Just nu i M3-nätverket
Gå till innehåll

bb80

Medlem
  • Antal inlägg

    31
  • Gick med

  • Senaste besök

  1. Det är en gamal dator. Det blåser lite där och blir varm på vänster sida
  2. Hej har problem med min dator den startar inte. När jag försöker starta do kommer det en sida med systemåterställning klickar jag på den då är det igång en liten stund och datorn stängs av. Ibland kommer blå skärm med några siffror
  3. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2012 Ran by SYSTEM at 15-10-2012 00:52:03 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp [20451592 2010-03-10] (Motorola, Inc.) HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x] HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6234144 2010-03-13] (Realtek Semiconductor) HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.) HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-04-24] (Sun Microsystems, Inc.) HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-01-27] (Hewlett-Packard) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation) HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-03-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED [3331944 2009-12-03] (Symantec Corporation) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-01-25] (EasyBits Software AS) HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.) HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] () HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] () HKU\Lumturije\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] () HKU\Lumturije\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-02-22] (Hewlett-Packard Company) HKU\Lumturije\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation) HKU\Lumturije\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe -update activex [690096 2012-10-02] (Adobe Systems Incorporated) HKU\Lumturije\...\Policies\system: [DisableLockWorkstation] 0 HKU\Lumturije\...\Policies\system: [DisableChangePassword] 0 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk ShortcutTarget: BankID säkerhetsprogram.lnk -> C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB) ==================== Services (Whitelisted) =================== 2 bProtector; C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe [1441784 2012-05-06] (bProtector) 2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] () 2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [346976 2011-03-14] () 2 IBUpdaterService; "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [396088 2012-05-06] () 2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation) 3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation) ==================== Drivers (Whitelisted) ===================== 3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [40960 2010-03-01] (Motorola, Inc.) 3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2011-12-29] (Huawei Technologies Co., Ltd.) 3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.) 3 catchme; \??\C:\ComboFix\catchme.sys [x] 3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-10-14 14:42 - 2012-10-14 14:42 - 00000000 ____D C:\FRST 2012-10-14 14:33 - 2012-10-14 14:33 - 01456929 ____A (Farbar) C:\Users\Lumturije\Downloads\FRST64.exe 2012-10-11 03:19 - 2012-10-11 18:17 - 00000000 ____D C:\Users\Lumturije\AppData\Local\{6AF4C458-DF7B-42C3-AFDA-CE4537C58B70} 2012-10-09 15:34 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2012-10-09 15:33 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-10-09 15:33 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-10-09 15:33 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-10-09 15:33 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2012-10-09 15:33 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2012-10-09 15:33 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2012-10-09 15:33 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2012-10-09 15:33 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2012-10-09 15:33 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2012-10-09 15:33 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2012-10-09 15:33 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2012-10-09 15:33 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2012-10-09 15:33 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2012-10-09 15:33 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2012-10-09 15:33 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2012-10-09 15:33 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2012-10-09 15:33 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2012-10-09 15:33 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-09 15:33 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2012-10-09 15:32 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-10-09 15:32 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2012-10-09 15:32 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-10-09 15:32 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2012-10-09 15:32 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2012-10-09 15:32 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2012-10-09 15:32 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-10-09 15:32 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-10-09 15:32 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-10-09 15:32 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-10-09 15:31 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-10-09 15:31 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-10-07 09:57 - 2012-10-07 09:57 - 00000000 ____D C:\Users\Lumturije\AppData\Local\{D87CE8C4-75D4-49A0-996A-E5249E703121} 2012-10-05 12:01 - 2012-10-05 12:01 - 00000000 ____D C:\Users\Lumturije\AppData\Local\{3DCD074D-822E-400B-A833-F4E4463F3F70} 2012-10-04 11:20 - 2012-10-04 11:20 - 00001640 ____A C:\Users\Lumturije\Desktop\RKreport[6].txt 2012-10-04 11:18 - 2012-10-04 11:18 - 00002274 ____A C:\Users\Lumturije\Desktop\RKreport[5].txt 2012-10-04 11:18 - 2012-10-04 11:18 - 00002256 ____A C:\Users\Lumturije\Desktop\RKreport[4].txt 2012-10-04 11:16 - 2012-10-04 11:16 - 00003737 ____A C:\Users\Lumturije\Desktop\RKreport[3].txt 2012-10-04 11:14 - 2012-10-04 11:14 - 00002606 ____A C:\Users\Lumturije\Desktop\RKreport[2].txt 2012-10-04 05:58 - 2012-10-04 05:58 - 00002560 ____A C:\Users\Lumturije\Desktop\RKreport[1].txt 2012-10-04 05:55 - 2012-10-04 11:16 - 00000000 ____D C:\Users\Lumturije\Desktop\RK_Quarantine 2012-10-04 05:55 - 2012-10-04 05:55 - 01422336 ____A C:\Users\Lumturije\Desktop\RogueKiller.exe 2012-10-04 04:49 - 2012-10-04 04:49 - 00078758 ____A C:\Users\Lumturije\Desktop\OTL.Txt 2012-10-03 16:50 - 2012-10-03 16:50 - 00601088 ____A (OldTimer Tools) C:\Users\Lumturije\Desktop\OTL.exe 2012-10-03 05:18 - 2012-10-03 05:18 - 00021552 ____A C:\ComboFix.txt 2012-10-02 04:37 - 2012-10-02 04:37 - 00001974 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-09-29 03:33 - 2012-09-29 03:32 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-09-29 03:33 - 2012-09-29 03:32 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-09-29 03:32 - 2012-09-29 03:32 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-09-29 03:32 - 2012-09-29 03:32 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-09-29 03:32 - 2012-09-29 03:32 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2012-09-28 09:44 - 2012-09-28 09:44 - 00000785 ____A C:\Users\Lumturije\Documents\eset online.txt 2012-09-28 06:16 - 2012-09-28 06:16 - 00000000 ____D C:\Program Files (x86)\ESET 2012-09-28 06:04 - 2012-09-28 06:20 - 00000000 ___HD C:\Windows\AxInstSV 2012-09-27 11:55 - 2012-09-27 11:55 - 00001193 ____A C:\Users\Lumturije\Desktop\ComboFix - genväg.lnk 2012-09-26 17:52 - 2012-09-26 17:53 - 00000000 ____D C:\Users\Lumturije\AppData\Local\{913A01DA-6095-4AD9-B94A-E5B6FC06762E} 2012-09-26 05:14 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-09-26 05:14 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-09-26 05:14 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-09-26 05:14 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-09-26 05:14 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-09-26 05:14 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-09-26 05:14 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-09-26 05:14 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-09-26 05:13 - 2012-10-03 05:18 - 00000000 ____D C:\Qoobox 2012-09-26 05:12 - 2012-09-27 12:12 - 00000000 ____D C:\Windows\erdnt 2012-09-26 05:10 - 2012-09-26 05:11 - 04756346 ____A (Swearware) C:\Users\Lumturije\Downloads\ComboFix (1).exe 2012-09-26 05:09 - 2012-10-02 04:38 - 04759935 ____R (Swearware) C:\Users\Lumturije\Downloads\ComboFix.exe 2012-09-26 03:55 - 2012-09-26 03:56 - 00607260 ____R (Swearware) C:\Users\Lumturije\Downloads\dds.com 2012-09-26 03:44 - 2012-09-26 03:45 - 00607260 ____R (Swearware) C:\Users\Lumturije\Downloads\dds (1).scr 2012-09-26 03:31 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2012-09-26 03:26 - 2012-09-26 03:26 - 00000000 ____D C:\Users\Lumturije\AppData\Local\{FEFAB95E-6196-432C-9A52-A83CD77F0C72} 2012-09-25 17:43 - 2012-09-25 17:43 - 00000000 ____D C:\_OTL 2012-09-25 17:23 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-09-25 17:23 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-09-25 17:23 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-09-25 17:23 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-09-25 17:22 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-09-25 17:22 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-09-25 17:22 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-09-25 17:22 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-09-25 17:22 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-09-25 17:22 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-09-25 17:22 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-09-25 17:22 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-09-25 17:22 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-09-25 17:22 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-09-25 17:22 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-09-25 17:22 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-09-25 17:22 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-09-25 17:22 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-09-25 17:22 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-09-25 17:22 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-09-25 17:22 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-09-25 17:22 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-09-25 17:22 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-09-25 17:22 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-09-25 17:22 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-09-25 17:22 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-09-25 17:22 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-09-25 17:22 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-09-25 17:22 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-09-25 17:22 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-09-25 17:22 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-09-25 17:22 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-09-25 10:42 - 2012-09-25 10:42 - 00139264 ____A C:\Users\Lumturije\Downloads\SystemLook (1).exe 2012-09-25 10:40 - 2012-09-25 10:40 - 00139264 ____A C:\Users\Lumturije\Downloads\SystemLook.exe 2012-09-25 10:36 - 2012-09-25 10:36 - 00607260 ____R (Swearware) C:\Users\Lumturije\Downloads\dds.scr 2012-09-25 05:43 - 2012-10-11 04:29 - 00002514 ____A C:\Users\Lumturije\Desktop\Google Chrome.lnk 2012-09-25 05:41 - 2012-10-14 14:23 - 00001020 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000UA.job 2012-09-25 05:41 - 2012-10-12 09:51 - 00000968 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000Core.job 2012-09-25 05:41 - 2012-09-25 05:43 - 00000000 ____D C:\Users\Lumturije\AppData\Local\Google 2012-09-25 05:41 - 2012-09-25 05:41 - 00000000 ____D C:\Users\Lumturije\AppData\Local\Deployment 2012-09-25 05:41 - 2012-09-25 05:41 - 00000000 ____D C:\Users\Lumturije\AppData\Local\Apps\2.0 2012-09-24 17:30 - 2012-09-24 17:32 - 00075190 ____A C:\Users\All Users\fhfewfrhrfyolwk 2012-09-23 04:50 - 2012-09-23 04:50 - 00000000 ____D C:\Users\Lumturije\AppData\Local\{0107D964-9FC3-4383-BCF0-D3E5C1A79B65} 2012-09-20 11:18 - 2012-09-20 11:18 - 00000000 ____D C:\Users\Lumturije\AppData\Roaming\Frolundadata 2012-09-20 11:17 - 2012-09-20 11:17 - 00000000 ____D C:\ljudfiler 2012-09-20 11:17 - 2012-09-20 11:17 - 00000000 ____D C:\bin 2012-09-20 11:17 - 2012-09-20 11:16 - 00000931 ____A C:\Windows\VIXUNIN.EXE.manifest 2012-09-20 11:16 - 2012-09-20 11:38 - 00000000 ____D C:\Users\Lumturije\Desktop\Talande T 2012-09-20 11:13 - 2012-09-20 11:13 - 00000000 ____D C:\Users\Lumturije\Application Data\Acapela Group 2012-09-20 11:07 - 2012-09-20 11:07 - 00000000 ____D C:\Users\Lumturije\AppData\Roaming\Oribi 2012-09-20 11:07 - 2012-09-20 11:07 - 00000000 ____D C:\Users\All Users\Oribi 2012-09-20 11:06 - 2012-09-20 11:06 - 00000047 ____A C:\Windows\Wivox.ini 2012-09-20 11:05 - 2012-09-20 11:06 - 00000000 ____D C:\Program Files (x86)\SpellRight 2012-09-20 11:05 - 2012-09-20 11:05 - 00001835 ____A C:\Users\Public\Desktop\SpellRight.lnk 2012-09-20 11:05 - 2012-04-13 03:44 - 02562048 ____A C:\Windows\SysWOW64\sre32rx.dll 2012-09-20 11:05 - 2012-03-12 22:58 - 01479600 ____A (Chant Inc.) C:\Windows\SysWOW64\CSpeechKit.dll 2012-09-20 11:05 - 2011-01-21 14:21 - 00797184 ____A (Antony Lewis) C:\Windows\SysWOW64\WWDevCOM3.dll 2012-09-20 10:26 - 2012-09-20 10:26 - 00000000 ____D C:\Users\Lumturije\AppData\Local\ScanDis 2012-09-20 10:25 - 2012-09-20 10:35 - 00002769 ____A C:\Users\Public\Desktop\ViTal.lnk 2012-09-20 10:24 - 2012-09-20 10:24 - 00000000 ____D C:\Program Files (x86)\ScanDis 2012-09-20 10:17 - 2012-09-25 14:25 - 00000000 ____D C:\ScanDis.Lic 2012-09-20 10:06 - 2012-09-20 10:26 - 00000022 ____A C:\Users\Lumturije\Desktop\talande tangentbord.zip 2012-09-17 17:26 - 2012-09-17 17:27 - 00002482 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk 2012-09-17 17:26 - 2012-09-17 17:26 - 00000000 ____D C:\Users\Lumturije\AppData\Roaming\WildTangent 2012-09-17 17:25 - 2012-09-17 17:26 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2012-09-16 12:09 - 2012-09-17 04:55 - 00000000 ____D C:\Users\Lumturije\AppData\Local\{CAB15724-2542-4EC1-9A58-498ADDC651F0} ==================== 3 Months Modified Files ================== 2012-10-14 14:43 - 2011-06-12 05:25 - 00262144 ____A C:\Windows\System32\Ikeext.etl 2012-10-14 14:43 - 2010-07-15 08:11 - 02039353 ____A C:\Windows\WindowsUpdate.log 2012-10-14 14:33 - 2012-10-14 14:33 - 01456929 ____A (Farbar) C:\Users\Lumturije\Downloads\FRST64.exe 2012-10-14 14:25 - 2009-07-13 20:51 - 00108348 ____A C:\Windows\setupact.log 2012-10-14 14:23 - 2012-09-25 05:41 - 00001020 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000UA.job 2012-10-13 12:21 - 2012-09-08 13:10 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForLumturije.job 2012-10-13 12:20 - 2011-02-27 12:41 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2012-10-13 09:01 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-10-13 09:01 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-10-12 09:51 - 2012-09-25 05:41 - 00000968 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000Core.job 2012-10-11 04:29 - 2012-09-25 05:43 - 00002514 ____A C:\Users\Lumturije\Desktop\Google Chrome.lnk 2012-10-11 03:16 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-10-09 21:53 - 2011-02-27 17:16 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-10-04 11:20 - 2012-10-04 11:20 - 00001640 ____A C:\Users\Lumturije\Desktop\RKreport[6].txt 2012-10-04 11:18 - 2012-10-04 11:18 - 00002274 ____A C:\Users\Lumturije\Desktop\RKreport[5].txt 2012-10-04 11:18 - 2012-10-04 11:18 - 00002256 ____A C:\Users\Lumturije\Desktop\RKreport[4].txt 2012-10-04 11:16 - 2012-10-04 11:16 - 00003737 ____A C:\Users\Lumturije\Desktop\RKreport[3].txt 2012-10-04 11:14 - 2012-10-04 11:14 - 00002606 ____A C:\Users\Lumturije\Desktop\RKreport[2].txt 2012-10-04 05:58 - 2012-10-04 05:58 - 00002560 ____A C:\Users\Lumturije\Desktop\RKreport[1].txt 2012-10-04 05:55 - 2012-10-04 05:55 - 01422336 ____A C:\Users\Lumturije\Desktop\RogueKiller.exe 2012-10-04 04:49 - 2012-10-04 04:49 - 00078758 ____A C:\Users\Lumturije\Desktop\OTL.Txt 2012-10-03 16:50 - 2012-10-03 16:50 - 00601088 ____A (OldTimer Tools) C:\Users\Lumturije\Desktop\OTL.exe 2012-10-03 05:18 - 2012-10-03 05:18 - 00021552 ____A C:\ComboFix.txt 2012-10-03 05:12 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-10-03 04:53 - 2011-02-27 12:51 - 00392056 ____A C:\Windows\PFRO.log 2012-10-02 04:38 - 2012-09-26 05:09 - 04759935 ____R (Swearware) C:\Users\Lumturije\Downloads\ComboFix.exe 2012-10-02 04:37 - 2012-10-02 04:37 - 00001974 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-10-02 04:35 - 2012-05-01 15:33 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-10-02 04:35 - 2011-07-30 09:00 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-09-29 03:32 - 2012-09-29 03:33 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-09-29 03:32 - 2012-09-29 03:33 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-09-29 03:32 - 2012-09-29 03:32 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-09-29 03:32 - 2012-09-29 03:32 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-09-29 03:32 - 2012-09-29 03:32 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2012-09-28 09:44 - 2012-09-28 09:44 - 00000785 ____A C:\Users\Lumturije\Documents\eset online.txt 2012-09-27 11:55 - 2012-09-27 11:55 - 00001193 ____A C:\Users\Lumturije\Desktop\ComboFix - genväg.lnk 2012-09-26 17:26 - 2011-02-27 13:42 - 00002155 ____A C:\Windows\epplauncher.mif 2012-09-26 17:26 - 2010-04-24 18:18 - 00638672 ____A C:\Windows\System32\perfh01D.dat 2012-09-26 17:26 - 2010-04-24 18:18 - 00128552 ____A C:\Windows\System32\perfc01D.dat 2012-09-26 05:11 - 2012-09-26 05:10 - 04756346 ____A (Swearware) C:\Users\Lumturije\Downloads\ComboFix (1).exe 2012-09-26 03:56 - 2012-09-26 03:55 - 00607260 ____R (Swearware) C:\Users\Lumturije\Downloads\dds.com 2012-09-26 03:45 - 2012-09-26 03:44 - 00607260 ____R (Swearware) C:\Users\Lumturije\Downloads\dds (1).scr 2012-09-25 10:42 - 2012-09-25 10:42 - 00139264 ____A C:\Users\Lumturije\Downloads\SystemLook (1).exe 2012-09-25 10:40 - 2012-09-25 10:40 - 00139264 ____A C:\Users\Lumturije\Downloads\SystemLook.exe 2012-09-25 10:36 - 2012-09-25 10:36 - 00607260 ____R (Swearware) C:\Users\Lumturije\Downloads\dds.scr 2012-09-24 17:32 - 2012-09-24 17:30 - 00075190 ____A C:\Users\All Users\fhfewfrhrfyolwk 2012-09-20 11:16 - 2012-09-20 11:17 - 00000931 ____A C:\Windows\VIXUNIN.EXE.manifest 2012-09-20 11:16 - 2007-06-25 10:37 - 00225280 ____A (SamLogic) C:\Windows\VIXUNIN.EXE 2012-09-20 11:06 - 2012-09-20 11:06 - 00000047 ____A C:\Windows\Wivox.ini 2012-09-20 11:05 - 2012-09-20 11:05 - 00001835 ____A C:\Users\Public\Desktop\SpellRight.lnk 2012-09-20 10:35 - 2012-09-20 10:25 - 00002769 ____A C:\Users\Public\Desktop\ViTal.lnk 2012-09-20 10:26 - 2012-09-20 10:06 - 00000022 ____A C:\Users\Lumturije\Desktop\talande tangentbord.zip 2012-09-17 17:27 - 2012-09-17 17:26 - 00002482 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk 2012-09-15 23:36 - 2009-07-13 21:13 - 01526406 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-14 11:19 - 2012-10-09 15:32 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll 2012-09-14 10:28 - 2012-10-09 15:32 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2012-09-05 01:26 - 2012-09-05 01:26 - 00065479 ____A C:\Users\Lumturije\Documents\storstäd råsta.xlsx 2012-09-05 01:22 - 2012-09-04 16:42 - 00021267 ____A C:\Users\Lumturije\Documents\veckorapport råsta.xlsx 2012-08-31 10:19 - 2012-10-09 15:34 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2012-08-30 12:03 - 2012-08-30 12:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys 2012-08-30 12:03 - 2012-03-20 10:44 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys 2012-08-30 10:03 - 2012-10-09 15:33 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-08-30 09:12 - 2012-10-09 15:33 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-08-30 09:12 - 2012-10-09 15:33 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-08-24 10:05 - 2012-10-09 15:32 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-08-24 08:57 - 2012-10-09 15:32 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2012-08-24 03:15 - 2012-09-25 17:22 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-24 02:39 - 2012-09-25 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-24 02:31 - 2012-09-25 17:22 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-24 02:22 - 2012-09-25 17:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-24 02:21 - 2012-09-25 17:22 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-24 02:20 - 2012-09-25 17:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-24 02:18 - 2012-09-25 17:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-24 02:17 - 2012-09-25 17:22 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-24 02:14 - 2012-09-25 17:22 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-24 02:14 - 2012-09-25 17:22 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-24 02:13 - 2012-09-25 17:22 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-08-24 02:12 - 2012-09-25 17:22 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-24 02:11 - 2012-09-25 17:22 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-24 02:10 - 2012-09-25 17:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-24 02:09 - 2012-09-25 17:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-24 02:04 - 2012-09-25 17:22 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-23 23:27 - 2012-09-25 17:22 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-23 23:03 - 2012-09-25 17:22 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-23 22:59 - 2012-09-25 17:22 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-23 22:51 - 2012-09-25 17:22 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-23 22:51 - 2012-09-25 17:22 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-23 22:51 - 2012-09-25 17:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-23 22:49 - 2012-09-25 17:22 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-23 22:48 - 2012-09-25 17:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-23 22:47 - 2012-09-25 17:22 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-23 22:47 - 2012-09-25 17:22 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-08-23 22:47 - 2012-09-25 17:22 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-23 22:45 - 2012-09-25 17:22 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-08-23 22:44 - 2012-09-25 17:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-23 22:44 - 2012-09-25 17:22 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-23 22:43 - 2012-09-25 17:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-23 22:40 - 2012-09-25 17:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-22 10:12 - 2012-09-14 06:44 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-08-22 10:12 - 2012-09-14 06:44 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys 2012-08-22 10:12 - 2012-09-14 06:44 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2012-08-22 10:12 - 2012-09-14 06:44 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2012-08-22 05:34 - 2012-08-22 05:34 - 00001139 ____A C:\Users\Public\Desktop\Telia mobile broadband.lnk 2012-08-22 05:11 - 2012-08-22 05:11 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2012-08-21 13:01 - 2012-09-26 03:31 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe 2012-08-20 10:48 - 2012-10-09 15:33 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2012-08-20 10:48 - 2012-10-09 15:33 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2012-08-20 10:48 - 2012-10-09 15:33 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2012-08-20 10:48 - 2012-10-09 15:33 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll 2012-08-20 10:48 - 2012-10-09 15:33 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2012-08-20 10:48 - 2012-10-09 15:33 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2012-08-20 10:48 - 2012-10-09 15:33 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2012-08-20 10:46 - 2012-10-09 15:33 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe 2012-08-20 10:38 - 2012-10-09 15:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2012-08-20 09:40 - 2012-10-09 15:33 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2012-08-20 09:38 - 2012-10-09 15:33 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2012-08-20 09:37 - 2012-10-09 15:33 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2012-08-20 09:37 - 2012-10-09 15:33 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2012-08-20 09:37 - 2012-10-09 15:33 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2012-08-20 07:38 - 2012-10-09 15:33 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2012-08-20 07:38 - 2012-10-09 15:33 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2012-08-20 07:33 - 2012-10-09 15:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 07:33 - 2012-10-09 15:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 07:33 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 07:33 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2012-08-15 17:34 - 2009-07-13 20:45 - 00436680 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-10 16:56 - 2012-10-09 15:32 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2012-08-10 15:56 - 2012-10-09 15:32 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2012-08-08 11:43 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini 2012-08-08 11:14 - 2012-08-08 11:14 - 00275288 ____A C:\Windows\Minidump\080812-29624-01.dmp 2012-08-08 11:14 - 2011-03-12 08:25 - 495862033 ____A C:\Windows\MEMORY.DMP 2012-08-02 09:58 - 2012-09-14 06:44 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2012-08-02 08:57 - 2012-09-14 06:44 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2012-07-18 10:15 - 2012-08-15 12:20 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-09-20 10:23:56 Restore point made on: 2012-09-23 04:27:36 Restore point made on: 2012-09-25 05:14:20 Restore point made on: 2012-09-25 17:22:20 Restore point made on: 2012-09-26 17:24:19 Restore point made on: 2012-09-29 03:32:08 Restore point made on: 2012-10-01 03:49:09 Restore point made on: 2012-10-03 04:26:26 Restore point made on: 2012-10-04 06:01:15 Restore point made on: 2012-10-07 10:18:44 Restore point made on: 2012-10-09 21:43:25 Restore point made on: 2012-10-13 12:19:47 ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 3834.9 MB Available physical RAM: 3095.72 MB Total Pagefile: 3833.05 MB Available Pagefile: 3089.35 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:449.91 GB) (Free:382.74 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (RECOVERY) (Fixed) (Total:15.55 GB) (Free:2.24 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 5 Drive h: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk nr Status Storlek Ledigt Dyn Gpt -------- ------------- ------- ------- --- --- Disk nr 0 Online 465 G B 0 B Disk nr 1 Online 3819 M B 0 B Partitions of Disk 0: =============== Disk 0 „r nu den valda disken. Partitionsnr Typ Storlek Start ------------- ---------------- ------- ------- Partitionsnr 1 Prim„r 199 M 1024 K Partitionsnr 2 Prim„r 449 G 200 M Partitionsnr 3 Prim„r 15 G 450 G Partitionsnr 4 Prim„r 103 M 465 G ================================================================================== Disk: 0 Disk 0 „r nu den valda disken. Partition 1 „r nu den valda partitionen. Partition 1 Typ : 07 Dold : Nej Aktiv : Ja Offset i byte: 1048576 Volymnr Enh Etikett Fils. Typ Storlek Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volymnr 1 Y SYSTEM NTFS Partition 199 M Felfri ========================================================= Disk: 0 Disk 0 „r nu den valda disken. Partition 2 „r nu den valda partitionen. Partition 2 Typ : 07 Dold : Nej Aktiv : Nej Offset i byte: 209715200 Volymnr Enh Etikett Fils. Typ Storlek Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volymnr 2 C NTFS Partition 449 G Felfri ========================================================= Disk: 0 Disk 0 „r nu den valda disken. Partition 3 „r nu den valda partitionen. Partition 3 Typ : 07 Dold : Nej Aktiv : Nej Offset i byte: 483298115584 Volymnr Enh Etikett Fils. Typ Storlek Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volymnr 3 E RECOVERY NTFS Partition 15 G Felfri ========================================================= Disk: 0 Disk 0 „r nu den valda disken. Partition 4 „r nu den valda partitionen. Partition 4 Typ : 0C Dold : Nej Aktiv : Nej Offset i byte: 499998785536 Volymnr Enh Etikett Fils. Typ Storlek Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volymnr 4 F HP_TOOLS FAT32 Partition 103 M Felfri ========================================================= Partitions of Disk 1: =============== Disk 1 „r nu den valda disken. Partitionsnr Typ Storlek Start ------------- ---------------- ------- ------- Partitionsnr 1 Prim„r 3818 M 16 K ================================================================================== Disk: 1 Disk 1 „r nu den valda disken. Partition 1 „r nu den valda partitionen. Partition 1 Typ : 0B Dold : Nej Aktiv : Nej Offset i byte: 16384 Volymnr Enh Etikett Fils. Typ Storlek Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volymnr 5 H FAT32 Flyttbar 3818 M Felfri ========================================================= Last Boot: 2012-10-01 16:03 ==================== End Of Log =============================
  4. Hej Cecilia Vilken otur jag har, den andra datorn kronglar nu , när jag skulle starta den då kommer blå skärm med massa sifror . Startar inte helt enkelt .. Min fråga er om det går bra att göra detta som du säger i den infekterade datorn
  5. RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Lumturije [Admin rights] Mode : Scan -- Date : 10/04/2012 21:20:07 ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] [sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS725050A9A364 SATA Disk Device +++++ --- User --- [MBR] b8e7234df6b07bea25b1ca829b51613c [bSP] 4041d9ee08e32154eb2297bf130eabc5 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460709 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 943941632 | Size: 15927 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[6].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt
  6. Det har kommit fram 2 till rkraporter .. RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Lumturije [Admin rights] Mode : Scan -- Date : 10/04/2012 21:18:34 ¤¤¤ Bad processes : 8 ¤¤¤ [sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] [sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] [RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] [RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] [RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] [RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] [RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] [RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS725050A9A364 SATA Disk Device +++++ --- User --- [MBR] b8e7234df6b07bea25b1ca829b51613c [bSP] 4041d9ee08e32154eb2297bf130eabc5 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460709 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 943941632 | Size: 15927 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
  7. Hej igen , Hur ser det ut . finns det några infektereda filer kvar eller ?
  8. RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Lumturije [Admin rights] Mode : Remove -- Date : 10/04/2012 21:16:46 ¤¤¤ Bad processes : 6 ¤¤¤ [sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] [sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] [RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] [RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] [RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] [RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 3 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ [Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U\00000004.@ --> REMOVED [Del.Parent][FILE] 00000008.@ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U\00000008.@ --> REMOVED [Del.Parent][FILE] 000000cb.@ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U\000000cb.@ --> REMOVED [Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U\80000000.@ --> REMOVED [Del.Parent][FILE] 80000032.@ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U\80000032.@ --> REMOVED [Del.Parent][FILE] 80000064.@ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U\80000064.@ --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3622120377-3269129122-1711637881-1000\$ec1096450c9a4e9e53e1d2b4db4b78ea\U --> REMOVED [Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\L\00000004.@ --> REMOVED [Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\L\201d3dde --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\L --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3622120377-3269129122-1711637881-1000\$ec1096450c9a4e9e53e1d2b4db4b78ea\L --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS725050A9A364 SATA Disk Device +++++ --- User --- [MBR] b8e7234df6b07bea25b1ca829b51613c [bSP] 4041d9ee08e32154eb2297bf130eabc5 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460709 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 943941632 | Size: 15927 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  9. Hur väljer jag dom filer som ska tas bort ? För att på registry fins det ingeting
  10. RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Lumturije [Admin rights] Mode : Scan -- Date : 10/04/2012 15:58:44 ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] [sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\n --> FOUND [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\@ --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3622120377-3269129122-1711637881-1000\$ec1096450c9a4e9e53e1d2b4db4b78ea\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\L --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3622120377-3269129122-1711637881-1000\$ec1096450c9a4e9e53e1d2b4db4b78ea\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS725050A9A364 SATA Disk Device +++++ --- User --- [MBR] b8e7234df6b07bea25b1ca829b51613c [bSP] 4041d9ee08e32154eb2297bf130eabc5 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460709 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 943941632 | Size: 15927 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  11. Hej hej scan finished , nu har öpnatts en websida .. http://tigzyrk.blogspot.se/2011/09/rootkit-zeroaccess-max.html
  12. Det är bara olt.txt som log. nu ser jag i skrivbordet det har kommit två filer som hetter desktop.ini
  13. OTL logfile created on: 10/4/2012 2:38:02 PM - Run 4 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Lumturije\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd 3.75 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 68.70% Memory free 7.49 Gb Paging File | 5.85 Gb Available in Paging File | 78.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 449.91 Gb Total Space | 383.26 Gb Free Space | 85.19% Space Free | Partition Type: NTFS Drive D: | 15.55 Gb Total Space | 2.24 Gb Free Space | 14.40% Space Free | Partition Type: NTFS Drive E: | 99.02 Mb Total Space | 85.89 Mb Free Space | 86.74% Space Free | Partition Type: FAT32 Computer Name: LUMTURIJE-DATOR | User Name: Lumturije | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Lumturije\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe (bProtector) PRC - C:\ProgramData\IBUpdaterService\ibsvc.exe () PRC - C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - c:\ProgramData\bProtectorForWindows\2.0.392.106\protector.dll () MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_sv_31bf3856ad364e35\PresentationCore.resources.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation) SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.) SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.) SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.) SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard) SRV:64bit: - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (bProtector) -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe (bProtector) SRV - (IBUpdaterService) -- C:\ProgramData\IBUpdaterService\ibsvc.exe () SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe () SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.) DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.) DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Motorola, Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/11'>http://g.uk.msn.com/HPCON/11 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/11 IE - HKLM\..\SearchScopes,DefaultScope = {B39563D6-CC72-4A52-88C4-995BE04F542D} IE - HKLM\..\SearchScopes\{B39563D6-CC72-4A52-88C4-995BE04F542D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox'>http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.google.se/'>http://www.google.se/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.findamo.com/search.html?ch=12&q={searchTerms} IE - HKCU\..\SearchScopes\{B39563D6-CC72-4A52-88C4-995BE04F542D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lumturije\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lumturije\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.0.392.106\FirefoxExtension [2012/05/07 01:00:00 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.findamo.com?ch=12 CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: O1 HOSTS File: ([2012/10/03 15:12:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll File not found O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll File not found O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.) O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe () O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RTVOSD64.EXE (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Unable to open value key) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FD1C939-88F0-47FA-9034-40E706D4B72E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DAD9CA6-9A1C-4535-9196-61F53D077877}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\bprote~1\20392~1.106\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.0.392.106\protector.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/04 02:50:31 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Lumturije\Desktop\OTL.exe [2012/10/03 15:18:14 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/09/29 13:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/09/29 13:33:10 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/09/29 13:33:10 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/09/29 13:32:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/09/29 13:32:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/09/29 13:32:51 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/09/28 16:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/09/28 16:04:39 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2012/09/27 03:52:59 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{913A01DA-6095-4AD9-B94A-E5B6FC06762E} [2012/09/26 15:14:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/09/26 15:14:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/09/26 15:14:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/09/26 15:13:10 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/09/26 15:12:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/09/26 13:31:39 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012/09/26 13:26:16 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{FEFAB95E-6196-432C-9A52-A83CD77F0C72} [2012/09/26 03:43:36 | 000,000,000 | ---D | C] -- C:\_OTL [2012/09/26 03:23:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/09/26 03:23:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/09/26 03:22:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/09/26 03:22:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/09/26 03:22:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/09/26 03:22:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/09/26 03:22:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/09/26 03:22:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/09/26 03:22:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/09/26 03:22:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/09/26 03:22:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/09/26 03:22:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/09/26 03:22:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/09/26 03:22:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/09/26 03:22:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/09/25 15:43:29 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/09/25 15:41:45 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\Google [2012/09/25 15:41:15 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\Apps [2012/09/25 15:41:14 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\Deployment [2012/09/23 14:50:13 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{0107D964-9FC3-4383-BCF0-D3E5C1A79B65} [2012/09/20 21:18:01 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Roaming\Frolundadata [2012/09/20 21:17:46 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Talande tangentbord [2012/09/20 21:17:43 | 000,000,000 | ---D | C] -- C:\ljudfiler [2012/09/20 21:17:43 | 000,000,000 | ---D | C] -- C:\bin [2012/09/20 21:16:42 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\Desktop\Talande T [2012/09/20 21:13:09 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\Application Data [2012/09/20 21:07:13 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Roaming\Oribi [2012/09/20 21:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Oribi [2012/09/20 21:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpellRight [2012/09/20 21:05:51 | 001,479,600 | ---- | C] (Chant Inc.) -- C:\Windows\SysWow64\CSpeechKit.dll [2012/09/20 21:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Outlook Security Manager [2012/09/20 21:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oribi [2012/09/20 21:05:39 | 000,797,184 | ---- | C] (Antony Lewis) -- C:\Windows\SysWow64\WWDevCOM3.dll [2012/09/20 21:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpellRight [2012/09/20 20:26:53 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\ScanDis [2012/09/20 20:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanDis [2012/09/20 20:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanDis [2012/09/20 20:17:22 | 000,000,000 | ---D | C] -- C:\ScanDis.Lic [2012/09/18 03:26:49 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Roaming\WildTangent [2012/09/18 03:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent Games [2012/09/16 22:09:15 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{CAB15724-2542-4EC1-9A58-498ADDC651F0} [2012/09/14 16:44:56 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012/09/14 16:44:52 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012/09/14 16:44:50 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012/09/14 16:44:49 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012/09/08 06:08:12 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{CA05063C-0754-45E2-9DDD-177AC42425B2} [2012/09/06 15:25:44 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{6F58FCF5-6297-4CD1-9925-1A521F525E27} [2012/09/05 22:12:28 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{A34B4A50-A87C-4F89-A5CB-5C34646709FE} [2012/09/04 17:05:19 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{F0327899-EA7D-48C3-B16F-5C16C729897E} ========== Files - Modified Within 30 Days ========== [2012/10/04 14:33:12 | 000,001,020 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000UA.job [2012/10/04 14:33:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/04 02:50:41 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Lumturije\Desktop\OTL.exe [2012/10/03 16:39:26 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000Core.job [2012/10/03 15:29:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/03 15:29:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/03 15:22:14 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012/10/03 15:21:50 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys [2012/10/03 15:12:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/10/02 14:37:32 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/10/02 14:35:32 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/10/02 14:35:31 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/10/01 13:36:54 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLumturije.job [2012/09/29 13:32:32 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/09/29 13:32:27 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/09/29 13:32:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/09/29 13:32:26 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/09/29 13:32:25 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/09/27 21:55:09 | 000,001,193 | ---- | M] () -- C:\Users\Lumturije\Desktop\ComboFix - genväg.lnk [2012/09/27 21:32:53 | 000,002,510 | ---- | M] () -- C:\Users\Lumturije\Desktop\Google Chrome.lnk [2012/09/27 03:26:11 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/09/27 03:26:04 | 000,638,672 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat [2012/09/27 03:26:04 | 000,128,552 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat [2012/09/25 03:32:26 | 000,075,190 | ---- | M] () -- C:\ProgramData\fhfewfrhrfyolwk [2012/09/20 21:16:46 | 000,225,280 | ---- | M] (SamLogic) -- C:\Windows\VIXUNIN.EXE [2012/09/20 21:06:09 | 000,000,047 | ---- | M] () -- C:\Windows\Wivox.ini [2012/09/20 21:05:55 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\SpellRight.lnk [2012/09/20 20:35:06 | 000,002,769 | ---- | M] () -- C:\Users\Public\Desktop\ViTal.lnk [2012/09/20 20:26:45 | 000,000,022 | ---- | M] () -- C:\Users\Lumturije\Desktop\talande tangentbord.zip [2012/09/18 03:27:43 | 000,002,482 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk [2012/09/16 09:36:47 | 001,526,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/16 09:36:47 | 000,627,294 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/09/16 09:36:47 | 000,116,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat ========== Files Created - No Company Name ========== [2012/10/02 14:37:32 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/09/27 21:55:09 | 000,001,193 | ---- | C] () -- C:\Users\Lumturije\Desktop\ComboFix - genväg.lnk [2012/09/26 15:14:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/09/26 15:14:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/09/26 15:14:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/09/26 15:14:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/09/26 15:14:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/09/25 15:43:33 | 000,002,510 | ---- | C] () -- C:\Users\Lumturije\Desktop\Google Chrome.lnk [2012/09/25 15:41:52 | 000,001,020 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000UA.job [2012/09/25 15:41:51 | 000,000,968 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000Core.job [2012/09/25 03:30:21 | 000,075,190 | ---- | C] () -- C:\ProgramData\fhfewfrhrfyolwk [2012/09/20 21:06:09 | 000,000,047 | ---- | C] () -- C:\Windows\Wivox.ini [2012/09/20 21:05:55 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\SpellRight.lnk [2012/09/20 21:05:46 | 002,562,048 | ---- | C] () -- C:\Windows\SysWow64\sre32rx.dll [2012/09/20 20:25:05 | 000,002,769 | ---- | C] () -- C:\Users\Public\Desktop\ViTal.lnk [2012/09/20 20:06:10 | 000,000,022 | ---- | C] () -- C:\Users\Lumturije\Desktop\talande tangentbord.zip [2012/09/18 03:26:18 | 000,002,482 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk [2012/09/08 23:10:58 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForLumturije.job [2011/11/25 17:55:59 | 000,000,000 | ---- | C] () -- C:\Windows\Setup32.INI [2011/06/18 18:36:15 | 000,001,854 | ---- | C] () -- C:\Users\Lumturije\AppData\Roaming\GhostObjGAFix.xml [2011/02/27 23:03:47 | 001,546,490 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/10/27 16:13:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/06/09 22:48:55 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\FloodLightGames [2012/09/20 21:18:01 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\Frolundadata [2012/06/19 19:19:24 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\Garmin [2012/09/20 21:07:15 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\Oribi [2011/09/28 16:18:42 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\Personal [2011/06/10 13:59:46 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\T-Mobile [2011/06/10 17:14:55 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\T-Mobile Internet Manager [2012/09/18 03:26:50 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\WildTangent [2011/09/28 16:36:24 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\Windows Live Writer [2012/10/01 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report >
  14. ComboFix 12-10-02.02 - Lumturije 2012-10-03 14:29:44.7.3 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3835.2556 [GMT 2:00] Körs från: c:\users\Lumturije\Downloads\ComboFix.exe Kommandoväxlar som använts :: c:\users\Lumturije\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((( Filer skapade från 2012-09-03 till 2012-10-03 )))))))))))))))))))))))))))))) . . 2012-10-03 12:52 . 2012-10-03 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-02 13:34 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1936A07-275C-4C37-A7D1-81AB2276EF8B}\mpengine.dll 2012-10-01 11:49 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-29 11:33 . 2012-09-29 11:33 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-09-29 11:33 . 2012-09-29 11:32 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-29 11:32 . 2012-09-29 11:32 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-28 14:16 . 2012-09-28 14:16 -------- d-----w- c:\program files (x86)\ESET 2012-09-28 14:04 . 2012-09-28 14:20 -------- d--h--w- c:\windows\AxInstSV 2012-09-27 19:42 . 2012-09-27 19:42 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CF2D25A-B1F9-4EBE-8758-D30EF75A8CA3}\gapaengine.dll 2012-09-26 11:31 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-26 01:43 . 2012-09-26 01:43 -------- d-----w- C:\_OTL 2012-09-26 01:23 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-26 01:23 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-09-26 01:23 . 2012-08-24 10:10 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-09-25 13:41 . 2012-09-25 13:43 -------- d-----w- c:\users\Lumturije\AppData\Local\Google 2012-09-25 13:41 . 2012-09-25 13:41 -------- d-----w- c:\users\Lumturije\AppData\Local\Apps 2012-09-25 13:41 . 2012-09-25 13:41 -------- d-----w- c:\users\Lumturije\AppData\Local\Deployment 2012-09-20 19:18 . 2012-09-20 19:18 -------- d-----w- c:\users\Lumturije\AppData\Roaming\Frolundadata 2012-09-20 19:17 . 2012-09-20 19:17 -------- d-----w- C:\ljudfiler 2012-09-20 19:17 . 2012-09-20 19:17 -------- d-----w- C:\bin 2012-09-20 19:07 . 2012-09-20 19:07 -------- d-----w- c:\users\Lumturije\AppData\Roaming\Oribi 2012-09-20 19:07 . 2012-09-20 19:07 -------- d-----w- c:\programdata\Oribi 2012-09-20 19:05 . 2012-09-20 19:05 -------- d-----w- c:\program files (x86)\Common Files\Outlook Security Manager 2012-09-20 19:05 . 2012-09-20 19:05 -------- d-----w- c:\program files (x86)\Common Files\Oribi 2012-09-20 19:05 . 2012-03-13 06:58 1479600 ----a-w- c:\windows\SysWow64\CSpeechKit.dll 2012-09-20 19:05 . 2012-04-13 11:44 2562048 ----a-w- c:\windows\SysWow64\sre32rx.dll 2012-09-20 19:05 . 2011-01-21 22:21 797184 ----a-w- c:\windows\SysWow64\WWDevCOM3.dll 2012-09-20 19:05 . 2012-09-20 19:06 -------- d-----w- c:\program files (x86)\SpellRight 2012-09-20 18:26 . 2012-09-20 18:26 -------- d-----w- c:\users\Lumturije\AppData\Local\ScanDis 2012-09-20 18:24 . 2012-09-20 18:24 -------- d-----w- c:\program files (x86)\ScanDis 2012-09-20 18:17 . 2012-09-20 18:24 -------- d-----w- c:\program files (x86)\Common Files\ScanDis 2012-09-20 18:17 . 2012-09-25 22:25 -------- d-----w- C:\ScanDis.Lic 2012-09-18 01:26 . 2012-09-18 01:26 -------- d-----w- c:\users\Lumturije\AppData\Roaming\WildTangent 2012-09-18 01:25 . 2012-09-18 01:26 -------- d-----w- c:\program files (x86)\WildTangent Games 2012-09-14 14:44 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-14 14:44 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-14 14:44 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-14 14:44 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-14 14:44 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-14 14:44 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-14 14:44 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-02 12:35 . 2012-05-01 23:33 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-02 12:35 . 2011-07-30 17:00 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-20 19:16 . 2007-06-25 18:37 225280 ----a-w- c:\windows\VIXUNIN.EXE 2012-09-15 17:29 . 2011-02-28 01:16 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-30 20:03 . 2012-03-20 18:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-07-18 18:15 . 2012-08-15 20:20 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-06 20:07 . 2012-08-16 01:13 552960 ----a-w- c:\windows\system32\drivers\bthport.sys . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-01-25 61112] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-1-30 1088920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~3\bprote~1\20392~1.106\protec~1.dll "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-03-05 1040136] R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2010-03-01 40960] R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-03-01 52224] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-12-29 117248] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-12-29 13952] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-12-29 98816] R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-12-29 28672] R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-12-29 212992] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 114560] R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-31 1255736] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-29 202752] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-03-10 661768] S2 bProtector;bProtector;c:\programdata\bProtectorForWindows\2.0.392.106\bProtect.exe [2012-05-06 1441784] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384] S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480] S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976] S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2012-05-06 396088] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-29 6405632] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-29 188928] S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-03-05 4163848] S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-03-05 464384] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-15 1028096] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-12-29 86016] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-04-14 925536] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-09 295424] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000Core.job - c:\users\Lumturije\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 13:41] . 2012-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000UA.job - c:\users\Lumturije\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 13:41] . 2012-10-01 c:\windows\Tasks\HPCeeScheduleForLumturije.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-03-10 20451592] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144] "RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-12 995840] "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-25 172032] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] . ------- Extra genomsökning ------- . uStart Page = hxxp://www.google.se/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andra processer som körs ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\windows\SysWOW64\schtasks.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe . ************************************************************************** . Sluttid: 2012-10-03 15:18:10 - datorn startades om. ComboFix-quarantined-files.txt 2012-10-03 13:18 ComboFix2.txt 2012-10-02 13:26 ComboFix3.txt 2012-09-27 20:22 ComboFix4.txt 2012-09-27 12:14 . Före genomsökningen: 411 855 319 040 byte ledigt Efter genomsökningen: 411 657 392 128 byte ledigt . - - End Of File - - 929CE5C81CD3BDC0E9008860C02BEB80
×
×
  • Skapa nytt...