Just nu i M3-nätverket
Gå till innehåll
bb80

Polisen enheten för databrott

Rekommendera Poster

bprotector , jag har inte denna program i listan för att avinstalera,och vet inte hur den har hamnat i min dator,om jag har installerat eller vad.Jag har sverige.net som internet-leverantör.

 

 

Hittar inget utgivare för updater service

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Okej, vi tar bort dem med ComboFix då.

 

Starta Anteckningar.

Kopiera alla rader i rutan:

Killall::
ClearJavaCache::
DDS::
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0TCP: Interfaces\{5DAD9CA6-9A1C-4535-9196-61F53D077877}\072776E2165627F6D286F6473707F647 : DhcpNameServer = 193.86.243.66 193.86.243.68
AppInit_DLLs: c:\progra~3\bprote~1\20392~1.106\protec~1.dll
AppInit_DLLs-X64: c:\progra~3\bprote~1\20392~1.106\protec~1.dll
R2 bProtector;bProtector;C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe [2012-5-7 1441784]
R2 IBUpdaterService;Updater Service;C:\ProgramData\IBUpdaterService\ibsvc.exe [2012-5-7 396088]

och klistra in i Anteckningar. Kontrollera att inga filnamn/sökvägar delas upp på två rader. Det ska vara 10 rader.

Spara filen på Skrivbordet med kodningen ANSI och med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

ComboFix 12-10-02.02 - Lumturije 2012-10-02 14:43:10.6.3 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3835.2485 [GMT 2:00]

Körs från: c:\users\Lumturije\Downloads\ComboFix.exe

Kommandoväxlar som använts :: c:\users\Lumturije\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((( Filer skapade från 2012-09-02 till 2012-10-02 ))))))))))))))))))))))))))))))

.

.

2012-10-02 12:55 . 2012-10-02 12:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-02 11:54 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{351A9DC8-931D-4655-9892-09274A6BCE6A}\mpengine.dll

2012-10-01 11:49 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-29 11:33 . 2012-09-29 11:33 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-09-29 11:33 . 2012-09-29 11:32 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-29 11:32 . 2012-09-29 11:32 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-28 14:16 . 2012-09-28 14:16 -------- d-----w- c:\program files (x86)\ESET

2012-09-28 14:04 . 2012-09-28 14:20 -------- d--h--w- c:\windows\AxInstSV

2012-09-27 19:42 . 2012-09-27 19:42 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CF2D25A-B1F9-4EBE-8758-D30EF75A8CA3}\gapaengine.dll

2012-09-26 11:31 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-26 01:43 . 2012-09-26 01:43 -------- d-----w- C:\_OTL

2012-09-26 01:23 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-26 01:23 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-09-26 01:23 . 2012-08-24 10:10 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-09-25 13:41 . 2012-09-25 13:43 -------- d-----w- c:\users\Lumturije\AppData\Local\Google

2012-09-25 13:41 . 2012-09-25 13:41 -------- d-----w- c:\users\Lumturije\AppData\Local\Apps

2012-09-25 13:41 . 2012-09-25 13:41 -------- d-----w- c:\users\Lumturije\AppData\Local\Deployment

2012-09-20 19:18 . 2012-09-20 19:18 -------- d-----w- c:\users\Lumturije\AppData\Roaming\Frolundadata

2012-09-20 19:17 . 2012-09-20 19:17 -------- d-----w- C:\ljudfiler

2012-09-20 19:17 . 2012-09-20 19:17 -------- d-----w- C:\bin

2012-09-20 19:07 . 2012-09-20 19:07 -------- d-----w- c:\users\Lumturije\AppData\Roaming\Oribi

2012-09-20 19:07 . 2012-09-20 19:07 -------- d-----w- c:\programdata\Oribi

2012-09-20 19:05 . 2012-09-20 19:05 -------- d-----w- c:\program files (x86)\Common Files\Outlook Security Manager

2012-09-20 19:05 . 2012-09-20 19:05 -------- d-----w- c:\program files (x86)\Common Files\Oribi

2012-09-20 19:05 . 2012-03-13 06:58 1479600 ----a-w- c:\windows\SysWow64\CSpeechKit.dll

2012-09-20 19:05 . 2012-04-13 11:44 2562048 ----a-w- c:\windows\SysWow64\sre32rx.dll

2012-09-20 19:05 . 2011-01-21 22:21 797184 ----a-w- c:\windows\SysWow64\WWDevCOM3.dll

2012-09-20 19:05 . 2012-09-20 19:06 -------- d-----w- c:\program files (x86)\SpellRight

2012-09-20 18:26 . 2012-09-20 18:26 -------- d-----w- c:\users\Lumturije\AppData\Local\ScanDis

2012-09-20 18:24 . 2012-09-20 18:24 -------- d-----w- c:\program files (x86)\ScanDis

2012-09-20 18:17 . 2012-09-20 18:24 -------- d-----w- c:\program files (x86)\Common Files\ScanDis

2012-09-20 18:17 . 2012-09-25 22:25 -------- d-----w- C:\ScanDis.Lic

2012-09-18 01:26 . 2012-09-18 01:26 -------- d-----w- c:\users\Lumturije\AppData\Roaming\WildTangent

2012-09-18 01:25 . 2012-09-18 01:26 -------- d-----w- c:\program files (x86)\WildTangent Games

2012-09-14 14:44 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-14 14:44 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-14 14:44 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-14 14:44 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-14 14:44 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-14 14:44 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-14 14:44 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-02 12:35 . 2012-05-01 23:33 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-02 12:35 . 2011-07-30 17:00 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-20 19:16 . 2007-06-25 18:37 225280 ----a-w- c:\windows\VIXUNIN.EXE

2012-09-15 17:29 . 2011-02-28 01:16 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-30 20:03 . 2012-03-20 18:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-07-18 18:15 . 2012-08-15 20:20 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-06 20:07 . 2012-08-16 01:13 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-07-04 22:16 . 2012-08-15 20:20 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-15 20:20 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-15 20:20 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-15 20:20 41984 ----a-w- c:\windows\SysWow64\browcli.dll

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-01-25 61112]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-1-30 1088920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~3\bprote~1\20392~1.106\protec~1.dll

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-03-05 1040136]

R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2010-03-01 40960]

R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-03-01 52224]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-12-29 117248]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-12-29 13952]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-12-29 98816]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-12-29 28672]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-12-29 212992]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 114560]

R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-31 1255736]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-29 202752]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-03-10 661768]

S2 bProtector;bProtector;c:\programdata\bProtectorForWindows\2.0.392.106\bProtect.exe [2012-05-06 1441784]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]

S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2012-05-06 396088]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-29 6405632]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-29 188928]

S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-03-05 4163848]

S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-03-05 464384]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-15 1028096]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-12-29 86016]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-04-14 925536]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-09 295424]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000Core.job

- c:\users\Lumturije\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 13:41]

.

2012-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000UA.job

- c:\users\Lumturije\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 13:41]

.

2012-10-01 c:\windows\Tasks\HPCeeScheduleForLumturije.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-03-10 20451592]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]

"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-12 995840]

"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-25 172032]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

.

**************************************************************************

.

Sluttid: 2012-10-02 15:26:29 - datorn startades om.

ComboFix-quarantined-files.txt 2012-10-02 13:26

ComboFix2.txt 2012-09-27 20:22

ComboFix3.txt 2012-09-27 12:14

.

Före genomsökningen: 411 319 676 928 byte ledigt

Efter genomsökningen: 411 272 794 112 byte ledigt

.

- - End Of File - - A6F94E33EEB4E2DF6B344F4AAF17BEE7

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

ComboFix 12-10-02.02 - Lumturije 2012-10-03 14:29:44.7.3 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3835.2556 [GMT 2:00]

Körs från: c:\users\Lumturije\Downloads\ComboFix.exe

Kommandoväxlar som använts :: c:\users\Lumturije\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((( Filer skapade från 2012-09-03 till 2012-10-03 ))))))))))))))))))))))))))))))

.

.

2012-10-03 12:52 . 2012-10-03 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-02 13:34 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1936A07-275C-4C37-A7D1-81AB2276EF8B}\mpengine.dll

2012-10-01 11:49 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-29 11:33 . 2012-09-29 11:33 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-09-29 11:33 . 2012-09-29 11:32 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-29 11:32 . 2012-09-29 11:32 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-28 14:16 . 2012-09-28 14:16 -------- d-----w- c:\program files (x86)\ESET

2012-09-28 14:04 . 2012-09-28 14:20 -------- d--h--w- c:\windows\AxInstSV

2012-09-27 19:42 . 2012-09-27 19:42 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6CF2D25A-B1F9-4EBE-8758-D30EF75A8CA3}\gapaengine.dll

2012-09-26 11:31 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-26 01:43 . 2012-09-26 01:43 -------- d-----w- C:\_OTL

2012-09-26 01:23 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-26 01:23 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-09-26 01:23 . 2012-08-24 10:10 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-09-25 13:41 . 2012-09-25 13:43 -------- d-----w- c:\users\Lumturije\AppData\Local\Google

2012-09-25 13:41 . 2012-09-25 13:41 -------- d-----w- c:\users\Lumturije\AppData\Local\Apps

2012-09-25 13:41 . 2012-09-25 13:41 -------- d-----w- c:\users\Lumturije\AppData\Local\Deployment

2012-09-20 19:18 . 2012-09-20 19:18 -------- d-----w- c:\users\Lumturije\AppData\Roaming\Frolundadata

2012-09-20 19:17 . 2012-09-20 19:17 -------- d-----w- C:\ljudfiler

2012-09-20 19:17 . 2012-09-20 19:17 -------- d-----w- C:\bin

2012-09-20 19:07 . 2012-09-20 19:07 -------- d-----w- c:\users\Lumturije\AppData\Roaming\Oribi

2012-09-20 19:07 . 2012-09-20 19:07 -------- d-----w- c:\programdata\Oribi

2012-09-20 19:05 . 2012-09-20 19:05 -------- d-----w- c:\program files (x86)\Common Files\Outlook Security Manager

2012-09-20 19:05 . 2012-09-20 19:05 -------- d-----w- c:\program files (x86)\Common Files\Oribi

2012-09-20 19:05 . 2012-03-13 06:58 1479600 ----a-w- c:\windows\SysWow64\CSpeechKit.dll

2012-09-20 19:05 . 2012-04-13 11:44 2562048 ----a-w- c:\windows\SysWow64\sre32rx.dll

2012-09-20 19:05 . 2011-01-21 22:21 797184 ----a-w- c:\windows\SysWow64\WWDevCOM3.dll

2012-09-20 19:05 . 2012-09-20 19:06 -------- d-----w- c:\program files (x86)\SpellRight

2012-09-20 18:26 . 2012-09-20 18:26 -------- d-----w- c:\users\Lumturije\AppData\Local\ScanDis

2012-09-20 18:24 . 2012-09-20 18:24 -------- d-----w- c:\program files (x86)\ScanDis

2012-09-20 18:17 . 2012-09-20 18:24 -------- d-----w- c:\program files (x86)\Common Files\ScanDis

2012-09-20 18:17 . 2012-09-25 22:25 -------- d-----w- C:\ScanDis.Lic

2012-09-18 01:26 . 2012-09-18 01:26 -------- d-----w- c:\users\Lumturije\AppData\Roaming\WildTangent

2012-09-18 01:25 . 2012-09-18 01:26 -------- d-----w- c:\program files (x86)\WildTangent Games

2012-09-14 14:44 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-14 14:44 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-14 14:44 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-14 14:44 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-14 14:44 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-14 14:44 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-14 14:44 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-02 12:35 . 2012-05-01 23:33 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-02 12:35 . 2011-07-30 17:00 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-20 19:16 . 2007-06-25 18:37 225280 ----a-w- c:\windows\VIXUNIN.EXE

2012-09-15 17:29 . 2011-02-28 01:16 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-08-30 20:03 . 2012-03-20 18:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-07-18 18:15 . 2012-08-15 20:20 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-06 20:07 . 2012-08-16 01:13 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-01-25 61112]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-1-30 1088920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~3\bprote~1\20392~1.106\protec~1.dll

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-03-05 1040136]

R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2010-03-01 40960]

R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-03-01 52224]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-12-29 117248]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-12-29 13952]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-12-29 98816]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-12-29 28672]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-12-29 212992]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 114560]

R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]

R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-31 1255736]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-29 202752]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-03-10 661768]

S2 bProtector;bProtector;c:\programdata\bProtectorForWindows\2.0.392.106\bProtect.exe [2012-05-06 1441784]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]

S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2012-05-06 396088]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-29 6405632]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-29 188928]

S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-03-05 4163848]

S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-03-05 464384]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-15 1028096]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-12-29 86016]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-04-14 925536]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-09 295424]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000Core.job

- c:\users\Lumturije\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 13:41]

.

2012-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000UA.job

- c:\users\Lumturije\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-25 13:41]

.

2012-10-01 c:\windows\Tasks\HPCeeScheduleForLumturije.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-03-10 20451592]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]

"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-12 995840]

"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-25 172032]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\windows\SysWOW64\schtasks.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

.

**************************************************************************

.

Sluttid: 2012-10-03 15:18:10 - datorn startades om.

ComboFix-quarantined-files.txt 2012-10-03 13:18

ComboFix2.txt 2012-10-02 13:26

ComboFix3.txt 2012-09-27 20:22

ComboFix4.txt 2012-09-27 12:14

.

Före genomsökningen: 411 855 319 040 byte ledigt

Efter genomsökningen: 411 657 392 128 byte ledigt

.

- - End Of File - - 929CE5C81CD3BDC0E9008860C02BEB80

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Nej, vi får ta till OTL i stället.

Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL.

 

Under Output högt upp så välj Minimal Output.

Bocka för LOP Check och Purity Check.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

OTL logfile created on: 10/4/2012 2:38:02 PM - Run 4

OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Lumturije\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

3.75 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 68.70% Memory free

7.49 Gb Paging File | 5.85 Gb Available in Paging File | 78.17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 449.91 Gb Total Space | 383.26 Gb Free Space | 85.19% Space Free | Partition Type: NTFS

Drive D: | 15.55 Gb Total Space | 2.24 Gb Free Space | 14.40% Space Free | Partition Type: NTFS

Drive E: | 99.02 Mb Total Space | 85.89 Mb Free Space | 86.74% Space Free | Partition Type: FAT32

 

Computer Name: LUMTURIJE-DATOR | User Name: Lumturije | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Lumturije\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe (bProtector)

PRC - C:\ProgramData\IBUpdaterService\ibsvc.exe ()

PRC - C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB)

PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)

PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - c:\ProgramData\bProtectorForWindows\2.0.392.106\protector.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_sv_31bf3856ad364e35\PresentationCore.resources.dll ()

MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()

MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()

MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)

SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)

SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)

SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)

SRV:64bit: - (HPWMISVC) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ()

SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (bProtector) -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe (bProtector)

SRV - (IBUpdaterService) -- C:\ProgramData\IBUpdaterService\ibsvc.exe ()

SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)

SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()

SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.)

DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)

DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Motorola, Inc.)

DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/11'>http://g.uk.msn.com/HPCON/11

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/11

IE - HKLM\..\SearchScopes,DefaultScope = {B39563D6-CC72-4A52-88C4-995BE04F542D}

IE - HKLM\..\SearchScopes\{B39563D6-CC72-4A52-88C4-995BE04F542D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox'>http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.google.se/'>http://www.google.se/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.findamo.com/search.html?ch=12&q={searchTerms}

IE - HKCU\..\SearchScopes\{B39563D6-CC72-4A52-88C4-995BE04F542D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lumturije\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lumturije\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.0.392.106\FirefoxExtension [2012/05/07 01:00:00 | 000,000,000 | ---D | M]

 

 

========== Chrome ==========

 

CHR - homepage: http://www.findamo.com?ch=12

CHR - default_search_provider: ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - homepage:

 

O1 HOSTS File: ([2012/10/03 15:12:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll File not found

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll File not found

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)

O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RTVOSD64.EXE (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O13 - gopher Prefix: missing

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Unable to open value key)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FD1C939-88F0-47FA-9034-40E706D4B72E}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DAD9CA6-9A1C-4535-9196-61F53D077877}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\progra~3\bprote~1\20392~1.106\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.0.392.106\protector.dll ()

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/10/04 02:50:31 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Lumturije\Desktop\OTL.exe

[2012/10/03 15:18:14 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/09/29 13:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/09/29 13:33:10 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2012/09/29 13:33:10 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012/09/29 13:32:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012/09/29 13:32:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012/09/29 13:32:51 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012/09/28 16:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/09/28 16:04:39 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV

[2012/09/27 03:52:59 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{913A01DA-6095-4AD9-B94A-E5B6FC06762E}

[2012/09/26 15:14:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/09/26 15:14:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/09/26 15:14:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/09/26 15:13:10 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/09/26 15:12:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/09/26 13:31:39 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe

[2012/09/26 13:26:16 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{FEFAB95E-6196-432C-9A52-A83CD77F0C72}

[2012/09/26 03:43:36 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/09/26 03:23:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/09/26 03:23:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/09/26 03:22:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/09/26 03:22:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/09/26 03:22:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/09/26 03:22:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/09/26 03:22:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/09/26 03:22:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/09/26 03:22:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/09/26 03:22:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/09/26 03:22:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/09/26 03:22:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/09/26 03:22:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/09/26 03:22:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/09/26 03:22:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/09/25 15:43:29 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/09/25 15:41:45 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\Google

[2012/09/25 15:41:15 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\Apps

[2012/09/25 15:41:14 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\Deployment

[2012/09/23 14:50:13 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{0107D964-9FC3-4383-BCF0-D3E5C1A79B65}

[2012/09/20 21:18:01 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Roaming\Frolundadata

[2012/09/20 21:17:46 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Talande tangentbord

[2012/09/20 21:17:43 | 000,000,000 | ---D | C] -- C:\ljudfiler

[2012/09/20 21:17:43 | 000,000,000 | ---D | C] -- C:\bin

[2012/09/20 21:16:42 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\Desktop\Talande T

[2012/09/20 21:13:09 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\Application Data

[2012/09/20 21:07:13 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Roaming\Oribi

[2012/09/20 21:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Oribi

[2012/09/20 21:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpellRight

[2012/09/20 21:05:51 | 001,479,600 | ---- | C] (Chant Inc.) -- C:\Windows\SysWow64\CSpeechKit.dll

[2012/09/20 21:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Outlook Security Manager

[2012/09/20 21:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oribi

[2012/09/20 21:05:39 | 000,797,184 | ---- | C] (Antony Lewis) -- C:\Windows\SysWow64\WWDevCOM3.dll

[2012/09/20 21:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpellRight

[2012/09/20 20:26:53 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\ScanDis

[2012/09/20 20:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanDis

[2012/09/20 20:17:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanDis

[2012/09/20 20:17:22 | 000,000,000 | ---D | C] -- C:\ScanDis.Lic

[2012/09/18 03:26:49 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Roaming\WildTangent

[2012/09/18 03:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent Games

[2012/09/16 22:09:15 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{CAB15724-2542-4EC1-9A58-498ADDC651F0}

[2012/09/14 16:44:56 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys

[2012/09/14 16:44:52 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2012/09/14 16:44:50 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

[2012/09/14 16:44:49 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

[2012/09/08 06:08:12 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{CA05063C-0754-45E2-9DDD-177AC42425B2}

[2012/09/06 15:25:44 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{6F58FCF5-6297-4CD1-9925-1A521F525E27}

[2012/09/05 22:12:28 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{A34B4A50-A87C-4F89-A5CB-5C34646709FE}

[2012/09/04 17:05:19 | 000,000,000 | ---D | C] -- C:\Users\Lumturije\AppData\Local\{F0327899-EA7D-48C3-B16F-5C16C729897E}

 

========== Files - Modified Within 30 Days ==========

 

[2012/10/04 14:33:12 | 000,001,020 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000UA.job

[2012/10/04 14:33:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/10/04 02:50:41 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Lumturije\Desktop\OTL.exe

[2012/10/03 16:39:26 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000Core.job

[2012/10/03 15:29:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/10/03 15:29:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/10/03 15:22:14 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl

[2012/10/03 15:21:50 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys

[2012/10/03 15:12:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/10/02 14:37:32 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/10/02 14:35:32 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/10/02 14:35:31 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/10/01 13:36:54 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLumturije.job

[2012/09/29 13:32:32 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012/09/29 13:32:27 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012/09/29 13:32:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012/09/29 13:32:26 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012/09/29 13:32:25 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2012/09/27 21:55:09 | 000,001,193 | ---- | M] () -- C:\Users\Lumturije\Desktop\ComboFix - genväg.lnk

[2012/09/27 21:32:53 | 000,002,510 | ---- | M] () -- C:\Users\Lumturije\Desktop\Google Chrome.lnk

[2012/09/27 03:26:11 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/09/27 03:26:04 | 000,638,672 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2012/09/27 03:26:04 | 000,128,552 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2012/09/25 03:32:26 | 000,075,190 | ---- | M] () -- C:\ProgramData\fhfewfrhrfyolwk

[2012/09/20 21:16:46 | 000,225,280 | ---- | M] (SamLogic) -- C:\Windows\VIXUNIN.EXE

[2012/09/20 21:06:09 | 000,000,047 | ---- | M] () -- C:\Windows\Wivox.ini

[2012/09/20 21:05:55 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\SpellRight.lnk

[2012/09/20 20:35:06 | 000,002,769 | ---- | M] () -- C:\Users\Public\Desktop\ViTal.lnk

[2012/09/20 20:26:45 | 000,000,022 | ---- | M] () -- C:\Users\Lumturije\Desktop\talande tangentbord.zip

[2012/09/18 03:27:43 | 000,002,482 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk

[2012/09/16 09:36:47 | 001,526,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/09/16 09:36:47 | 000,627,294 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/09/16 09:36:47 | 000,116,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

 

========== Files Created - No Company Name ==========

 

[2012/10/02 14:37:32 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/09/27 21:55:09 | 000,001,193 | ---- | C] () -- C:\Users\Lumturije\Desktop\ComboFix - genväg.lnk

[2012/09/26 15:14:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/09/26 15:14:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/09/26 15:14:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/09/26 15:14:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/09/26 15:14:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/09/25 15:43:33 | 000,002,510 | ---- | C] () -- C:\Users\Lumturije\Desktop\Google Chrome.lnk

[2012/09/25 15:41:52 | 000,001,020 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000UA.job

[2012/09/25 15:41:51 | 000,000,968 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000Core.job

[2012/09/25 03:30:21 | 000,075,190 | ---- | C] () -- C:\ProgramData\fhfewfrhrfyolwk

[2012/09/20 21:06:09 | 000,000,047 | ---- | C] () -- C:\Windows\Wivox.ini

[2012/09/20 21:05:55 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\SpellRight.lnk

[2012/09/20 21:05:46 | 002,562,048 | ---- | C] () -- C:\Windows\SysWow64\sre32rx.dll

[2012/09/20 20:25:05 | 000,002,769 | ---- | C] () -- C:\Users\Public\Desktop\ViTal.lnk

[2012/09/20 20:06:10 | 000,000,022 | ---- | C] () -- C:\Users\Lumturije\Desktop\talande tangentbord.zip

[2012/09/18 03:26:18 | 000,002,482 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk

[2012/09/08 23:10:58 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForLumturije.job

[2011/11/25 17:55:59 | 000,000,000 | ---- | C] () -- C:\Windows\Setup32.INI

[2011/06/18 18:36:15 | 000,001,854 | ---- | C] () -- C:\Users\Lumturije\AppData\Roaming\GhostObjGAFix.xml

[2011/02/27 23:03:47 | 001,546,490 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/10/27 16:13:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

 

========== ZeroAccess Check ==========

 

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2011/06/09 22:48:55 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\FloodLightGames

[2012/09/20 21:18:01 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\Frolundadata

[2012/06/19 19:19:24 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\Garmin

[2012/09/20 21:07:15 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\Oribi

[2011/09/28 16:18:42 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\Personal

[2011/06/10 13:59:46 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\T-Mobile

[2011/06/10 17:14:55 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\T-Mobile Internet Manager

[2012/09/18 03:26:50 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\WildTangent

[2011/09/28 16:36:24 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\Windows Live Writer

[2012/10/01 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Lumturije\AppData\Roaming\_MDLogs

 

========== Purity Check ==========

 

 

 

< End of report >

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Spara RougueKiller på Skrivbordet.

http://www.sur-la-toile.com/RogueKiller/

Stäng av alla program.

Ta bort alla externa enheter, t ex USB-minnen och externa hårddiskar, utom tangentbord och mus. Låt dem vara bortkopplade medan rensningen pågår.

 

Kör RogueKiller (i Vista och Windows 7 högerklicka på programmet och välj "Kör som administratör). Om det inte går att köra så pröva flera gång, men om det fortfarande inte går så pröva med att döpa om programmet till winlogon.exe.

 

Vänta tills "Prescan" har avslutats.

Klicka på "Scan"-knappen uppe till höger.

Vänta tills skanningen är klar.

En rapport "RKreport.txt" ska då ha skapats på Skrivbordet. Klistra in innehållet i den i ditt svar.

Redigerad av Cecilia

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Det är bara olt.txt som log. nu ser jag i skrivbordet det har kommit två filer som hetter desktop.ini

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

RogueKiller V8.1.1 [10/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Lumturije [Admin rights]

Mode : Scan -- Date : 10/04/2012 15:58:44

 

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

[sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 4 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\n --> FOUND

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3622120377-3269129122-1711637881-1000\$ec1096450c9a4e9e53e1d2b4db4b78ea\U --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\L --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3622120377-3269129122-1711637881-1000\$ec1096450c9a4e9e53e1d2b4db4b78ea\L --> FOUND

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ Infection : ZeroAccess ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: Hitachi HTS725050A9A364 SATA Disk Device +++++

--- User ---

[MBR] b8e7234df6b07bea25b1ca829b51613c

[bSP] 4041d9ee08e32154eb2297bf130eabc5 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460709 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 943941632 | Size: 15927 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[1].txt >>

RKreport[1].txt

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Stäng av alla program inklusive antivirusprogram och liknande.

Kör RogueKiller (i Vista och Windows 7 högerklicka på programmet och välj "Kör som administratör).

Vänta tills "Prescan" har avslutats.

 

Välj fliken Registry och se till att följande är valt men inget annat:

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Klicka på "Delete"-knappen.

 

Välj fliken Filer och se till att följande är valt men inget annat:

[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\n --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3622120377-3269129122-1711637881-1000\$ec1096450c9a4e9e53e1d2b4db4b78ea\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3622120377-3269129122-1711637881-1000\$ec1096450c9a4e9e53e1d2b4db4b78ea\L --> FOUND

Klicka på "Delete"-knappen.

 

Starta om datorn.

En till "RKreport.txt" ska då ha skapats på Skrivbordet.

Klistra in dess innehåll i ditt svar.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

RogueKiller V8.1.1 [10/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Lumturije [Admin rights]

Mode : Remove -- Date : 10/04/2012 21:16:46

 

¤¤¤ Bad processes : 6 ¤¤¤

[sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

[sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

[RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

[RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

[RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

[RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 3 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Particular Files / Folders: ¤¤¤

[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U\00000004.@ --> REMOVED

[Del.Parent][FILE] 00000008.@ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U\00000008.@ --> REMOVED

[Del.Parent][FILE] 000000cb.@ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U\000000cb.@ --> REMOVED

[Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U\80000000.@ --> REMOVED

[Del.Parent][FILE] 80000032.@ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U\80000032.@ --> REMOVED

[Del.Parent][FILE] 80000064.@ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U\80000064.@ --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\U --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3622120377-3269129122-1711637881-1000\$ec1096450c9a4e9e53e1d2b4db4b78ea\U --> REMOVED

[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\L\00000004.@ --> REMOVED

[Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\L\201d3dde --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$ec1096450c9a4e9e53e1d2b4db4b78ea\L --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3622120377-3269129122-1711637881-1000\$ec1096450c9a4e9e53e1d2b4db4b78ea\L --> REMOVED

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ Infection : ZeroAccess ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: Hitachi HTS725050A9A364 SATA Disk Device +++++

--- User ---

[MBR] b8e7234df6b07bea25b1ca829b51613c

[bSP] 4041d9ee08e32154eb2297bf130eabc5 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460709 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 943941632 | Size: 15927 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

 

 

 

 

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Det har kommit fram 2 till rkraporter ..

 

 

 

RogueKiller V8.1.1 [10/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Lumturije [Admin rights]

Mode : Scan -- Date : 10/04/2012 21:18:34

 

¤¤¤ Bad processes : 8 ¤¤¤

[sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

[sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

[RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

[RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

[RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

[RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

[RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

[RESIDUE] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: Hitachi HTS725050A9A364 SATA Disk Device +++++

--- User ---

[MBR] b8e7234df6b07bea25b1ca829b51613c

[bSP] 4041d9ee08e32154eb2297bf130eabc5 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460709 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 943941632 | Size: 15927 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[5].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

 

 

 

 

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

RogueKiller V8.1.1 [10/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Lumturije [Admin rights]

Mode : Scan -- Date : 10/04/2012 21:20:07

 

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

[sUSP PATH] bProtect.exe -- C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED] ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

 

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: Hitachi HTS725050A9A364 SATA Disk Device +++++

--- User ---

[MBR] b8e7234df6b07bea25b1ca829b51613c

[bSP] 4041d9ee08e32154eb2297bf130eabc5 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460709 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 943941632 | Size: 15927 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[6].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

RKreport[6].txt

 

 

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Nu ser det ju bra ut i loggen från RogueKiller.

 

Om du har ett USB-minne tillgängligt så blir följande bra:

Ladda ner Farbar Recovery Scan Tool x64 och spara på ett USB-minne.

http://download.bleepingcomputer.com/farbar/FRST64.exe

Helst på en annan dator är den infekterade.

 

Sedan ska du starta om datorn och utan att starta hela Windows få igång en Kommandotolk. Det finns två alternativ att göra detta. Vilket du ska använda beror på om du har en installationsskiva för Windows 7.

 

Alternativ 1 utan Windows-skiva

 

När datorn startar börjar du trycka på F8-tangenten upprepade gånger till sidan "Advanced Boot Options" visas (kan även vara något på svenska) med en meny.

I menyn använder du piltangenterna för att välja "Repair your computer" (Reparera datorn på svenska kanske).

Välj rätt tangentbord och klicka på "Next"/"Nästa".

Välj vilket operativsystem du vill reparera. Om där finns flera så ska du välja det som är det infekterade Windows. Klicka på "Next"/"Nästa".

Välj ditt användarkonto och klicka på "Next"/"Nästa".

 

Alternativ 2 med Windows-skiva

 

Stoppa i installationsskivan.

Starta datorn.

När det kommer upp en fråga om du vill starta datorn från installationsskivan så tryck på någon tangent.

Om frågan inte kommer upp utan datorn startas från hårddisken som vanligt, behöver du ändra en BIOS-inställning för att starta från skivan.

När menyn på installationsskivan kommer upp klicka på "Repair your computer" (Reparera datorn på svenska kanske).

Välj rätt tangentbord och klicka på "Next"/"Nästa".

Välj vilket operativsystem du vill reparera. Om där finns flera så ska du välja det som är det infekterade Windows. Klicka på "Next"/"Nästa".

Välj ditt användarkonto och klicka på "Next"/"Nästa".

 

För båda alternativen

Nu visas menyn "System Recovery Options" (kanske Systemåterställningsalternativ på svenska).

Den börjar med "Startup Repair" och avslutas med "Command Prompt" (Kommandotolken).

 

Välj Kommandotolken.

Skriv in:

notepad

Tryck på Enter-tangenten.

 

Programmet Anteckningar startas.

Välj: Arkiv - Öppna

Välj: Dator

Leta upp ditt USB-minne och skriv upp vilken enhetsbokstav det har, t ex g:.

Stäng Anteckningar.

 

I Kommandotolken skriver du in:

g:\frst64.exe

men ersätt g med enhetsbokstaven USB-minnet har.

 

Programmet frst börjar köra.

Läs villkoren för programmet.

Klicka på Yes för att acceptera.

Klicka på Scan-knappen.

När det är klart kommer det att ha skapats en log FRST.txt på USB-minnet.

Kopiera innehållet i loggen och klistra in i ditt svar.

 

För att starta Windows igen (om du inte kan använda en annan dator) så tar du ut installationsskivan, stänger av datorn och sätter på den igen.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Hej Cecilia

 

Vilken otur jag har, den andra datorn kronglar nu , när jag skulle starta den då kommer blå skärm med massa sifror . Startar inte helt enkelt .. Min fråga er om det går bra att göra detta som du säger i den infekterade datorn

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2012

Ran by SYSTEM at 15-10-2012 00:52:03

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

 

==================== Registry (Whitelisted) ===================

 

HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp [20451592 2010-03-10] (Motorola, Inc.)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6234144 2010-03-13] (Realtek Semiconductor)

HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)

HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-04-24] (Sun Microsystems, Inc.)

HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-01-27] (Hewlett-Packard)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)

HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-03-29] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED [3331944 2009-12-03] (Symantec Corporation)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-01-25] (EasyBits Software AS)

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)

HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()

HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()

HKU\Lumturije\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()

HKU\Lumturije\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-02-22] (Hewlett-Packard Company)

HKU\Lumturije\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\Lumturije\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe -update activex [690096 2012-10-02] (Adobe Systems Incorporated)

HKU\Lumturije\...\Policies\system: [DisableLockWorkstation] 0

HKU\Lumturije\...\Policies\system: [DisableChangePassword] 0

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk

ShortcutTarget: BankID säkerhetsprogram.lnk -> C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB)

 

==================== Services (Whitelisted) ===================

 

2 bProtector; C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe [1441784 2012-05-06] (bProtector)

2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()

2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [346976 2011-03-14] ()

2 IBUpdaterService; "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [396088 2012-05-06] ()

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) =====================

 

3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [40960 2010-03-01] (Motorola, Inc.)

3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2011-12-29] (Huawei Technologies Co., Ltd.)

3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]

 

==================== NetSvcs (Whitelisted) ====================

 

 

==================== One Month Created Files and Folders ========

 

2012-10-14 14:42 - 2012-10-14 14:42 - 00000000 ____D C:\FRST

2012-10-14 14:33 - 2012-10-14 14:33 - 01456929 ____A (Farbar) C:\Users\Lumturije\Downloads\FRST64.exe

2012-10-11 03:19 - 2012-10-11 18:17 - 00000000 ____D C:\Users\Lumturije\AppData\Local\{6AF4C458-DF7B-42C3-AFDA-CE4537C58B70}

2012-10-09 15:34 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2012-10-09 15:33 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-10-09 15:33 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-10-09 15:33 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-10-09 15:33 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-10-09 15:33 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-10-09 15:33 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-10-09 15:33 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-10-09 15:33 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-10-09 15:33 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-10-09 15:33 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-10-09 15:33 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-10-09 15:33 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-10-09 15:33 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-10-09 15:33 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-10-09 15:33 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-10-09 15:33 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-10-09 15:33 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-10-09 15:33 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-09 15:33 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2012-10-09 15:32 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-10-09 15:32 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-10-09 15:32 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-10-09 15:32 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-10-09 15:32 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2012-10-09 15:32 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2012-10-09 15:32 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-10-09 15:32 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-10-09 15:32 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-10-09 15:32 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-10-09 15:31 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-10-09 15:31 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2012-10-07 09:57 - 2012-10-07 09:57 - 00000000 ____D C:\Users\Lumturije\AppData\Local\{D87CE8C4-75D4-49A0-996A-E5249E703121}

2012-10-05 12:01 - 2012-10-05 12:01 - 00000000 ____D C:\Users\Lumturije\AppData\Local\{3DCD074D-822E-400B-A833-F4E4463F3F70}

2012-10-04 11:20 - 2012-10-04 11:20 - 00001640 ____A C:\Users\Lumturije\Desktop\RKreport[6].txt

2012-10-04 11:18 - 2012-10-04 11:18 - 00002274 ____A C:\Users\Lumturije\Desktop\RKreport[5].txt

2012-10-04 11:18 - 2012-10-04 11:18 - 00002256 ____A C:\Users\Lumturije\Desktop\RKreport[4].txt

2012-10-04 11:16 - 2012-10-04 11:16 - 00003737 ____A C:\Users\Lumturije\Desktop\RKreport[3].txt

2012-10-04 11:14 - 2012-10-04 11:14 - 00002606 ____A C:\Users\Lumturije\Desktop\RKreport[2].txt

2012-10-04 05:58 - 2012-10-04 05:58 - 00002560 ____A C:\Users\Lumturije\Desktop\RKreport[1].txt

2012-10-04 05:55 - 2012-10-04 11:16 - 00000000 ____D C:\Users\Lumturije\Desktop\RK_Quarantine

2012-10-04 05:55 - 2012-10-04 05:55 - 01422336 ____A C:\Users\Lumturije\Desktop\RogueKiller.exe

2012-10-04 04:49 - 2012-10-04 04:49 - 00078758 ____A C:\Users\Lumturije\Desktop\OTL.Txt

2012-10-03 16:50 - 2012-10-03 16:50 - 00601088 ____A (OldTimer Tools) C:\Users\Lumturije\Desktop\OTL.exe

2012-10-03 05:18 - 2012-10-03 05:18 - 00021552 ____A C:\ComboFix.txt

2012-10-02 04:37 - 2012-10-02 04:37 - 00001974 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2012-09-29 03:33 - 2012-09-29 03:32 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-09-29 03:33 - 2012-09-29 03:32 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-09-29 03:32 - 2012-09-29 03:32 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-09-29 03:32 - 2012-09-29 03:32 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-09-29 03:32 - 2012-09-29 03:32 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2012-09-28 09:44 - 2012-09-28 09:44 - 00000785 ____A C:\Users\Lumturije\Documents\eset online.txt

2012-09-28 06:16 - 2012-09-28 06:16 - 00000000 ____D C:\Program Files (x86)\ESET

2012-09-28 06:04 - 2012-09-28 06:20 - 00000000 ___HD C:\Windows\AxInstSV

2012-09-27 11:55 - 2012-09-27 11:55 - 00001193 ____A C:\Users\Lumturije\Desktop\ComboFix - genväg.lnk

2012-09-26 17:52 - 2012-09-26 17:53 - 00000000 ____D C:\Users\Lumturije\AppData\Local\{913A01DA-6095-4AD9-B94A-E5B6FC06762E}

2012-09-26 05:14 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-09-26 05:14 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-09-26 05:14 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-09-26 05:14 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-09-26 05:14 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-09-26 05:14 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-09-26 05:14 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-09-26 05:14 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-09-26 05:13 - 2012-10-03 05:18 - 00000000 ____D C:\Qoobox

2012-09-26 05:12 - 2012-09-27 12:12 - 00000000 ____D C:\Windows\erdnt

2012-09-26 05:10 - 2012-09-26 05:11 - 04756346 ____A (Swearware) C:\Users\Lumturije\Downloads\ComboFix (1).exe

2012-09-26 05:09 - 2012-10-02 04:38 - 04759935 ____R (Swearware) C:\Users\Lumturije\Downloads\ComboFix.exe

2012-09-26 03:55 - 2012-09-26 03:56 - 00607260 ____R (Swearware) C:\Users\Lumturije\Downloads\dds.com

2012-09-26 03:44 - 2012-09-26 03:45 - 00607260 ____R (Swearware) C:\Users\Lumturije\Downloads\dds (1).scr

2012-09-26 03:31 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe

2012-09-26 03:26 - 2012-09-26 03:26 - 00000000 ____D C:\Users\Lumturije\AppData\Local\{FEFAB95E-6196-432C-9A52-A83CD77F0C72}

2012-09-25 17:43 - 2012-09-25 17:43 - 00000000 ____D C:\_OTL

2012-09-25 17:23 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-09-25 17:23 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-09-25 17:23 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-09-25 17:23 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-09-25 17:22 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-09-25 17:22 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-09-25 17:22 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-09-25 17:22 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-09-25 17:22 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-09-25 17:22 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-09-25 17:22 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-09-25 17:22 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-09-25 17:22 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-09-25 17:22 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-09-25 17:22 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-09-25 17:22 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-09-25 17:22 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-09-25 17:22 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-09-25 17:22 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-09-25 17:22 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-09-25 17:22 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-09-25 17:22 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-09-25 17:22 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-09-25 17:22 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-09-25 17:22 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-09-25 17:22 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-09-25 17:22 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-09-25 17:22 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-09-25 17:22 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-09-25 17:22 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-09-25 17:22 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-09-25 17:22 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-09-25 10:42 - 2012-09-25 10:42 - 00139264 ____A C:\Users\Lumturije\Downloads\SystemLook (1).exe

2012-09-25 10:40 - 2012-09-25 10:40 - 00139264 ____A C:\Users\Lumturije\Downloads\SystemLook.exe

2012-09-25 10:36 - 2012-09-25 10:36 - 00607260 ____R (Swearware) C:\Users\Lumturije\Downloads\dds.scr

2012-09-25 05:43 - 2012-10-11 04:29 - 00002514 ____A C:\Users\Lumturije\Desktop\Google Chrome.lnk

2012-09-25 05:41 - 2012-10-14 14:23 - 00001020 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000UA.job

2012-09-25 05:41 - 2012-10-12 09:51 - 00000968 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000Core.job

2012-09-25 05:41 - 2012-09-25 05:43 - 00000000 ____D C:\Users\Lumturije\AppData\Local\Google

2012-09-25 05:41 - 2012-09-25 05:41 - 00000000 ____D C:\Users\Lumturije\AppData\Local\Deployment

2012-09-25 05:41 - 2012-09-25 05:41 - 00000000 ____D C:\Users\Lumturije\AppData\Local\Apps\2.0

2012-09-24 17:30 - 2012-09-24 17:32 - 00075190 ____A C:\Users\All Users\fhfewfrhrfyolwk

2012-09-23 04:50 - 2012-09-23 04:50 - 00000000 ____D C:\Users\Lumturije\AppData\Local\{0107D964-9FC3-4383-BCF0-D3E5C1A79B65}

2012-09-20 11:18 - 2012-09-20 11:18 - 00000000 ____D C:\Users\Lumturije\AppData\Roaming\Frolundadata

2012-09-20 11:17 - 2012-09-20 11:17 - 00000000 ____D C:\ljudfiler

2012-09-20 11:17 - 2012-09-20 11:17 - 00000000 ____D C:\bin

2012-09-20 11:17 - 2012-09-20 11:16 - 00000931 ____A C:\Windows\VIXUNIN.EXE.manifest

2012-09-20 11:16 - 2012-09-20 11:38 - 00000000 ____D C:\Users\Lumturije\Desktop\Talande T

2012-09-20 11:13 - 2012-09-20 11:13 - 00000000 ____D C:\Users\Lumturije\Application Data\Acapela Group

2012-09-20 11:07 - 2012-09-20 11:07 - 00000000 ____D C:\Users\Lumturije\AppData\Roaming\Oribi

2012-09-20 11:07 - 2012-09-20 11:07 - 00000000 ____D C:\Users\All Users\Oribi

2012-09-20 11:06 - 2012-09-20 11:06 - 00000047 ____A C:\Windows\Wivox.ini

2012-09-20 11:05 - 2012-09-20 11:06 - 00000000 ____D C:\Program Files (x86)\SpellRight

2012-09-20 11:05 - 2012-09-20 11:05 - 00001835 ____A C:\Users\Public\Desktop\SpellRight.lnk

2012-09-20 11:05 - 2012-04-13 03:44 - 02562048 ____A C:\Windows\SysWOW64\sre32rx.dll

2012-09-20 11:05 - 2012-03-12 22:58 - 01479600 ____A (Chant Inc.) C:\Windows\SysWOW64\CSpeechKit.dll

2012-09-20 11:05 - 2011-01-21 14:21 - 00797184 ____A (Antony Lewis) C:\Windows\SysWOW64\WWDevCOM3.dll

2012-09-20 10:26 - 2012-09-20 10:26 - 00000000 ____D C:\Users\Lumturije\AppData\Local\ScanDis

2012-09-20 10:25 - 2012-09-20 10:35 - 00002769 ____A C:\Users\Public\Desktop\ViTal.lnk

2012-09-20 10:24 - 2012-09-20 10:24 - 00000000 ____D C:\Program Files (x86)\ScanDis

2012-09-20 10:17 - 2012-09-25 14:25 - 00000000 ____D C:\ScanDis.Lic

2012-09-20 10:06 - 2012-09-20 10:26 - 00000022 ____A C:\Users\Lumturije\Desktop\talande tangentbord.zip

2012-09-17 17:26 - 2012-09-17 17:27 - 00002482 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk

2012-09-17 17:26 - 2012-09-17 17:26 - 00000000 ____D C:\Users\Lumturije\AppData\Roaming\WildTangent

2012-09-17 17:25 - 2012-09-17 17:26 - 00000000 ____D C:\Program Files (x86)\WildTangent Games

2012-09-16 12:09 - 2012-09-17 04:55 - 00000000 ____D C:\Users\Lumturije\AppData\Local\{CAB15724-2542-4EC1-9A58-498ADDC651F0}

 

==================== 3 Months Modified Files ==================

 

2012-10-14 14:43 - 2011-06-12 05:25 - 00262144 ____A C:\Windows\System32\Ikeext.etl

2012-10-14 14:43 - 2010-07-15 08:11 - 02039353 ____A C:\Windows\WindowsUpdate.log

2012-10-14 14:33 - 2012-10-14 14:33 - 01456929 ____A (Farbar) C:\Users\Lumturije\Downloads\FRST64.exe

2012-10-14 14:25 - 2009-07-13 20:51 - 00108348 ____A C:\Windows\setupact.log

2012-10-14 14:23 - 2012-09-25 05:41 - 00001020 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000UA.job

2012-10-13 12:21 - 2012-09-08 13:10 - 00000348 ____A C:\Windows\Tasks\HPCeeScheduleForLumturije.job

2012-10-13 12:20 - 2011-02-27 12:41 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2012-10-13 09:01 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-10-13 09:01 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-10-12 09:51 - 2012-09-25 05:41 - 00000968 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3622120377-3269129122-1711637881-1000Core.job

2012-10-11 04:29 - 2012-09-25 05:43 - 00002514 ____A C:\Users\Lumturije\Desktop\Google Chrome.lnk

2012-10-11 03:16 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-10-09 21:53 - 2011-02-27 17:16 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-10-04 11:20 - 2012-10-04 11:20 - 00001640 ____A C:\Users\Lumturije\Desktop\RKreport[6].txt

2012-10-04 11:18 - 2012-10-04 11:18 - 00002274 ____A C:\Users\Lumturije\Desktop\RKreport[5].txt

2012-10-04 11:18 - 2012-10-04 11:18 - 00002256 ____A C:\Users\Lumturije\Desktop\RKreport[4].txt

2012-10-04 11:16 - 2012-10-04 11:16 - 00003737 ____A C:\Users\Lumturije\Desktop\RKreport[3].txt

2012-10-04 11:14 - 2012-10-04 11:14 - 00002606 ____A C:\Users\Lumturije\Desktop\RKreport[2].txt

2012-10-04 05:58 - 2012-10-04 05:58 - 00002560 ____A C:\Users\Lumturije\Desktop\RKreport[1].txt

2012-10-04 05:55 - 2012-10-04 05:55 - 01422336 ____A C:\Users\Lumturije\Desktop\RogueKiller.exe

2012-10-04 04:49 - 2012-10-04 04:49 - 00078758 ____A C:\Users\Lumturije\Desktop\OTL.Txt

2012-10-03 16:50 - 2012-10-03 16:50 - 00601088 ____A (OldTimer Tools) C:\Users\Lumturije\Desktop\OTL.exe

2012-10-03 05:18 - 2012-10-03 05:18 - 00021552 ____A C:\ComboFix.txt

2012-10-03 05:12 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-10-03 04:53 - 2011-02-27 12:51 - 00392056 ____A C:\Windows\PFRO.log

2012-10-02 04:38 - 2012-09-26 05:09 - 04759935 ____R (Swearware) C:\Users\Lumturije\Downloads\ComboFix.exe

2012-10-02 04:37 - 2012-10-02 04:37 - 00001974 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2012-10-02 04:35 - 2012-05-01 15:33 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-10-02 04:35 - 2011-07-30 09:00 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-09-29 03:32 - 2012-09-29 03:33 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2012-09-29 03:32 - 2012-09-29 03:33 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2012-09-29 03:32 - 2012-09-29 03:32 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2012-09-29 03:32 - 2012-09-29 03:32 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2012-09-29 03:32 - 2012-09-29 03:32 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2012-09-28 09:44 - 2012-09-28 09:44 - 00000785 ____A C:\Users\Lumturije\Documents\eset online.txt

2012-09-27 11:55 - 2012-09-27 11:55 - 00001193 ____A C:\Users\Lumturije\Desktop\ComboFix - genväg.lnk

2012-09-26 17:26 - 2011-02-27 13:42 - 00002155 ____A C:\Windows\epplauncher.mif

2012-09-26 17:26 - 2010-04-24 18:18 - 00638672 ____A C:\Windows\System32\perfh01D.dat

2012-09-26 17:26 - 2010-04-24 18:18 - 00128552 ____A C:\Windows\System32\perfc01D.dat

2012-09-26 05:11 - 2012-09-26 05:10 - 04756346 ____A (Swearware) C:\Users\Lumturije\Downloads\ComboFix (1).exe

2012-09-26 03:56 - 2012-09-26 03:55 - 00607260 ____R (Swearware) C:\Users\Lumturije\Downloads\dds.com

2012-09-26 03:45 - 2012-09-26 03:44 - 00607260 ____R (Swearware) C:\Users\Lumturije\Downloads\dds (1).scr

2012-09-25 10:42 - 2012-09-25 10:42 - 00139264 ____A C:\Users\Lumturije\Downloads\SystemLook (1).exe

2012-09-25 10:40 - 2012-09-25 10:40 - 00139264 ____A C:\Users\Lumturije\Downloads\SystemLook.exe

2012-09-25 10:36 - 2012-09-25 10:36 - 00607260 ____R (Swearware) C:\Users\Lumturije\Downloads\dds.scr

2012-09-24 17:32 - 2012-09-24 17:30 - 00075190 ____A C:\Users\All Users\fhfewfrhrfyolwk

2012-09-20 11:16 - 2012-09-20 11:17 - 00000931 ____A C:\Windows\VIXUNIN.EXE.manifest

2012-09-20 11:16 - 2007-06-25 10:37 - 00225280 ____A (SamLogic) C:\Windows\VIXUNIN.EXE

2012-09-20 11:06 - 2012-09-20 11:06 - 00000047 ____A C:\Windows\Wivox.ini

2012-09-20 11:05 - 2012-09-20 11:05 - 00001835 ____A C:\Users\Public\Desktop\SpellRight.lnk

2012-09-20 10:35 - 2012-09-20 10:25 - 00002769 ____A C:\Users\Public\Desktop\ViTal.lnk

2012-09-20 10:26 - 2012-09-20 10:06 - 00000022 ____A C:\Users\Lumturije\Desktop\talande tangentbord.zip

2012-09-17 17:27 - 2012-09-17 17:26 - 00002482 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk

2012-09-15 23:36 - 2009-07-13 21:13 - 01526406 ____A C:\Windows\System32\PerfStringBackup.INI

2012-09-14 11:19 - 2012-10-09 15:32 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll

2012-09-14 10:28 - 2012-10-09 15:32 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2012-09-05 01:26 - 2012-09-05 01:26 - 00065479 ____A C:\Users\Lumturije\Documents\storstäd råsta.xlsx

2012-09-05 01:22 - 2012-09-04 16:42 - 00021267 ____A C:\Users\Lumturije\Documents\veckorapport råsta.xlsx

2012-08-31 10:19 - 2012-10-09 15:34 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2012-08-30 12:03 - 2012-08-30 12:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys

2012-08-30 12:03 - 2012-03-20 10:44 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys

2012-08-30 10:03 - 2012-10-09 15:33 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-08-30 09:12 - 2012-10-09 15:33 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-08-30 09:12 - 2012-10-09 15:33 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-08-24 10:05 - 2012-10-09 15:32 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-08-24 08:57 - 2012-10-09 15:32 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2012-08-24 03:15 - 2012-09-25 17:22 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-24 02:39 - 2012-09-25 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-24 02:31 - 2012-09-25 17:22 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-24 02:22 - 2012-09-25 17:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-24 02:21 - 2012-09-25 17:22 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-24 02:20 - 2012-09-25 17:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-24 02:18 - 2012-09-25 17:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-24 02:17 - 2012-09-25 17:22 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-24 02:14 - 2012-09-25 17:22 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-24 02:14 - 2012-09-25 17:22 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-24 02:13 - 2012-09-25 17:22 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-08-24 02:12 - 2012-09-25 17:22 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-24 02:11 - 2012-09-25 17:22 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-24 02:10 - 2012-09-25 17:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-24 02:09 - 2012-09-25 17:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-24 02:04 - 2012-09-25 17:22 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-08-23 23:27 - 2012-09-25 17:22 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-08-23 23:03 - 2012-09-25 17:22 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-08-23 22:59 - 2012-09-25 17:22 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-08-23 22:51 - 2012-09-25 17:22 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-08-23 22:51 - 2012-09-25 17:22 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-08-23 22:51 - 2012-09-25 17:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-08-23 22:49 - 2012-09-25 17:22 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-08-23 22:48 - 2012-09-25 17:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-08-23 22:47 - 2012-09-25 17:22 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-08-23 22:47 - 2012-09-25 17:22 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-08-23 22:47 - 2012-09-25 17:22 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-08-23 22:45 - 2012-09-25 17:22 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-08-23 22:44 - 2012-09-25 17:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-08-23 22:44 - 2012-09-25 17:22 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-08-23 22:43 - 2012-09-25 17:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-08-23 22:40 - 2012-09-25 17:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-08-22 10:12 - 2012-09-14 06:44 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-08-22 10:12 - 2012-09-14 06:44 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

2012-08-22 10:12 - 2012-09-14 06:44 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys

2012-08-22 10:12 - 2012-09-14 06:44 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS

2012-08-22 05:34 - 2012-08-22 05:34 - 00001139 ____A C:\Users\Public\Desktop\Telia mobile broadband.lnk

2012-08-22 05:11 - 2012-08-22 05:11 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2012-08-21 13:01 - 2012-09-26 03:31 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe

2012-08-20 10:48 - 2012-10-09 15:33 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

2012-08-20 10:48 - 2012-10-09 15:33 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll

2012-08-20 10:48 - 2012-10-09 15:33 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll

2012-08-20 10:48 - 2012-10-09 15:33 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll

2012-08-20 10:48 - 2012-10-09 15:33 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll

2012-08-20 10:48 - 2012-10-09 15:33 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll

2012-08-20 10:48 - 2012-10-09 15:33 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll

2012-08-20 10:46 - 2012-10-09 15:33 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe

2012-08-20 10:38 - 2012-10-09 15:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 10:38 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 09:40 - 2012-10-09 15:33 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2012-08-20 09:38 - 2012-10-09 15:33 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2012-08-20 09:37 - 2012-10-09 15:33 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2012-08-20 09:37 - 2012-10-09 15:33 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2012-08-20 09:37 - 2012-10-09 15:33 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 09:32 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2012-08-20 07:38 - 2012-10-09 15:33 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2012-08-20 07:38 - 2012-10-09 15:33 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2012-08-20 07:33 - 2012-10-09 15:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 07:33 - 2012-10-09 15:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 07:33 - 2012-10-09 15:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 07:33 - 2012-10-09 15:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2012-08-15 17:34 - 2009-07-13 20:45 - 00436680 ____A C:\Windows\System32\FNTCACHE.DAT

2012-08-10 16:56 - 2012-10-09 15:32 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll

2012-08-10 15:56 - 2012-10-09 15:32 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2012-08-08 11:43 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini

2012-08-08 11:14 - 2012-08-08 11:14 - 00275288 ____A C:\Windows\Minidump\080812-29624-01.dmp

2012-08-08 11:14 - 2011-03-12 08:25 - 495862033 ____A C:\Windows\MEMORY.DMP

2012-08-02 09:58 - 2012-09-14 06:44 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll

2012-08-02 08:57 - 2012-09-14 06:44 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2012-07-18 10:15 - 2012-08-15 12:20 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

 

==================== Known DLLs (Whitelisted) =================

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points =========================

 

Restore point made on: 2012-09-20 10:23:56

Restore point made on: 2012-09-23 04:27:36

Restore point made on: 2012-09-25 05:14:20

Restore point made on: 2012-09-25 17:22:20

Restore point made on: 2012-09-26 17:24:19

Restore point made on: 2012-09-29 03:32:08

Restore point made on: 2012-10-01 03:49:09

Restore point made on: 2012-10-03 04:26:26

Restore point made on: 2012-10-04 06:01:15

Restore point made on: 2012-10-07 10:18:44

Restore point made on: 2012-10-09 21:43:25

Restore point made on: 2012-10-13 12:19:47

 

==================== Memory info ===========================

 

Percentage of memory in use: 19%

Total physical RAM: 3834.9 MB

Available physical RAM: 3095.72 MB

Total Pagefile: 3833.05 MB

Available Pagefile: 3089.35 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

 

==================== Partitions =============================

 

1 Drive c: () (Fixed) (Total:449.91 GB) (Free:382.74 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive e: (RECOVERY) (Fixed) (Total:15.55 GB) (Free:2.24 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32

5 Drive h: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

Disk nr Status Storlek Ledigt Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk nr 0 Online 465 G B 0 B

Disk nr 1 Online 3819 M B 0 B

 

 

Partitions of Disk 0:

===============

 

Disk 0 „r nu den valda disken.

 

Partitionsnr Typ Storlek Start

------------- ---------------- ------- -------

Partitionsnr 1 Prim„r 199 M 1024 K

Partitionsnr 2 Prim„r 449 G 200 M

Partitionsnr 3 Prim„r 15 G 450 G

Partitionsnr 4 Prim„r 103 M 465 G

 

==================================================================================

 

Disk: 0

Disk 0 „r nu den valda disken.

 

Partition 1 „r nu den valda partitionen.

 

Partition 1

Typ : 07

Dold : Nej

Aktiv : Ja

Offset i byte: 1048576

 

Volymnr Enh Etikett Fils. Typ Storlek Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volymnr 1 Y SYSTEM NTFS Partition 199 M Felfri

 

=========================================================

 

Disk: 0

Disk 0 „r nu den valda disken.

 

Partition 2 „r nu den valda partitionen.

 

Partition 2

Typ : 07

Dold : Nej

Aktiv : Nej

Offset i byte: 209715200

 

Volymnr Enh Etikett Fils. Typ Storlek Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volymnr 2 C NTFS Partition 449 G Felfri

 

=========================================================

 

Disk: 0

Disk 0 „r nu den valda disken.

 

Partition 3 „r nu den valda partitionen.

 

Partition 3

Typ : 07

Dold : Nej

Aktiv : Nej

Offset i byte: 483298115584

 

Volymnr Enh Etikett Fils. Typ Storlek Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volymnr 3 E RECOVERY NTFS Partition 15 G Felfri

 

=========================================================

 

Disk: 0

Disk 0 „r nu den valda disken.

 

Partition 4 „r nu den valda partitionen.

 

Partition 4

Typ : 0C

Dold : Nej

Aktiv : Nej

Offset i byte: 499998785536

 

Volymnr Enh Etikett Fils. Typ Storlek Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volymnr 4 F HP_TOOLS FAT32 Partition 103 M Felfri

 

=========================================================

 

Partitions of Disk 1:

===============

 

Disk 1 „r nu den valda disken.

 

Partitionsnr Typ Storlek Start

------------- ---------------- ------- -------

Partitionsnr 1 Prim„r 3818 M 16 K

 

==================================================================================

 

Disk: 1

Disk 1 „r nu den valda disken.

 

Partition 1 „r nu den valda partitionen.

 

Partition 1

Typ : 0B

Dold : Nej

Aktiv : Nej

Offset i byte: 16384

 

Volymnr Enh Etikett Fils. Typ Storlek Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volymnr 5 H FAT32 Flyttbar 3818 M Felfri

 

=========================================================

 

Last Boot: 2012-10-01 16:03

 

==================== End Of Log =============================

 

 

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Helst på en annan dator

Starta Anteckningar.

Kopiera alla rader i rutan:

2012-09-24 17:30 - 2012-09-24 17:32 - 00075190 ____A C:\Users\All Users\fhfewfrhrfyolwk

2 bProtector; C:\ProgramData\bProtectorForWindows\2.0.392.106\bProtect.exe [1441784 2012-05-06] (bProtector)

2 IBUpdaterService; "C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE [396088 2012-05-06] ()

[\code]

och klistra in i Anteckningar. Kontrollera att inga filer har delats upp på två rader.

Spara filen på USB-minnet med namnet fixlist.txt.

 

[b] På den infekterade datorn från "System Recovery Options"[/b]

Starta FRST (32-bitars Windows) resp. FRST64 (64-bitars Windows) på samma sätt som sist.

Klicka på knappen Fix.

Vänta tills programmet är klart.

 

Programmet skapar en logg Fixlog.txt på USB-minnet.

Klistra in innehållet i den i ditt svar.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Min dator är blokerad just nu .. det kommer en medelande ,det står polisen enheten för dator brott . Behöver hjälp

 

En rekommendation för andra som får liknande problem är att först prova Systemåterställning vilket faktiskt är väldigt enkelt och inte alls lika tidskrävande.

Systemåterställning återställer datorns systemfiler till en tidigare tidpunkt innan datorvirus infekterade systemet och på det sättet tar du bort viruset utan att påverka de privata filer och dokument i datorn.

 

Hjälper inte det, först då kan det vara bra att prova nånting annat mer komplicerat och mer tidskrävande.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
En rekommendation för andra som får liknande problem är att först prova Systemåterställning vilket faktiskt är väldigt enkelt och inte alls lika tidskrävande.

Systemåterställning återställer datorns systemfiler till en tidigare tidpunkt innan datorvirus infekterade systemet och på det sättet tar du bort viruset utan att påverka de privata filer och dokument i datorn.

Det finns en annan pågående tråd där trådskaparen gjorde just det. För trådskaparen ser allt normalt ut men när man tittar djupare i datorn så är den inte helt återställd från infektionen, dvs systemåterställningen fixade en del men inte allt, och det var ändå en dator med Windows 7. I tidigare Windows-versioner är systemåterställningen ändå sämre. Man kan absolut inte vara säker på att en rootkit-infektion är borta efter en systemåterställning.

 

Dessutom behövs förstås en undersökning av datorn för att täppa till de säkerhetshål som skadliga webbsidor utnyttjar för att ta sig in så att inte samma sak händer igen.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...