Just nu i M3-nätverket
Gå till innehåll

Uppdykande reklamsidor


Kjell S

Rekommendera Poster

Hej

 

Har fått in något i nätverket där när man klickar sig vidare på olika sidor får upp en reklamsida/fönster istället.

Reklamen är blandad från "seriös" till rent nonsens.

 

Samma sak i både Firefox och Explorer.

 

 

 

Addition txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by SEI (administrator) on SEI on 25-05-2015 08:19:43
Running from C:\Users\SEI\Downloads
Loaded Profiles: SEI (Available Profiles: SEI & uvh)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY (BIT Software)) C:\Program Files (x86)\ABBYY FineReader 9.0\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR ReadyNAS\Remote\bin\ReadyNASRemote.exe
(QNAP Systems, Inc.) C:\Program Files\QNAP\NetBak\Enclosure.exe
(QNAP Systems, Inc.) C:\Program Files\QNAP\NetBak\NetBak.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Mouse\Amoumain.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
( ) C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\System32\Dxpserver.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\photodownloader\Photodownloader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [WheelMouse] => C:\Program Files\Mouse\Amoumain.exe [204800 2013-09-11] ()
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QGet] => "C:\Program Files (x86)\QNAP\QGet\QGet.exe" /min
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-04-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-04-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2804353436-337155601-1946102144-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2804353436-337155601-1946102144-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\sspipes.scr [610304 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpyderUtility.lnk [2015-05-12]
ShortcutTarget: SpyderUtility.lnk -> C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ( )
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-02-03] (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2804353436-337155601-1946102144-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.se/?gws_rd=ssl
HKU\S-1-5-21-2804353436-337155601-1946102144-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: WsftpBrowserHelper Class -> {601ED020-FB6C-11D3-87D8-0050DA59922B} -> C:\Program Files (x86)\Ipswitch\WS_FTP Pro\wsbho2k0.dll [2004-08-18] (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-04-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2804353436-337155601-1946102144-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\SEI\AppData\Roaming\Mozilla\Firefox\Profiles\y5i80int.default
FF SelectedSearchEngine: Astromenda
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @cuminas.jp/DjVuPlugin -> C:\Program Files\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2014-04-12] (Cuminas Corporation)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2006-01-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll [2014-04-12] (Cuminas Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-30] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2804353436-337155601-1946102144-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2014-07-10] (Sony Network Entertainment International LLC)
FF user.js: detected! => C:\Users\SEI\AppData\Roaming\Mozilla\Firefox\Profiles\y5i80int.default\user.js [2014-10-03]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml [2015-04-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml [2015-04-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml [2015-04-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml [2015-04-16]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml [2015-04-16]
FF Extension: rollApp File Opener - C:\Users\SEI\AppData\Roaming\Mozilla\Firefox\Profiles\y5i80int.default\Extensions\extension@rollapp.com.xpi [2013-09-16]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-04-14]
 
Chrome: 
=======
CHR Profile: C:\Users\SEI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\SEI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-07]
CHR Extension: (Google Docs) - C:\Users\SEI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-07]
CHR Extension: (Google Drive) - C:\Users\SEI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-07]
CHR Extension: (YouTube) - C:\Users\SEI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-07]
CHR Extension: (Google Search) - C:\Users\SEI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-07]
CHR Extension: (Google Sheets) - C:\Users\SEI\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-07]
CHR Extension: (Bookmark Manager) - C:\Users\SEI\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Google Wallet) - C:\Users\SEI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-07]
CHR Extension: (Gmail) - C:\Users\SEI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-07]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2804353436-337155601-1946102144-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\ABBYY FineReader 9.0\NetworkLicenseServer.exe [566560 2007-11-02] (ABBYY (BIT Software)) []
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2013-09-11] ((Standard mouse types))
R3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2013-09-11] (A4Tech Co.,Ltd.)
R3 Fwleaf; C:\Windows\System32\DRIVERS\fwleaf.sys [27872 2013-12-23] (NETGEAR)
R3 leafnets; C:\Windows\System32\DRIVERS\leafnets.sys [29696 2013-02-05] (Leaf Networks)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 Spyder4; C:\Windows\System32\DRIVERS\dccmtr.sys [15360 2011-06-02] (Datacolor)
R3 QDrive; \??\C:\Users\SEI\AppData\Local\Temp\QDrive.sys [X]
R3 WPRO_41_1742; system32\drivers\WPRO_41_1742.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-25 08:19 - 2015-05-25 08:20 - 00019319 _____ () C:\Users\SEI\Downloads\FRST.txt
2015-05-25 08:19 - 2015-05-25 08:19 - 00000000 ____D () C:\FRST
2015-05-25 08:18 - 2015-05-25 08:18 - 02108416 _____ (Farbar) C:\Users\SEI\Downloads\FRST64.exe
2015-05-25 08:14 - 2015-05-25 08:14 - 00096784 _____ (CACE Technologies) C:\Windows\SysWOW64\WPRO_41_1742woem.tmp
2015-05-22 15:39 - 2015-05-22 15:39 - 06448912 _____ (Tim Kosse) C:\Users\SEI\Downloads\FileZilla_3.11.0_win64-setup.exe
2015-05-22 08:35 - 2015-05-22 08:36 - 00000000 ____D () C:\Users\SEI\Downloads\wetransfer-6b8617
2015-05-22 08:32 - 2015-05-22 08:32 - 00000000 ____D () C:\Users\SEI\Downloads\wetransfer-3a3fd3
2015-05-20 13:54 - 2015-05-20 13:57 - 22717056 _____ () C:\Users\SEI\Downloads\arkivdigital-installer-1.5.3-r1041.exe
2015-05-13 12:31 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 12:31 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:52 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 08:52 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 08:52 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 08:52 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 08:52 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 08:52 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 08:52 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 08:52 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 08:52 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 08:52 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 08:52 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 08:52 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 08:52 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 08:52 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 08:52 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 08:52 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 08:52 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 08:52 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 08:52 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 08:52 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 08:52 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 08:52 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 08:52 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 08:52 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 08:52 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 08:52 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 08:52 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 08:52 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 08:52 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 08:52 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 08:52 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 08:52 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 08:52 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 08:52 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 08:52 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 08:52 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 08:52 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 08:52 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 08:52 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 08:52 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 08:52 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 08:52 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 08:52 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 08:52 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 08:52 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 08:52 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 08:52 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 08:52 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 08:52 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 08:52 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 08:52 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 08:52 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 08:52 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 08:52 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 08:51 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 08:51 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 08:51 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 08:51 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 08:51 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 08:51 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 08:51 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 08:51 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 08:51 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 08:51 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 08:51 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 08:51 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 08:51 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 08:51 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 08:51 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 08:51 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 08:51 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 08:51 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 08:51 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 08:51 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 08:51 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 08:51 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 08:51 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 08:51 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 08:51 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 08:51 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 08:51 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 08:51 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 08:51 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 08:51 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 08:51 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 08:51 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 08:51 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 08:51 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 08:51 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 08:51 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 08:51 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 08:51 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 08:51 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 08:51 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 08:51 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 08:51 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 08:51 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 08:51 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 08:51 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 08:51 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 08:51 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 08:51 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 08:51 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 08:51 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 08:51 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 08:51 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 08:51 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 08:51 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 08:51 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 08:51 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 08:51 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 08:51 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 08:51 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 08:51 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 08:51 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 08:51 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 08:50 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 08:50 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 08:50 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 08:50 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 08:24 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 08:24 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 08:24 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 08:24 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 08:24 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 08:24 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 08:24 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 08:24 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 08:24 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 08:24 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 08:24 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 11:30 - 2015-05-12 11:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dccmtr_01001.Wdf
2015-05-12 11:25 - 2015-05-12 11:25 - 00002121 _____ () C:\Users\uvh\Desktop\Spyder4Pro 4.5.4.lnk
2015-05-12 11:25 - 2015-05-12 11:25 - 00002121 _____ () C:\Users\SEI\Desktop\Spyder4Pro 4.5.4.lnk
2015-05-12 11:25 - 2015-05-12 11:25 - 00000000 ____D () C:\Users\SEI\AppData\Local\Datacolor
2015-05-12 11:25 - 2015-05-12 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyder
2015-05-12 11:25 - 2008-01-30 17:36 - 00090112 _____ (MindVision Software) C:\Windows\unvise32.exe
2015-05-12 11:24 - 2015-05-12 11:25 - 00000000 ____D () C:\Program Files (x86)\Datacolor
2015-05-08 16:05 - 2015-05-08 16:06 - 52706585 _____ () C:\Users\SEI\Downloads\Kjell Svensson Vislanda.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-25 08:19 - 2013-07-22 13:26 - 01367736 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 08:15 - 2009-07-14 06:51 - 00082594 _____ () C:\Windows\setupact.log
2015-05-25 08:14 - 2014-08-25 08:19 - 00000000 ____D () C:\Users\SEI\AppData\Local\Adobe
2015-05-25 08:14 - 2014-07-10 08:30 - 00000430 _____ () C:\Windows\Tasks\{915ED9CB-7196-4396-8194-34519CCCA219}.job
2015-05-25 08:14 - 2013-11-05 11:56 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-25 08:12 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 08:12 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 08:04 - 2013-07-22 15:53 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-25 08:04 - 2010-11-21 05:47 - 00271624 _____ () C:\Windows\PFRO.log
2015-05-25 08:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-22 15:40 - 2014-10-03 14:12 - 00000000 ____D () C:\Users\SEI\AppData\Roaming\FileZilla
2015-05-22 15:31 - 2013-11-05 11:56 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-22 15:28 - 2013-12-16 09:54 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-22 08:33 - 2014-10-07 08:23 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-21 13:37 - 2013-07-22 23:22 - 00663498 _____ () C:\Windows\system32\perfh01D.dat
2015-05-21 13:37 - 2013-07-22 23:22 - 00142298 _____ () C:\Windows\system32\perfc01D.dat
2015-05-21 13:37 - 2009-07-14 07:13 - 01579238 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 08:21 - 2013-12-16 09:54 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-21 08:21 - 2013-07-23 15:42 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-21 08:21 - 2013-07-23 15:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-20 16:54 - 2015-04-07 16:24 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 16:54 - 2015-04-07 16:24 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 15:36 - 2014-03-03 11:25 - 00002233 _____ () C:\Users\SEI\Desktop\ArkivDigital online.lnk
2015-05-19 17:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-18 13:26 - 2013-11-05 11:56 - 00003990 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 13:26 - 2013-11-05 11:56 - 00003738 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 09:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-18 08:23 - 2015-04-14 10:29 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-05-18 08:23 - 2015-04-14 10:29 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-05-18 08:23 - 2015-04-14 10:29 - 00002028 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2015-05-18 08:23 - 2015-04-14 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-05-15 08:58 - 2013-08-08 08:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-15 08:38 - 2014-07-10 08:31 - 00000000 ____D () C:\Users\SEI\AppData\Local\ReadyNASRemote
2015-05-15 08:31 - 2009-07-14 06:45 - 05048960 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-15 08:29 - 2010-11-21 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 08:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 12:40 - 2013-07-23 11:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 12:38 - 2013-07-23 15:59 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-13 12:38 - 2013-07-23 15:59 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-13 12:38 - 2013-07-23 15:59 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-13 12:38 - 2013-07-23 15:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-13 12:31 - 2014-02-17 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 12:30 - 2014-02-17 17:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 12:30 - 2014-02-17 17:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 10:48 - 2013-07-23 08:45 - 00000000 ____D () C:\Users\SEI\Documents\Mallar
2015-05-11 08:49 - 2013-07-24 15:54 - 00000000 ____D () C:\Users\SEI\Documents\Diverse
 
==================== Files in the root of some directories =======
 
2013-12-19 11:22 - 2014-09-22 11:23 - 0000132 _____ () C:\Users\SEI\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-12-03 10:31 - 2013-12-03 10:31 - 0000268 ___RH () C:\Users\SEI\AppData\Roaming\Rock
2013-12-03 10:32 - 2013-12-03 10:32 - 0000268 ___RH () C:\Users\SEI\AppData\Roaming\Rock Kit
2013-12-03 10:31 - 2013-12-03 10:31 - 0000268 ___RH () C:\Users\SEI\AppData\Roaming\Rule Actions
2013-12-03 10:30 - 2013-12-03 10:30 - 0000268 ___RH () C:\Users\SEI\AppData\Roaming\Smooth Strings
2014-12-02 11:28 - 2014-12-02 11:28 - 0003584 _____ () C:\Users\SEI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-06 10:40 - 2015-03-11 12:46 - 0000600 _____ () C:\Users\SEI\AppData\Local\PUTTY.RND
2014-03-24 14:39 - 2014-03-24 14:39 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-12-03 10:30 - 2013-12-03 10:30 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2013-12-03 10:32 - 2013-12-03 10:32 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2013-12-03 10:31 - 2014-12-04 16:30 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2013-12-03 10:31 - 2014-12-04 16:29 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2013-12-03 10:31 - 2013-12-03 10:31 - 0000268 ___RH () C:\ProgramData\Sampler
2013-12-03 10:32 - 2013-12-03 10:32 - 0000268 ___RH () C:\ProgramData\Sampler Files
2013-12-03 10:31 - 2013-12-03 10:31 - 0000268 ___RH () C:\ProgramData\Sampler Instruments
2013-12-03 10:30 - 2013-12-03 10:31 - 0000012 ___RH () C:\ProgramData\Soundtrack
2013-12-03 10:32 - 2013-12-03 10:32 - 0000012 ___RH () C:\ProgramData\Spacious
2013-12-03 10:31 - 2013-12-03 10:31 - 0000012 ___RH () C:\ProgramData\Speech Enhancer
2015-04-08 16:27 - 2015-04-08 16:27 - 0000001 ____H () C:\ProgramData\T23J7
2013-12-03 10:30 - 2013-12-03 10:30 - 0000012 ___RH () C:\ProgramData\Techno Kit
2015-04-08 16:02 - 2015-04-10 11:01 - 0000128 ____H () C:\ProgramData\V93GE
 
Files to move or delete:
====================
C:\Windows\Tasks\{915ED9CB-7196-4396-8194-34519CCCA219}.job
 
 
Some files in TEMP:
====================
C:\Users\SEI\AppData\Local\Temp\AcDeltree.exe
C:\Users\SEI\AppData\Local\Temp\i4jdel0.exe
C:\Users\SEI\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\SEI\AppData\Local\Temp\optprosetup.exe
C:\Users\SEI\AppData\Local\Temp\ose00000.exe
C:\Users\SEI\AppData\Local\Temp\setup.exe
C:\Users\SEI\AppData\Local\Temp\_is12D7.exe
C:\Users\SEI\AppData\Local\Temp\_is4CFE.exe
C:\Users\SEI\AppData\Local\Temp\_is589A.exe
C:\Users\SEI\AppData\Local\Temp\_isD99C.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-15 09:36
 
==================== End of log ============================

Addition anteckningar.txt

Länk till kommentar
Dela på andra webbplatser

Hej!

 

1. Avinstallera "Java 7 Update 60" för det är en gammal programversion med kända säkerhetshål som kan utnyttjas av en webbsida för att infektera datorn. De flesta klarar sig bra utan Java men om du måste ha det så är det viktigt att alltid ha senaste versionen.

 

2. Spara AdwCleaner av Xplode på Skrivbordet: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.
Klicka på knappen Log file.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[R0].txt

Länk till kommentar
Dela på andra webbplatser

1 Java är borttaget.

 

2 Körde adwcleaner scan

 

# AdwCleaner v4.205 - Logfile created 25/05/2015 at 11:18:43

# Updated 21/05/2015 by Xplode
# Database : 2015-05-24.1 [server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : SEI - SEI
# Running from : C:\Users\SEI\Desktop\adwcleaner_4.205.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\SEI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage
File Found : C:\Users\SEI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage-journal
File Found : C:\Users\SEI\AppData\Roaming\Mozilla\Firefox\Profiles\y5i80int.default\user.js
File Found : C:\Users\uvh\AppData\Roaming\Mozilla\Firefox\Profiles\lw1er3j8.default\searchplugins\astromenda.xml
File Found : C:\Users\uvh\AppData\Roaming\Mozilla\Firefox\Profiles\lw1er3j8.default\user.js
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Users\SEI\AppData\Local\FileViewPro
Folder Found : C:\Users\SEI\AppData\Roaming\Solvusoft
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\en.softonic.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Mozilla Firefox v37.0.2 (x86 sv-SE)
 
[y5i80int.default] - Line Found : user_pref("browser.search.selectedEngine", "Astromenda");
[y5i80int.default] - Line Found : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_frg01_14_40_ch&cd=2XzuyEtN2Y1L1Qzu0B0CtAtDyD0B0CzyzyyE0Dzz0FyDzzyCtN0D0Tzu0StCtDtDyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzyt[...]
[y5i80int.default] - Line Found : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_frg01_14_40_ch&cd=2XzuyEtN2Y1L1Qzu0B0CtAtDyD0B0CzyzyyE0Dzz0FyDzzyCtN0D0Tzu0StCtDtDyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBz[...]
[y5i80int.default] - Line Found : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[y5i80int.default] - Line Found : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[y5i80int.default] - Line Found : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_frg01_14_40_ch&cd=2XzuyEtN2Y1L1Qzu0B0CtAtDyD0B0CzyzyyE0Dzz0FyDzzyCtN0D0Tzu0StCtDtDyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEt[...]
[lw1er3j8.default] - Line Found : user_pref("browser.search.selectedEngine", "Astromenda");
[lw1er3j8.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://astromenda.com/?f=1&a=ast_frg01_14_40_ch&cd=2XzuyEtN2Y1L1Qzu0B0CtAtDyD0B0CzyzyyE0Dzz0FyDzzyCtN0D0Tzu0StCtDtDyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V[...]
 
-\\ Google Chrome v43.0.2357.65
 
 
*************************
 
AdwCleaner[R0].txt - [4421 bytes] - [25/05/2015 11:18:43]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4480 bytes] ##########
 
 
Länk till kommentar
Dela på andra webbplatser

1. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Scan-knappen.
Vänta tills sökningen är klar.

Klicka på Clean-knappen.
Tryck på OK.
Tryck på OK fler gånger om det kommer upp meddelanden.

Datorn kommer att startas om, om den inte gör det automatiskt får du göra det själv.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner\AdwCleaner[s0].txt

 

 

2. Starta FRST.

Bocka för Addition.txt

Skanna med programmet och bifoga eller klistra in de två nya loggarna.

 

 

3. Skanna datorn online på http://www.eset.com/onlinescan/ och använd helst Internet Explorer till det.
För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Välj alternativet Enable detection of potentially unwanted applications.

Klicka på Advanced Settings.
Ta bort bocken framför Remove found threats.
Bocka för:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Klicka på Start

När skanningen är klar klicka på List of found threats, följt av Export to a text file. Spara till en fil på skrivbordet, öppna filen, kopiera resultatet och klistra sedan in det i ditt svar.

Länk till kommentar
Dela på andra webbplatser

3, Resultatet blev så här 

C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\Users\SEI\AppData\Local\Temp\optprosetup.exe multiple threats cleaned by deleting - quarantined
C:\Users\SEI\AppData\Local\Temp\is386526232\3520DE5D_stp\OptimizerPro3108.exe a variant of Win32/AdWare.SpeedingUpMyPC.N application cleaned by deleting - quarantined
C:\Users\SEI\Downloads\Setup_FileViewPro_[2015].exe Win32/Solvusoft.A potentially unwanted application deleted - quarantined
 
 
Vad jag hittat på nätet är att det troligen är rdsrv.com som vi fått in i nätet.
 
Kan detta vara något att försöka gå vidare med?
 
 
 
MVH.
Länk till kommentar
Dela på andra webbplatser

De där sidorna verkar bara vara ute efter att tjäna pengar på att sälja väldigt dåliga SpyHunter.

 

Det här är en pålitlig sida: http://malwaretips.com/blogs/remove-rdsrv-com-virus/

 

Men Step 1 där behöver man bara göra om flera datorer eller liknande, som är anslutna till samma router/gateway, har samma problem. Mycket viktigt att efteråt logga in på routern och ändra inloggningslösenordet samt förstås göra alla andra inställningar som behövs för att den ska fungera hemma hos dig. En router kan hackas på två sätt, antingen att man har ett skadligt program i datorn som loggar in i routern med hjälp av inloggningslösenordet eller att routern har kända säkerhetshål. När det gäller säkerhetshål är det viktigt att installera dess senaste firmware-version, som förhoppningsvis täpper till säkerhetshålet. Om du behöver hjälp med det får du skriva vad du har för router.

 

Step 2 är redan avklarad (hoppas jag fast du har inte lagt upp loggen i Eforum).

 

Step 3 kan du även ersätta med att ladda upp nya FRST-loggar så går jag igenom dem och ser om något mer olämpligt finns där.

 

Step 4 har jag inte varit med om att det behövs.

 

Step 5 kan vara bra om AdwCleaner och FRST inte räcker till men det är ovanligt.

Länk till kommentar
Dela på andra webbplatser

Tittar på den sidan.

 

En av de andra datorerna i nätet har fått ett "polismeddelande" för en stund sedan.

Så det tar sig...

 

MVH

Länk till kommentar
Dela på andra webbplatser

Då verkar det vara någon som hackat routern. Vad har du för router?

Länk till kommentar
Dela på andra webbplatser

Step 1

Uppdaterat routern.

Återställt till fabriksinställningarna.

Bytt lösenord.

 

Step 2

Ominstallerat webbläsarna

Tagit bort personliga inställningar.

Kört ADW Cleaner på alla maskiner.

På de flesta hittades inget alls, på några fanns endast något med e-bay.

 

Varit igång sedan morgonen och ingen har sett något, så hittills fungerar det.

Länk till kommentar
Dela på andra webbplatser

Bra!

 

Är Astromenda och pfkfdlcdbajamklbneflfbcmfgddmpae (annonsprogram) borta i en ny FRST-logg?

 

Är dessa två dolda mappar borta (de har med annonsprogram eller skadligt program att göra)?

2015-04-08 16:27 - 2015-04-08 16:27 - 0000001 ____H () C:\ProgramData\T23J7

2015-04-08 16:02 - 2015-04-10 11:01 - 0000128 ____H () C:\ProgramData\V93GE

Länk till kommentar
Dela på andra webbplatser

1. Du har många schemalagda uppgifter som innebär att installationsprogram startas. Är det meningen att det ska vara så?

Kolla i Kontrollpanelen - Administrationsverktyg - Schemaläggaren.

Några exempel:

Task: {0B1B54A0-C3D0-4FA3-AFA2-A3064D8EA9C3} - System32\Tasks\{3F52B8E5-1CA8-4C3C-A027-BEE9B8E790B9} => D:\Setup.exe
Task: {298F2CFD-A8FC-42D5-A6E1-999B13C64E33} - System32\Tasks\{279FD232-B2D6-49C1-A9FA-0433539A7021} => C:\Users\SEI\Desktop\Installationsprogram\CD-Emigranten 2001\CD1\Setup.exe [1999-03-23] (InstallShield Corporation, Inc.)

Task: {56FC59FE-EF06-4D99-A42A-62002128CAD7} - System32\Tasks\{B1FCC89B-3CA0-4A47-B595-03F3B69D1103} => D:\Setup.exe
Task: {6CF4798B-E94F-406D-8ACD-FD4BCD88ED23} - System32\Tasks\{1F3CF316-0E89-43BD-B73E-2B4FB55F4735} => D:\Setup.exe
 

 

2. Starta programmet Anteckningar.
Kopiera alla rader i rutan:

CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-2804353436-337155601-1946102144-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
R3 QDrive; \??\C:\Users\SEI\AppData\Local\Temp\QDrive.sys [X]
2015-04-08 16:27 - 2015-04-08 16:27 - 0000001 ____H () C:\ProgramData\T23J7
2015-04-08 16:02 - 2015-04-10 11:01 - 0000128 ____H () C:\ProgramData\V93GE
Reboot:

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.
Spara filen på skrivbordet med namnet fixlist.txt.

Stäng av alla program.
Starta FRST som finns på skrivbordet.
Klicka på knappen Fix.
Vänta tills programmet är klart.
Om datorn inte startas om automatiskt så gör det själv.

Programmet skapar en logg Fixlog.txt på skrivbordet.
Klistra in innehållet i den i ditt svar.

Länk till kommentar
Dela på andra webbplatser

Och här kommer fixlogen........................

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by SEI at 2015-05-28 09:03:22 Run:1
Running from C:\Users\SEI\Desktop
Loaded Profiles: SEI (Available Profiles: SEI & uvh)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-2804353436-337155601-1946102144-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
R3 QDrive; \??\C:\Users\SEI\AppData\Local\Temp\QDrive.sys [X]
2015-04-08 16:27 - 2015-04-08 16:27 - 0000001 ____H () C:\ProgramData\T23J7
2015-04-08 16:02 - 2015-04-10 11:01 - 0000128 ____H () C:\ProgramData\V93GE
Reboot:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-21-2804353436-337155601-1946102144-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value Removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
QDrive => Service stopped successfully.
QDrive => Service Removed successfully
C:\ProgramData\T23J7 => Moved successfully.
C:\ProgramData\V93GE => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 09:03:39 ====
 
 
MVH
Länk till kommentar
Dela på andra webbplatser

Om allt verkar vara bra nu så är det dags att ta bort FRST och AdwCleaner.

 

1. Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.
Klicka på Uninstall-knappen.

2. Ladda ner avinstallationsprogrammet OTC till Skrivbordet: http://oldtimer.geekstogo.com/OTC.exe
Dubbelklicka på filen för att starta programmet.
Tryck på knappen CleanUp! och FRST kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar.

3. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/
Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

Länk till kommentar
Dela på andra webbplatser

Hej igen.

 

Allting har fungerat bra, ingen maskin (20 st) i nätet har visat upp några underligheter.

 

Men nu är det måndag och samma sk-t har kommit tillbaka igen på flera maskiner. Reklam som dyker upp när man klickar. Tillbaka till ruta ett.

 

Om det har någon betydelse det vet jag inte men

Malwarebytes är igång på några maskiner och hindrar reklamfönster bland annat härifrån

rdsrv.com

184.173.133.154

port 49319

outbound

 

Detta problem ligger alltså kvar någonstans i nätverket som vi inte kom åt i vår senaste rensning.

 

mvh 

Länk till kommentar
Dela på andra webbplatser

Det enda positiva med detta är att det tar samtidigt bort all annan reklam, även på denna sida.

 

 

post-45064-0-49682100-1433144227_thumb.jpg

Länk till kommentar
Dela på andra webbplatser

Då får du logga in på routern och se vad det står att den har för DNS-inställningar.

 

Kolla också DNS-inställningarna i de datorer som verkar ha problem.

Kontrollpanelen - Nätverks- och delningscenter - Ändra inställningar för nätverkskort

Högerklicka på anslutningen - Egenskaper

Välj "Internet Protocol Version 4 ...  och sen klicka på Egenskaper.

Länk till kommentar
Dela på andra webbplatser

Helt tomt.

 

erhåll adress till DNS-server automatiskt är markerat.

Länk till kommentar
Dela på andra webbplatser

Routern (D-link DIR-100) har dynamisk IP och fälten primär och sekundär DNS är blanka.

Länk till kommentar
Dela på andra webbplatser

Välj att ställa in specifika DNS-servrar i stället för att se om det löser problemet, dels i datorer som har problem och dels i routern.

Om du inte vet vilka DNS-servrar som din internetleverantör har kan du välja OpenDNS:

https://www.opendns.com/

https://use.opendns.com/

 

Rensa sen med AdwCleaner i de datorer som har problem.

Länk till kommentar
Dela på andra webbplatser

Försöker ändra till angivna DNS-servar

Men Routern vill tvunget ha en MAC-adress också???

Länk till kommentar
Dela på andra webbplatser

Kan du göra en skärmbild (PrintScreen, Skärmklippverktyget) av hur det ser ut i routern när det gäller MAC-adress och DNS-servrar och så bifoga den i ditt svar (knappen "Använd fullständig editor")?

Länk till kommentar
Dela på andra webbplatser

Bild 1 som det ser ut med ifyllda uppgifter.

Bild 2 Efter save settings.

 

Hjälper heller inte att ta bort MAC numret.

Hjälper inte att byta till min egen MAC adress.

 

mvh

 

post-45064-0-63806900-1433228414_thumb.jpg

post-45064-0-64122500-1433228431_thumb.jpg

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...