - 22908888 _____ (Malwarebytes ) C:\Users\Administratör\Downloads\mbam-setup-2.2.0.1024.exe

2015-10-26 15:35 - 2015-10-29 11:57 - 00000000 ____D C:\Users\Administratör\AppData\Roaming\Google

2015-10-26 15:34 - 2015-10-26 15:34 - 00000000 ____D C:\Users\Administratör\AppData\Roaming\Canon Electronics

2015-10-26 15:33 - 2015-10-26 15:35 - 00000000 ____D C:\Users\Administratör\AppData\Local\Google

2015-10-26 15:33 - 2015-10-26 15:33 - 00000000 _____ C:\Users\Administratör\AppData\Local\QSwitch.txt

2015-10-26 15:33 - 2015-10-26 15:33 - 00000000 _____ C:\Users\Administratör\AppData\Local\DSwitch.txt

2015-10-26 15:33 - 2015-10-26 15:33 - 00000000 _____ C:\Users\Administratör\AppData\Local\AtStart.txt

2015-10-26 09:20 - 2015-10-26 09:23 - 00000000 ____D C:\ProgramData\F-Secure

2015-10-25 15:59 - 2015-10-25 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Security Agent

2015-10-14 12:50 - 2015-09-29 04:16 - 05569472 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2015-10-14 12:50 - 2015-09-29 04:13 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll

2015-10-14 12:50 - 2015-09-29 04:11 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll

2015-10-14 12:50 - 2015-09-29 04:11 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll

2015-10-14 12:50 - 2015-09-29 04:11 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll

2015-10-14 12:50 - 2015-09-29 04:11 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll

2015-10-14 12:50 - 2015-09-29 04:11 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2015-10-14 12:50 - 2015-09-29 04:11 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2015-10-14 12:50 - 2015-09-29 04:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll

2015-10-14 12:50 - 2015-09-29 04:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll

2015-10-14 12:50 - 2015-09-29 04:10 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll

2015-10-14 12:50 - 2015-09-29 04:10 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll

2015-10-14 12:50 - 2015-09-29 04:10 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2015-10-14 12:50 - 2015-09-29 04:10 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll

2015-10-14 12:50 - 2015-09-29 04:10 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2015-10-14 12:50 - 2015-09-29 04:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe

2015-10-14 12:50 - 2015-09-29 04:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe

2015-10-14 12:50 - 2015-09-29 04:10 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll

2015-10-14 12:50 - 2015-09-29 04:10 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll

2015-10-14 12:50 - 2015-09-29 04:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2015-10-14 12:50 - 2015-09-29 04:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll

2015-10-14 12:50 - 2015-09-29 04:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe

2015-10-14 12:50 - 2015-09-29 04:09 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe

2015-10-14 12:50 - 2015-09-29 04:05 - 03990976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2015-10-14 12:50 - 2015-09-29 04:05 - 03936192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2015-10-14 12:50 - 2015-09-29 04:05 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll

2015-10-14 12:50 - 2015-09-29 04:05 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll

2015-10-14 12:50 - 2015-09-29 04:02 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:59 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2015-10-14 12:50 - 2015-09-29 03:59 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll

2015-10-14 12:50 - 2015-09-29 03:59 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll

2015-10-14 12:50 - 2015-09-29 03:59 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

2015-10-14 12:50 - 2015-09-29 03:59 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll

2015-10-14 12:50 - 2015-09-29 03:59 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll

2015-10-14 12:50 - 2015-09-29 03:58 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe

2015-10-14 12:50 - 2015-09-29 03:58 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll

2015-10-14 12:50 - 2015-09-29 03:58 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe

2015-10-14 12:50 - 2015-09-29 03:58 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

2015-10-14 12:50 - 2015-09-29 03:57 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll

2015-10-14 12:50 - 2015-09-29 03:57 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll

2015-10-14 12:50 - 2015-09-29 03:57 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll

2015-10-14 12:50 - 2015-09-29 03:57 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll

2015-10-14 12:50 - 2015-09-29 03:53 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll

2015-10-14 12:50 - 2015-09-29 03:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 03:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 02:50 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys

2015-10-14 12:50 - 2015-09-29 02:49 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys

2015-10-14 12:50 - 2015-09-29 02:49 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys

2015-10-14 12:50 - 2015-09-29 02:43 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe

2015-10-14 12:50 - 2015-09-29 02:43 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe

2015-10-14 12:50 - 2015-09-29 02:40 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 02:40 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 02:40 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-10-14 12:50 - 2015-09-29 02:40 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-10-14 12:50 - 2015-09-25 19:07 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll

2015-10-14 12:50 - 2015-09-25 19:07 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll

2015-10-14 12:50 - 2015-09-25 19:07 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll

2015-10-14 12:50 - 2015-09-25 19:07 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll

2015-10-14 12:50 - 2015-09-25 19:07 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll

2015-10-14 12:50 - 2015-09-25 19:07 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll

2015-10-14 12:50 - 2015-09-25 19:07 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll

2015-10-14 12:50 - 2015-09-25 19:06 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe

2015-10-14 12:50 - 2015-09-25 19:06 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll

2015-10-14 12:50 - 2015-09-25 19:06 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe

2015-10-14 12:50 - 2015-09-25 19:06 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll

2015-10-14 12:50 - 2015-09-25 18:59 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll

2015-10-14 12:50 - 2015-09-25 18:59 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll

2015-10-14 12:50 - 2015-09-25 18:59 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll

2015-10-14 12:50 - 2015-09-25 18:59 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll

2015-10-14 12:50 - 2015-09-25 18:58 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe

2015-10-14 12:50 - 2015-09-15 19:17 - 00157016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2015-10-14 12:50 - 2015-09-15 19:17 - 00097112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys

2015-10-14 12:50 - 2015-09-15 19:11 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2015-10-14 12:50 - 2015-09-15 19:11 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2015-10-14 12:50 - 2015-09-15 19:11 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll

2015-10-14 12:50 - 2015-09-15 19:11 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll

2015-10-14 12:50 - 2015-09-15 19:11 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll

2015-10-14 12:50 - 2015-09-15 19:11 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll

2015-10-14 12:50 - 2015-09-15 19:10 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe

2015-10-14 12:50 - 2015-09-15 18:36 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2015-10-14 12:50 - 2015-09-15 18:36 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll

2015-10-14 12:50 - 2015-09-15 18:36 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2015-10-14 12:50 - 2015-09-15 18:35 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2015-10-14 12:50 - 2015-08-06 19:04 - 14176768 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll

2015-10-14 12:50 - 2015-08-06 19:03 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll

2015-10-14 12:50 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll

2015-10-14 12:50 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll

2015-10-14 12:49 - 2015-10-01 19:06 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi

2015-10-14 12:49 - 2015-10-01 19:04 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi

2015-10-14 12:49 - 2015-10-01 19:00 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe

2015-10-14 12:49 - 2015-10-01 19:00 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll

2015-10-14 12:49 - 2015-10-01 19:00 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll

2015-10-14 12:49 - 2015-10-01 19:00 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll

2015-10-14 12:49 - 2015-10-01 19:00 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe

2015-10-14 12:49 - 2015-10-01 18:50 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll

2015-10-14 12:49 - 2015-10-01 18:00 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys

2015-10-14 12:48 - 2015-09-18 00:48 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2015-10-14 12:48 - 2015-09-18 00:48 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2015-10-14 12:48 - 2015-09-18 00:48 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll

2015-10-14 12:48 - 2015-09-18 00:48 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2015-10-14 12:48 - 2015-09-18 00:47 - 19280896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2015-10-14 12:48 - 2015-09-18 00:47 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2015-10-14 12:48 - 2015-09-18 00:47 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2015-10-14 12:48 - 2015-09-18 00:47 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2015-10-14 12:48 - 2015-09-18 00:46 - 15416320 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2015-10-14 12:48 - 2015-09-18 00:46 - 03960832 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2015-10-14 12:48 - 2015-09-18 00:46 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2015-10-14 12:48 - 2015-09-18 00:46 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2015-10-14 12:48 - 2015-09-18 00:46 - 00857600 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2015-10-14 12:48 - 2015-09-18 00:46 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2015-10-14 12:48 - 2015-09-18 00:46 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2015-10-14 12:48 - 2015-09-18 00:46 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2015-10-14 12:48 - 2015-09-18 00:46 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2015-10-14 12:48 - 2015-09-18 00:46 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2015-10-14 12:48 - 2015-09-18 00:46 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2015-10-14 12:48 - 2015-09-18 00:46 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2015-10-14 12:48 - 2015-09-18 00:46 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2015-10-14 12:48 - 2015-09-17 21:44 - 14290944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2015-10-14 12:48 - 2015-09-17 21:44 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2015-10-14 12:48 - 2015-09-17 21:44 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2015-10-14 12:48 - 2015-09-17 21:44 - 00525824 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll

2015-10-14 12:48 - 2015-09-17 21:44 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2015-10-14 12:48 - 2015-09-17 21:44 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2015-10-14 12:48 - 2015-09-17 21:44 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2015-10-14 12:48 - 2015-09-17 21:43 - 13775360 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2015-10-14 12:48 - 2015-09-17 21:43 - 02866176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2015-10-14 12:48 - 2015-09-17 21:43 - 02056704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2015-10-14 12:48 - 2015-09-17 21:43 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2015-10-14 12:48 - 2015-09-17 21:43 - 00715264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2015-10-14 12:48 - 2015-09-17 21:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2015-10-14 12:48 - 2015-09-17 21:43 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2015-10-14 12:48 - 2015-09-17 21:43 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2015-10-14 12:48 - 2015-09-17 21:43 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2015-10-14 12:48 - 2015-09-17 21:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

2015-10-14 12:48 - 2015-09-17 21:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2015-10-14 12:48 - 2015-09-17 21:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2015-10-14 12:48 - 2015-09-17 21:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2015-10-14 12:48 - 2015-09-17 19:58 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2015-10-14 12:48 - 2015-09-17 19:58 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2015-10-14 12:48 - 2015-09-17 19:31 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec

2015-10-14 12:48 - 2015-09-17 19:27 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec

2015-10-14 12:48 - 2015-09-17 19:06 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2015-10-14 12:48 - 2015-09-17 19:02 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe

2015-10-03 17:52 - 2015-10-29 12:08 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2015-10-03 17:52 - 2015-10-03 17:52 - 00002053 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

2015-10-03 17:52 - 2015-10-03 17:52 - 00000000 ____D C:\Program Files (x86)\Adobe

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-10-29 17:06 - 2014-08-27 04:10 - 01584693 _____ C:\windows\WindowsUpdate.log

2015-10-29 17:04 - 2015-03-04 13:48 - 00000990 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-29 17:04 - 2015-03-04 13:21 - 00009107 _____ C:\windows\TMFilter.log

2015-10-29 17:04 - 2015-03-04 13:20 - 01252038 _____ C:\windows\SysWOW64\TmInstall.log

2015-10-29 17:03 - 2015-02-20 09:17 - 00320086 _____ C:\windows\system32\TmInstall.log

2015-10-29 17:03 - 2014-08-27 04:10 - 00000104 _____ C:\windows\system32\config\netlogon.ftl

2015-10-29 17:03 - 2014-08-27 04:08 - 00017920 _____ C:\windows\SysWOW64\rpcnetp.dll

2015-10-29 17:03 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2015-10-29 17:03 - 2009-07-14 05:51 - 00043235 _____ C:\windows\setupact.log

2015-10-29 17:01 - 2010-11-21 12:38 - 00727618 _____ C:\windows\system32\perfh01D.dat

2015-10-29 17:01 - 2010-11-21 12:38 - 00162400 _____ C:\windows\system32\perfc01D.dat

2015-10-29 17:01 - 2009-07-14 06:13 - 01751278 _____ C:\windows\system32\PerfStringBackup.INI

2015-10-29 17:00 - 2015-03-04 13:48 - 00000994 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-29 17:00 - 2009-07-14 05:45 - 00035440 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-10-29 17:00 - 2009-07-14 05:45 - 00035440 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-10-29 16:56 - 2015-03-04 13:15 - 00000868 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2015-10-29 14:38 - 2010-11-21 04:47 - 00057882 _____ C:\windows\PFRO.log

2015-10-29 12:29 - 2015-02-20 10:36 - 00000000 ____D C:\Users\install

2015-10-29 12:14 - 2013-11-04 14:57 - 00000000 ____D C:\Program Files\Microsoft Office 15

2015-10-29 11:06 - 2015-09-09 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\upKeeper

2015-10-29 11:06 - 2015-06-01 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon DR-C125

2015-10-26 15:43 - 2015-05-28 15:32 - 00000000 ____D C:\Program Files (x86)\Dropbox

2015-10-26 15:33 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-10-24 11:40 - 2015-03-04 13:48 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-10-19 07:56 - 2015-03-04 13:15 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2015-10-19 07:56 - 2015-03-04 13:15 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-10-19 07:56 - 2015-03-04 13:15 - 00003806 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2015-10-16 08:17 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache

2015-10-15 07:11 - 2015-07-20 07:03 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task

2015-10-11 17:16 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF

2015-10-03 17:52 - 2014-08-27 11:45 - 00000000 ____D C:\ProgramData\Adobe

2015-10-03 17:50 - 2014-08-27 11:42 - 00000000 ____D C:\windows\system32\appmgmt

2015-10-03 17:44 - 2009-07-14 06:08 - 00032610 _____ C:\windows\Tasks\SCHEDLGU.TXT

 

==================== Files in the root of some directories =======

 

2015-10-26 15:33 - 2015-10-26 15:33 - 0000000 _____ () C:\Users\Administratör\AppData\Local\AtStart.txt

2015-10-26 15:33 - 2015-10-26 15:33 - 0000000 _____ () C:\Users\Administratör\AppData\Local\DSwitch.txt

2015-10-27 08:51 - 2015-10-29 15:40 - 0000036 _____ () C:\Users\Administratör\AppData\Local\housecall.guid.cache

2015-10-26 15:33 - 2015-10-26 15:33 - 0000000 _____ () C:\Users\Administratör\AppData\Local\QSwitch.txt

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\windows\system32\winlogon.exe => File is digitally signed

C:\windows\system32\wininit.exe => File is digitally signed

C:\windows\SysWOW64\wininit.exe => File is digitally signed

C:\windows\explorer.exe => File is digitally signed

C:\windows\SysWOW64\explorer.exe => File is digitally signed

C:\windows\system32\svchost.exe => File is digitally signed

C:\windows\SysWOW64\svchost.exe => File is digitally signed

C:\windows\system32\services.exe => File is digitally signed

C:\windows\system32\User32.dll => File is digitally signed

C:\windows\SysWOW64\User32.dll => File is digitally signed

C:\windows\system32\userinit.exe => File is digitally signed

C:\windows\SysWOW64\userinit.exe => File is digitally signed

C:\windows\system32\rpcss.dll => File is digitally signed

C:\windows\system32\dnsapi.dll => File is digitally signed

C:\windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-10-21 14:31

 

==================== End of FRST.txt ============================

Addition.txt

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Oj, det finns rester av flera antivirusprogram i den datorn och det kan orsaka olika problem.

 

Avinstallera "Java 7 Update 45" eftersom det är en gammal version med kända säkerhetshål som gör det lätt att infektera datorn från en webbsida. De flesta behöver inte ha Java installerat men om du måste är det viktigt att alltid ha senaste versionen.

 

Ladda upp filen C:\windows\system32\rpcnetp.exe på sidan http://www.virustotal.comoch klicka sen på Scan it!. Om det kommer upp en fråga om filen ska analyseras om så välj det alternativet. Vänta tills resultatet är klart. Klistra in länken (webbadressen) till resultatet här.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Oj, det finns rester av flera antivirusprogram i den datorn och det kan orsaka olika problem.

Det är troligen de scannar som använts för att försöka bli av med elakingen.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Ser ju inte ut att vara en skadlig fil och därmed troligen ett falsklarm av TrendMicro.

 

Fick du inte upp en fråga om att analysera om filen?

För det är ju alltid lite säkrare att göra det.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

6 registerposter alltså. Den andra lär väl handla om startsidan i Internet Explorer och den ser helt normal ut i FRST-loggen, dvs ingen. Den efter den om skrivbordsbakgrunden och om du inte har märkt att bakgrunden har ändrats är allt bra. Den näst sista är väl att du (något av kontona) har valt att inte se filändelser (.txt osv), det är ju inte precis något hot. De övriga kan jag inte lista ut när registerposterna är klippta i mitten.

 

Men jag skulle inte tro att det är något där som betyder att datorn är infekterad.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Tack för hjälpen,

Det hopplösa är att det går inte att ta bort den, jag kan radera men efter en omstart är den tillbaka och Trend konsolen skickar ett mejl var tionde minut och talar om att datorerna är smittade.

Hade hoppats på att slippa installera om, i och med att jag inte vet var den kom ifrån.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Ingen orsak :)

 

Finns det ingen vitlistning i Trend Micro, dvs en lista där man kan skriva in filer och/eller mappar som ska ignoreras vid kontroller?

Dessutom bör du förstås skicka in det som "false positive" till Trend Micro så att de kan uppdatera sina definitioner.

http://docs.trendmicro.com/all/ent/iwsva/v6.5/en-us/iwsva_6.5_olh/false_positives.htm

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Jag skall avinstallera antivirusprogramet på maskinen i isolerad miljö och se om den får för sig att hitta på något j**velstyg förs och sedan installera om den. Sätter problemet som löst och öppnar en ny tråd om det skulle vara aktuellt.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Jag tror inte din dator har varit infekterad utan att det bara är Trend Micro som fått fnatt. Rpcnetp.exe/dll har jag sett i loggar från många datorer och just de versioner av filerna som du har är flera år gamla enligt Virustotal. Om det verkligen var något skadligt i dem skulle många antivirusprogram reagera på dem vid det här laget.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Fick denna info från en av mina kontakter i helgen:

 

Det skulle kunna vara så att det inte har varit något virus utan att Trend har reagerat på LoJack från Computrace. Tydligen är det ett program som ligger i BIOS på en hel del datormodeller som en spårningsfunktion vid stöld. Den lägger nämligen upp en fil som heter rpcnetp.exe i System32 varje gång datorn startar.

 

Det stämmer med uppförandet och efter att jag lagt ett case hos Trend så har det försvunnit med morgonens mönsteruppdatering.

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

  • Liknande innehåll

    • Av Appcon
      Hur i h... kan man komma ur denna knipa? Lyckligtvis har jag backuper på de flesta filer jag själv skapat.
      Men Office-paketet tex har fått sätta "livet" till.
      Finns det något sätt att fixa detta utan att betala en massa till en idiot någonstans.
      Hur jag fått skiten vet jag ej. Har köpt "TotalAV" som rensat bort en hel del skit, men filerna med ".grovas" som efternamn hur gör man här?
      SOM SAGT HJÄLP - VAD GÖR JAG?
       
      Nedanstående finner man i en  "_readme.txt " -fil som finns ite överallt.
      ATTENTION!
      Don't worry my friend, you can return all your files!
      All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
      The only method of recovering files is to purchase decrypt tool and unique key for you.
      This software will decrypt all your encrypted files.
      What guarantees you have?
      You can send one of your encrypted file from your PC and we decrypt it for free.
      But we can decrypt only 1 file for free. File must not contain valuable information.
      You can get and look video overview decrypt tool:
      https://we.tl/t-hK4tAv2Ed9
      Price of private key and decrypt software is $980.
      Discount 50% available if you contact us first 72 hours, that's price for you is $490.
      Please note that you'll never restore your data without payment.
      Check your e-mail "Spam" folder if you don't get answer more than 6 hours.

      To get this software you need write on our e-mail:
      merosa@india.com
      Reserve e-mail address to contact us:
      merosa@firemail.cc
      Your personal ID:
      058dfgdgydktreco6e9qKC5tAMemk6Aen1HtdHMFcecBc4xIq3PE5sy