Sensorium Skrevet 6. mai 2012 Del Skrevet 6. mai 2012 Hei! jeg håper på å få noe hjelp her, det hadde vært supert. Jeg fikk plutselig en melding der det sto "System error. Hard disk failure detected", det kom opp flere "advarsler" av alle typrer, det var mulighet å velge "scan and repair" eller "scan later". Bakgrunnsbildet ble borte og nesten alle mappene og filene på skirvebordet ble borte. Jeg skrudde av datamaskinen, dette på grunn av at min bror fattet mistanke siden teksten sto på engelsk. Jeg gikk så innpå sikkerhetsmodus, der fant vi at flere mapper var skjulte. Først prøvde jeg AVG som fant ingenting Så prøvde jeg meg på en guide på internett og lastet ned først rkill og så TDSSKILLER (ga nytt navn til iexplore) , som ikke fant noe. Mens Malwarebytes fant to ting som kunne være virus. Jeg trykket på å fjerne dette. Men jeg er ikke sikker på om viruset er borte, er også redd for at datamaskinens innhold forsvinner, som jeg ikke har tatt sikkerhetskopi av.. Jeg er nå inne på sikkerhetsmodus. Jeg legger ved logger i håp at noen kan hjelpe meg/ eller gi forslag. Dette er fra rkill This log file is located at C:\rkill.log.Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 06.05.2012 at 1:01:40. Operating System: Windows 7 Home Premium Processes terminated by Rkill or while it was running: C:\Windows\SysWOW64\rundll32.exe Rkill completed on 06.05.2012 at 1:01:44. Denne er fra TDSSKILLER 01:09:53.0647 1472 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:1801:09:53.0912 1472 ============================================================ 01:09:53.0912 1472 Current date / time: 2012/05/06 01:09:53.0912 01:09:53.0912 1472 SystemInfo: 01:09:53.0912 1472 01:09:53.0912 1472 OS Version: 6.1.7601 ServicePack: 1.0 01:09:53.0912 1472 Product type: Workstation 01:09:53.0912 1472 ComputerName: Anon-PC 01:09:53.0912 1472 UserName: Anon 01:09:53.0912 1472 Windows directory: C:\Windows 01:09:53.0912 1472 System windows directory: C:\Windows 01:09:53.0912 1472 Running under WOW64 01:09:53.0912 1472 Processor architecture: Intel x64 01:09:53.0912 1472 Number of processors: 2 01:09:53.0912 1472 Page size: 0x1000 01:09:53.0912 1472 Boot type: Safe boot with network 01:09:53.0912 1472 ============================================================ 01:09:54.0708 1472 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 01:09:54.0708 1472 ============================================================ 01:09:54.0708 1472 \Device\Harddisk0\DR0: 01:09:54.0708 1472 MBR partitions: 01:09:54.0708 1472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000 01:09:54.0708 1472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x38BE3030 01:09:54.0708 1472 ============================================================ 01:09:54.0739 1472 C: <-> \Device\Harddisk0\DR0\Partition1 01:09:54.0739 1472 ============================================================ 01:09:54.0739 1472 Initialize success 01:09:54.0739 1472 ============================================================ 01:10:03.0241 1904 ============================================================ 01:10:03.0241 1904 Scan started 01:10:03.0241 1904 Mode: Manual; 01:10:03.0241 1904 ============================================================ 01:10:03.0896 1904 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 01:10:03.0912 1904 1394ohci - ok 01:10:04.0037 1904 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 01:10:04.0052 1904 ACPI - ok 01:10:04.0115 1904 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 01:10:04.0115 1904 AcpiPmi - ok 01:10:04.0271 1904 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 01:10:04.0271 1904 AdobeARMservice - ok 01:10:04.0349 1904 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 01:10:04.0364 1904 adp94xx - ok 01:10:04.0395 1904 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 01:10:04.0411 1904 adpahci - ok 01:10:04.0473 1904 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 01:10:04.0473 1904 adpu320 - ok 01:10:04.0520 1904 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 01:10:04.0551 1904 AeLookupSvc - ok 01:10:04.0645 1904 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 01:10:04.0645 1904 AFD - ok 01:10:04.0723 1904 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 01:10:04.0723 1904 agp440 - ok 01:10:04.0770 1904 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 01:10:04.0770 1904 ALG - ok 01:10:04.0863 1904 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 01:10:04.0863 1904 aliide - ok 01:10:04.0941 1904 AMD External Events Utility (16d2883ea6296333435df0c8b7d164b8) C:\Windows\system32\atiesrxx.exe 01:10:04.0957 1904 AMD External Events Utility - ok 01:10:05.0019 1904 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 01:10:05.0019 1904 amdide - ok 01:10:05.0066 1904 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 01:10:05.0066 1904 AmdK8 - ok 01:10:05.0487 1904 amdkmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atipmdag.sys 01:10:05.0628 1904 amdkmdag - ok 01:10:05.0737 1904 amdkmdap (95fdd2d085013d34bc27daa5e900ed86) C:\Windows\system32\DRIVERS\atikmpag.sys 01:10:05.0737 1904 amdkmdap - ok 01:10:05.0768 1904 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 01:10:05.0768 1904 AmdPPM - ok 01:10:05.0815 1904 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 01:10:05.0815 1904 amdsata - ok 01:10:05.0846 1904 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 01:10:05.0862 1904 amdsbs - ok 01:10:05.0924 1904 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 01:10:05.0924 1904 amdxata - ok 01:10:06.0002 1904 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 01:10:06.0002 1904 AppID - ok 01:10:06.0033 1904 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 01:10:06.0033 1904 AppIDSvc - ok 01:10:06.0096 1904 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 01:10:06.0096 1904 Appinfo - ok 01:10:06.0158 1904 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 01:10:06.0158 1904 arc - ok 01:10:06.0158 1904 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 01:10:06.0174 1904 arcsas - ok 01:10:06.0189 1904 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 01:10:06.0189 1904 AsyncMac - ok 01:10:06.0252 1904 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 01:10:06.0252 1904 atapi - ok 01:10:06.0533 1904 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys 01:10:06.0689 1904 atikmdag - ok 01:10:06.0845 1904 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 01:10:06.0860 1904 AudioEndpointBuilder - ok 01:10:06.0876 1904 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 01:10:06.0876 1904 AudioSrv - ok 01:10:07.0032 1904 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe 01:10:07.0032 1904 AVG Security Toolbar Service - ok 01:10:07.0391 1904 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe 01:10:07.0578 1904 AVGIDSAgent - ok 01:10:07.0703 1904 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 01:10:07.0718 1904 AVGIDSDriver - ok 01:10:07.0765 1904 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 01:10:07.0765 1904 AVGIDSEH - ok 01:10:07.0796 1904 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 01:10:07.0796 1904 AVGIDSFilter - ok 01:10:07.0859 1904 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys 01:10:07.0859 1904 Avgldx64 - ok 01:10:07.0905 1904 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys 01:10:07.0921 1904 Avgmfx64 - ok 01:10:07.0968 1904 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys 01:10:07.0968 1904 Avgrkx64 - ok 01:10:08.0015 1904 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys 01:10:08.0015 1904 Avgtdia - ok 01:10:08.0139 1904 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe 01:10:08.0139 1904 avgwd - ok 01:10:08.0186 1904 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 01:10:08.0217 1904 AxInstSV - ok 01:10:08.0264 1904 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 01:10:08.0264 1904 b06bdrv - ok 01:10:08.0311 1904 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 01:10:08.0311 1904 b57nd60a - ok 01:10:08.0420 1904 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 01:10:08.0436 1904 BBSvc - ok 01:10:08.0529 1904 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys 01:10:08.0545 1904 BCM43XX - ok 01:10:08.0592 1904 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 01:10:08.0592 1904 BDESVC - ok 01:10:08.0654 1904 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 01:10:08.0654 1904 Beep - ok 01:10:08.0732 1904 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 01:10:08.0748 1904 BFE - ok 01:10:08.0826 1904 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 01:10:08.0888 1904 BITS - ok 01:10:08.0935 1904 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 01:10:08.0935 1904 blbdrive - ok 01:10:08.0966 1904 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 01:10:08.0966 1904 bowser - ok 01:10:08.0997 1904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 01:10:09.0013 1904 BrFiltLo - ok 01:10:09.0029 1904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 01:10:09.0029 1904 BrFiltUp - ok 01:10:09.0091 1904 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 01:10:09.0091 1904 Browser - ok 01:10:09.0107 1904 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 01:10:09.0107 1904 Brserid - ok 01:10:09.0122 1904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 01:10:09.0122 1904 BrSerWdm - ok 01:10:09.0153 1904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 01:10:09.0153 1904 BrUsbMdm - ok 01:10:09.0169 1904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 01:10:09.0169 1904 BrUsbSer - ok 01:10:09.0231 1904 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 01:10:09.0231 1904 BthEnum - ok 01:10:09.0278 1904 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 01:10:09.0278 1904 BTHMODEM - ok 01:10:09.0309 1904 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 01:10:09.0309 1904 BthPan - ok 01:10:09.0403 1904 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 01:10:09.0403 1904 BTHPORT - ok 01:10:09.0434 1904 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 01:10:09.0450 1904 bthserv - ok 01:10:09.0465 1904 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 01:10:09.0481 1904 BTHUSB - ok 01:10:09.0543 1904 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys 01:10:09.0543 1904 btusbflt - ok 01:10:09.0575 1904 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys 01:10:09.0575 1904 btwaudio - ok 01:10:09.0621 1904 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys 01:10:09.0621 1904 btwavdt - ok 01:10:09.0731 1904 btwdins (dcf8d8f1f87743509d9c0207cb28637d) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 01:10:09.0746 1904 btwdins - ok 01:10:09.0777 1904 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 01:10:09.0777 1904 btwl2cap - ok 01:10:09.0809 1904 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys 01:10:09.0809 1904 btwrchid - ok 01:10:09.0840 1904 catchme - ok 01:10:09.0933 1904 CCALib8 (5753532c476b83119d85aa43b1b10ab3) C:\Program Files (x86)\Canon\CAL\CALMAIN.exe 01:10:09.0949 1904 CCALib8 - ok 01:10:09.0980 1904 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 01:10:09.0980 1904 cdfs - ok 01:10:10.0043 1904 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 01:10:10.0043 1904 cdrom - ok 01:10:10.0089 1904 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 01:10:10.0105 1904 CertPropSvc - ok 01:10:10.0152 1904 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 01:10:10.0152 1904 circlass - ok 01:10:10.0199 1904 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 01:10:10.0199 1904 CLFS - ok 01:10:10.0277 1904 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 01:10:10.0277 1904 clr_optimization_v2.0.50727_32 - ok 01:10:10.0323 1904 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 01:10:10.0323 1904 clr_optimization_v2.0.50727_64 - ok 01:10:10.0401 1904 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 01:10:10.0417 1904 clr_optimization_v4.0.30319_32 - ok 01:10:10.0464 1904 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 01:10:10.0464 1904 clr_optimization_v4.0.30319_64 - ok 01:10:10.0495 1904 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 01:10:10.0495 1904 CmBatt - ok 01:10:10.0542 1904 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 01:10:10.0542 1904 cmdide - ok 01:10:10.0604 1904 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 01:10:10.0620 1904 CNG - ok 01:10:10.0651 1904 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 01:10:10.0651 1904 Compbatt - ok 01:10:10.0698 1904 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 01:10:10.0698 1904 CompositeBus - ok 01:10:10.0713 1904 COMSysApp - ok 01:10:10.0729 1904 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 01:10:10.0729 1904 crcdisk - ok 01:10:10.0807 1904 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 01:10:10.0807 1904 CryptSvc - ok 01:10:10.0901 1904 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 01:10:10.0901 1904 DcomLaunch - ok 01:10:10.0947 1904 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 01:10:10.0947 1904 defragsvc - ok 01:10:11.0010 1904 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 01:10:11.0010 1904 DfsC - ok 01:10:11.0088 1904 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 01:10:11.0088 1904 Dhcp - ok 01:10:11.0103 1904 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 01:10:11.0103 1904 discache - ok 01:10:11.0150 1904 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 01:10:11.0150 1904 Disk - ok 01:10:11.0244 1904 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys 01:10:11.0244 1904 DKbFltr - ok 01:10:11.0291 1904 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 01:10:11.0291 1904 Dnscache - ok 01:10:11.0353 1904 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 01:10:11.0353 1904 dot3svc - ok 01:10:11.0400 1904 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 01:10:11.0415 1904 DPS - ok 01:10:11.0447 1904 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 01:10:11.0447 1904 drmkaud - ok 01:10:11.0540 1904 DsiWMIService (edf7343acaab182c082f26ea97706e83) C:\Program Files (x86)\Launch Manager\dsiwmis.exe 01:10:11.0540 1904 DsiWMIService - ok 01:10:11.0634 1904 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 01:10:11.0649 1904 DXGKrnl - ok 01:10:11.0696 1904 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 01:10:11.0696 1904 EapHost - ok 01:10:11.0837 1904 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 01:10:11.0946 1904 ebdrv - ok 01:10:12.0055 1904 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 01:10:12.0055 1904 EFS - ok 01:10:12.0149 1904 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 01:10:12.0164 1904 ehRecvr - ok 01:10:12.0195 1904 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 01:10:12.0195 1904 ehSched - ok 01:10:12.0273 1904 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 01:10:12.0289 1904 elxstor - ok 01:10:12.0398 1904 ePowerSvc (7b1ee19b7fbd5365e1935f6aab7e48a7) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe 01:10:12.0414 1904 ePowerSvc - ok 01:10:12.0523 1904 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 01:10:12.0523 1904 ErrDev - ok 01:10:12.0585 1904 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 01:10:12.0601 1904 EventSystem - ok 01:10:12.0632 1904 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 01:10:12.0632 1904 exfat - ok 01:10:12.0663 1904 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 01:10:12.0663 1904 fastfat - ok 01:10:12.0757 1904 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 01:10:12.0773 1904 Fax - ok 01:10:12.0804 1904 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 01:10:12.0804 1904 fdc - ok 01:10:12.0835 1904 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 01:10:12.0835 1904 fdPHost - ok 01:10:12.0866 1904 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 01:10:12.0866 1904 FDResPub - ok 01:10:12.0897 1904 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 01:10:12.0897 1904 FileInfo - ok 01:10:12.0913 1904 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 01:10:12.0913 1904 Filetrace - ok 01:10:12.0944 1904 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 01:10:12.0944 1904 flpydisk - ok 01:10:13.0007 1904 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 01:10:13.0007 1904 FltMgr - ok 01:10:13.0069 1904 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 01:10:13.0100 1904 FontCache - ok 01:10:13.0178 1904 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 01:10:13.0194 1904 FontCache3.0.0.0 - ok 01:10:13.0241 1904 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 01:10:13.0241 1904 FsDepends - ok 01:10:13.0272 1904 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 01:10:13.0272 1904 fssfltr - ok 01:10:13.0412 1904 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 01:10:13.0428 1904 fsssvc - ok 01:10:13.0568 1904 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 01:10:13.0568 1904 Fs_Rec - ok 01:10:13.0631 1904 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 01:10:13.0631 1904 fvevol - ok 01:10:13.0662 1904 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 01:10:13.0677 1904 gagp30kx - ok 01:10:13.0740 1904 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 01:10:13.0755 1904 gpsvc - ok 01:10:13.0896 1904 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe 01:10:13.0911 1904 Greg_Service - ok 01:10:14.0005 1904 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 01:10:14.0005 1904 gupdate - ok 01:10:14.0052 1904 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 01:10:14.0052 1904 gupdatem - ok 01:10:14.0099 1904 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 01:10:14.0099 1904 gusvc - ok 01:10:14.0192 1904 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 01:10:14.0192 1904 hcw85cir - ok 01:10:14.0270 1904 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 01:10:14.0270 1904 HdAudAddService - ok 01:10:14.0348 1904 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 01:10:14.0348 1904 HDAudBus - ok 01:10:14.0379 1904 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 01:10:14.0379 1904 HidBatt - ok 01:10:14.0395 1904 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 01:10:14.0395 1904 HidBth - ok 01:10:14.0426 1904 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 01:10:14.0426 1904 HidIr - ok 01:10:14.0457 1904 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 01:10:14.0457 1904 hidserv - ok 01:10:14.0520 1904 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 01:10:14.0535 1904 HidUsb - ok 01:10:14.0582 1904 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 01:10:14.0582 1904 hkmsvc - ok 01:10:14.0629 1904 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 01:10:14.0629 1904 HomeGroupListener - ok 01:10:14.0676 1904 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 01:10:14.0691 1904 HomeGroupProvider - ok 01:10:14.0754 1904 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 01:10:14.0754 1904 HpSAMD - ok 01:10:14.0847 1904 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 01:10:14.0863 1904 HTTP - ok 01:10:14.0925 1904 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 01:10:14.0925 1904 hwpolicy - ok 01:10:14.0988 1904 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 01:10:15.0003 1904 i8042prt - ok 01:10:15.0097 1904 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 01:10:15.0113 1904 IAANTMON - ok 01:10:15.0144 1904 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys 01:10:15.0159 1904 iaStor - ok 01:10:15.0222 1904 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 01:10:15.0237 1904 iaStorV - ok 01:10:15.0347 1904 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 01:10:15.0362 1904 idsvc - ok 01:10:15.0674 1904 igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys 01:10:15.0846 1904 igfx - ok 01:10:15.0955 1904 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 01:10:15.0955 1904 iirsp - ok 01:10:16.0033 1904 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 01:10:16.0049 1904 IKEEXT - ok 01:10:16.0158 1904 IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys 01:10:16.0189 1904 IntcAzAudAddService - ok 01:10:16.0298 1904 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 01:10:16.0314 1904 intelide - ok 01:10:16.0657 1904 intelkmd (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdpmd64.sys 01:10:16.0829 1904 intelkmd - ok 01:10:16.0938 1904 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 01:10:16.0938 1904 intelppm - ok 01:10:16.0969 1904 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 01:10:16.0969 1904 IPBusEnum - ok 01:10:17.0016 1904 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 01:10:17.0016 1904 IpFilterDriver - ok 01:10:17.0078 1904 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 01:10:17.0078 1904 iphlpsvc - ok 01:10:17.0141 1904 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 01:10:17.0141 1904 IPMIDRV - ok 01:10:17.0172 1904 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 01:10:17.0172 1904 IPNAT - ok 01:10:17.0203 1904 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 01:10:17.0203 1904 IRENUM - ok 01:10:17.0250 1904 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 01:10:17.0250 1904 isapnp - ok 01:10:17.0312 1904 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 01:10:17.0312 1904 iScsiPrt - ok 01:10:17.0375 1904 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 01:10:17.0375 1904 kbdclass - ok 01:10:17.0437 1904 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 01:10:17.0453 1904 kbdhid - ok 01:10:17.0484 1904 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 01:10:17.0499 1904 KeyIso - ok 01:10:17.0515 1904 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 01:10:17.0515 1904 KSecDD - ok 01:10:17.0577 1904 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 01:10:17.0577 1904 KSecPkg - ok 01:10:17.0609 1904 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 01:10:17.0609 1904 ksthunk - ok 01:10:17.0640 1904 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 01:10:17.0640 1904 KtmRm - ok 01:10:17.0687 1904 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys 01:10:17.0687 1904 L1C - ok 01:10:17.0718 1904 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys 01:10:17.0718 1904 L1E - ok 01:10:17.0796 1904 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 01:10:17.0796 1904 LanmanServer - ok 01:10:17.0874 1904 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 01:10:17.0889 1904 LanmanWorkstation - ok 01:10:17.0921 1904 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 01:10:17.0921 1904 lltdio - ok 01:10:17.0952 1904 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 01:10:17.0967 1904 lltdsvc - ok 01:10:17.0983 1904 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 01:10:17.0983 1904 lmhosts - ok 01:10:18.0014 1904 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 01:10:18.0014 1904 LSI_FC - ok 01:10:18.0030 1904 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 01:10:18.0030 1904 LSI_SAS - ok 01:10:18.0045 1904 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 01:10:18.0045 1904 LSI_SAS2 - ok 01:10:18.0061 1904 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 01:10:18.0061 1904 LSI_SCSI - ok 01:10:18.0092 1904 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 01:10:18.0092 1904 luafv - ok 01:10:18.0201 1904 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe 01:10:18.0201 1904 McComponentHostService - ok 01:10:18.0248 1904 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 01:10:18.0248 1904 Mcx2Svc - ok 01:10:18.0295 1904 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 01:10:18.0295 1904 megasas - ok 01:10:18.0311 1904 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 01:10:18.0311 1904 MegaSR - ok 01:10:18.0357 1904 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 01:10:18.0357 1904 MMCSS - ok 01:10:18.0389 1904 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 01:10:18.0389 1904 Modem - ok 01:10:18.0404 1904 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 01:10:18.0420 1904 monitor - ok 01:10:18.0482 1904 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 01:10:18.0482 1904 mouclass - ok 01:10:18.0498 1904 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 01:10:18.0498 1904 mouhid - ok 01:10:18.0560 1904 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 01:10:18.0560 1904 mountmgr - ok 01:10:18.0623 1904 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 01:10:18.0638 1904 mpio - ok 01:10:18.0701 1904 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 01:10:18.0701 1904 mpsdrv - ok 01:10:18.0779 1904 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 01:10:18.0794 1904 MpsSvc - ok 01:10:18.0841 1904 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 01:10:18.0857 1904 MRxDAV - ok 01:10:18.0888 1904 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 01:10:18.0888 1904 mrxsmb - ok 01:10:18.0903 1904 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 01:10:18.0919 1904 mrxsmb10 - ok 01:10:18.0935 1904 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 01:10:18.0935 1904 mrxsmb20 - ok 01:10:18.0981 1904 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 01:10:18.0981 1904 msahci - ok 01:10:19.0013 1904 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 01:10:19.0028 1904 msdsm - ok 01:10:19.0075 1904 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 01:10:19.0075 1904 MSDTC - ok 01:10:19.0106 1904 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 01:10:19.0106 1904 Msfs - ok 01:10:19.0122 1904 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 01:10:19.0122 1904 mshidkmdf - ok 01:10:19.0169 1904 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 01:10:19.0169 1904 msisadrv - ok 01:10:19.0200 1904 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 01:10:19.0200 1904 MSiSCSI - ok 01:10:19.0215 1904 msiserver - ok 01:10:19.0247 1904 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 01:10:19.0247 1904 MSKSSRV - ok 01:10:19.0262 1904 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 01:10:19.0262 1904 MSPCLOCK - ok 01:10:19.0278 1904 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 01:10:19.0278 1904 MSPQM - ok 01:10:19.0340 1904 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 01:10:19.0356 1904 MsRPC - ok 01:10:19.0403 1904 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 01:10:19.0403 1904 mssmbios - ok 01:10:19.0434 1904 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 01:10:19.0449 1904 MSTEE - ok 01:10:19.0449 1904 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 01:10:19.0449 1904 MTConfig - ok 01:10:19.0481 1904 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 01:10:19.0481 1904 Mup - ok 01:10:19.0527 1904 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 01:10:19.0527 1904 mwlPSDFilter - ok 01:10:19.0559 1904 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 01:10:19.0559 1904 mwlPSDNServ - ok 01:10:19.0574 1904 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 01:10:19.0574 1904 mwlPSDVDisk - ok 01:10:19.0683 1904 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe 01:10:19.0683 1904 MWLService - ok 01:10:19.0761 1904 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 01:10:19.0761 1904 napagent - ok 01:10:19.0839 1904 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 01:10:19.0839 1904 NativeWifiP - ok 01:10:19.0933 1904 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 01:10:19.0949 1904 NDIS - ok 01:10:19.0995 1904 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 01:10:19.0995 1904 NdisCap - ok 01:10:20.0011 1904 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 01:10:20.0027 1904 NdisTapi - ok 01:10:20.0105 1904 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 01:10:20.0105 1904 Ndisuio - ok 01:10:20.0167 1904 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 01:10:20.0167 1904 NdisWan - ok 01:10:20.0229 1904 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 01:10:20.0229 1904 NDProxy - ok 01:10:20.0276 1904 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 01:10:20.0276 1904 NetBIOS - ok 01:10:20.0339 1904 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 01:10:20.0339 1904 NetBT - ok 01:10:20.0385 1904 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 01:10:20.0385 1904 Netlogon - ok 01:10:20.0463 1904 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 01:10:20.0463 1904 Netman - ok 01:10:20.0510 1904 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 01:10:20.0526 1904 netprofm - ok 01:10:20.0604 1904 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 01:10:20.0604 1904 NetTcpPortSharing - ok 01:10:20.0900 1904 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys 01:10:21.0056 1904 NETw5s64 - ok 01:10:21.0165 1904 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 01:10:21.0165 1904 nfrd960 - ok 01:10:21.0228 1904 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 01:10:21.0243 1904 NlaSvc - ok 01:10:21.0259 1904 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 01:10:21.0259 1904 Npfs - ok 01:10:21.0275 1904 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 01:10:21.0290 1904 nsi - ok 01:10:21.0306 1904 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 01:10:21.0306 1904 nsiproxy - ok 01:10:21.0399 1904 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 01:10:21.0431 1904 Ntfs - ok 01:10:21.0540 1904 NTI IScheduleSvc (14e66f603fb187713aeb02ad3b0390cf) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe 01:10:21.0540 1904 NTI IScheduleSvc - ok 01:10:21.0602 1904 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 01:10:21.0602 1904 NTIBackupSvc - ok 01:10:21.0680 1904 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys 01:10:21.0680 1904 NTIDrvr - ok 01:10:21.0727 1904 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 01:10:21.0774 1904 NTISchedulerSvc - ok 01:10:21.0805 1904 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 01:10:21.0805 1904 Null - ok 01:10:21.0883 1904 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 01:10:21.0883 1904 nvraid - ok 01:10:21.0914 1904 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 01:10:21.0914 1904 nvstor - ok 01:10:21.0961 1904 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 01:10:21.0961 1904 nv_agp - ok 01:10:22.0055 1904 ODDPwrSvc (ff0a17b7da1467fe4172ba545bc1060a) C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe 01:10:22.0055 1904 ODDPwrSvc - ok 01:10:22.0101 1904 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 01:10:22.0101 1904 ohci1394 - ok 01:10:22.0164 1904 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 01:10:22.0164 1904 ose - ok 01:10:22.0429 1904 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 01:10:22.0554 1904 osppsvc - ok 01:10:22.0663 1904 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 01:10:22.0679 1904 p2pimsvc - ok 01:10:22.0710 1904 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 01:10:22.0710 1904 p2psvc - ok 01:10:22.0757 1904 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 01:10:22.0757 1904 Parport - ok 01:10:22.0803 1904 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 01:10:22.0803 1904 partmgr - ok 01:10:22.0835 1904 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 01:10:22.0835 1904 PcaSvc - ok 01:10:22.0881 1904 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 01:10:22.0897 1904 pci - ok 01:10:22.0944 1904 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 01:10:22.0944 1904 pciide - ok 01:10:22.0975 1904 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 01:10:22.0975 1904 pcmcia - ok 01:10:23.0006 1904 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 01:10:23.0006 1904 pcw - ok 01:10:23.0037 1904 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 01:10:23.0053 1904 PEAUTH - ok 01:10:23.0100 1904 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 01:10:23.0115 1904 PerfHost - ok 01:10:23.0225 1904 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 01:10:23.0240 1904 pla - ok 01:10:23.0303 1904 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 01:10:23.0318 1904 PlugPlay - ok 01:10:23.0349 1904 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 01:10:23.0349 1904 PNRPAutoReg - ok 01:10:23.0381 1904 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 01:10:23.0381 1904 PNRPsvc - ok 01:10:23.0443 1904 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 01:10:23.0459 1904 PolicyAgent - ok 01:10:23.0505 1904 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 01:10:23.0505 1904 Power - ok 01:10:23.0583 1904 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 01:10:23.0583 1904 PptpMiniport - ok 01:10:23.0599 1904 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 01:10:23.0599 1904 Processor - ok 01:10:23.0661 1904 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 01:10:23.0677 1904 ProfSvc - ok 01:10:23.0739 1904 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 01:10:23.0739 1904 ProtectedStorage - ok 01:10:23.0802 1904 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 01:10:23.0817 1904 Psched - ok 01:10:23.0895 1904 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 01:10:23.0911 1904 ql2300 - ok 01:10:24.0020 1904 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 01:10:24.0020 1904 ql40xx - ok 01:10:24.0067 1904 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 01:10:24.0067 1904 QWAVE - ok 01:10:24.0083 1904 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 01:10:24.0083 1904 QWAVEdrv - ok 01:10:24.0098 1904 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 01:10:24.0098 1904 RasAcd - ok 01:10:24.0145 1904 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 01:10:24.0145 1904 RasAgileVpn - ok 01:10:24.0176 1904 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 01:10:24.0176 1904 RasAuto - ok 01:10:24.0239 1904 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 01:10:24.0239 1904 Rasl2tp - ok 01:10:24.0301 1904 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 01:10:24.0317 1904 RasMan - ok 01:10:24.0348 1904 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 01:10:24.0348 1904 RasPppoe - ok 01:10:24.0379 1904 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 01:10:24.0379 1904 RasSstp - ok 01:10:24.0457 1904 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 01:10:24.0457 1904 rdbss - ok 01:10:24.0488 1904 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 01:10:24.0488 1904 rdpbus - ok 01:10:24.0504 1904 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 01:10:24.0504 1904 RDPCDD - ok 01:10:24.0519 1904 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 01:10:24.0519 1904 RDPENCDD - ok 01:10:24.0535 1904 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 01:10:24.0535 1904 RDPREFMP - ok 01:10:24.0582 1904 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 01:10:24.0582 1904 RDPWD - ok 01:10:24.0660 1904 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 01:10:24.0660 1904 rdyboost - ok 01:10:24.0691 1904 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 01:10:24.0691 1904 RemoteAccess - ok 01:10:24.0738 1904 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 01:10:24.0738 1904 RemoteRegistry - ok 01:10:24.0785 1904 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 01:10:24.0785 1904 RFCOMM - ok 01:10:24.0831 1904 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 01:10:24.0831 1904 RpcEptMapper - ok 01:10:24.0894 1904 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 01:10:24.0894 1904 RpcLocator - ok 01:10:24.0956 1904 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 01:10:24.0956 1904 RpcSs - ok 01:10:24.0987 1904 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 01:10:24.0987 1904 rspndr - ok 01:10:25.0050 1904 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys 01:10:25.0050 1904 RSUSBSTOR - ok 01:10:25.0143 1904 RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe 01:10:25.0143 1904 RS_Service - ok 01:10:25.0159 1904 RtsUIR - ok 01:10:25.0221 1904 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 01:10:25.0221 1904 SamSs - ok 01:10:25.0268 1904 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 01:10:25.0268 1904 sbp2port - ok 01:10:25.0299 1904 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 01:10:25.0299 1904 SCardSvr - ok 01:10:25.0362 1904 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 01:10:25.0362 1904 scfilter - ok 01:10:25.0455 1904 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 01:10:25.0471 1904 Schedule - ok 01:10:25.0518 1904 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 01:10:25.0518 1904 SCPolicySvc - ok 01:10:25.0565 1904 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 01:10:25.0565 1904 SDRSVC - ok 01:10:25.0689 1904 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 01:10:25.0689 1904 SeaPort - ok 01:10:25.0721 1904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 01:10:25.0736 1904 secdrv - ok 01:10:25.0783 1904 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 01:10:25.0783 1904 seclogon - ok 01:10:25.0814 1904 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 01:10:25.0814 1904 SENS - ok 01:10:25.0845 1904 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 01:10:25.0845 1904 SensrSvc - ok 01:10:25.0877 1904 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 01:10:25.0877 1904 Serenum - ok 01:10:25.0908 1904 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 01:10:25.0908 1904 Serial - ok 01:10:25.0955 1904 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 01:10:25.0955 1904 sermouse - ok 01:10:26.0017 1904 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 01:10:26.0017 1904 SessionEnv - ok 01:10:26.0079 1904 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 01:10:26.0079 1904 sffdisk - ok 01:10:26.0095 1904 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 01:10:26.0095 1904 sffp_mmc - ok 01:10:26.0095 1904 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 01:10:26.0111 1904 sffp_sd - ok 01:10:26.0126 1904 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 01:10:26.0126 1904 sfloppy - ok 01:10:26.0189 1904 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 01:10:26.0189 1904 SharedAccess - ok 01:10:26.0251 1904 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 01:10:26.0267 1904 ShellHWDetection - ok 01:10:26.0298 1904 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 01:10:26.0298 1904 SiSRaid2 - ok 01:10:26.0313 1904 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 01:10:26.0329 1904 SiSRaid4 - ok 01:10:26.0360 1904 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 01:10:26.0360 1904 Smb - ok 01:10:26.0407 1904 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 01:10:26.0407 1904 SNMPTRAP - ok 01:10:26.0438 1904 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 01:10:26.0438 1904 spldr - ok 01:10:26.0501 1904 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 01:10:26.0516 1904 Spooler - ok 01:10:26.0688 1904 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 01:10:26.0781 1904 sppsvc - ok 01:10:26.0875 1904 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 01:10:26.0875 1904 sppuinotify - ok 01:10:26.0906 1904 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 01:10:26.0922 1904 srv - ok 01:10:26.0953 1904 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 01:10:26.0953 1904 srv2 - ok 01:10:26.0984 1904 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 01:10:26.0984 1904 srvnet - ok 01:10:27.0031 1904 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 01:10:27.0031 1904 SSDPSRV - ok 01:10:27.0047 1904 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 01:10:27.0047 1904 SstpSvc - ok 01:10:27.0078 1904 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 01:10:27.0093 1904 stexstor - ok 01:10:27.0156 1904 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 01:10:27.0171 1904 stisvc - ok 01:10:27.0218 1904 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 01:10:27.0218 1904 swenum - ok 01:10:27.0343 1904 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 01:10:27.0359 1904 SwitchBoard - ok 01:10:27.0405 1904 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 01:10:27.0421 1904 swprv - ok 01:10:27.0468 1904 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys 01:10:27.0468 1904 SynTP - ok 01:10:27.0593 1904 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 01:10:27.0624 1904 SysMain - ok 01:10:27.0717 1904 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 01:10:27.0733 1904 TabletInputService - ok 01:10:27.0764 1904 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 01:10:27.0764 1904 TapiSrv - ok 01:10:27.0795 1904 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 01:10:27.0811 1904 TBS - ok 01:10:27.0936 1904 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 01:10:27.0967 1904 Tcpip - ok 01:10:28.0170 1904 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 01:10:28.0185 1904 TCPIP6 - ok 01:10:28.0295 1904 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 01:10:28.0295 1904 tcpipreg - ok 01:10:28.0326 1904 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 01:10:28.0326 1904 TDPIPE - ok 01:10:28.0373 1904 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 01:10:28.0373 1904 TDTCP - ok 01:10:28.0451 1904 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 01:10:28.0451 1904 tdx - ok 01:10:28.0513 1904 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 01:10:28.0513 1904 TermDD - ok 01:10:28.0575 1904 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 01:10:28.0591 1904 TermService - ok 01:10:28.0622 1904 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 01:10:28.0622 1904 Themes - ok 01:10:28.0653 1904 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 01:10:28.0653 1904 THREADORDER - ok 01:10:28.0700 1904 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 01:10:28.0700 1904 TrkWks - ok 01:10:28.0794 1904 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 01:10:28.0794 1904 TrustedInstaller - ok 01:10:28.0825 1904 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 01:10:28.0825 1904 tssecsrv - ok 01:10:28.0903 1904 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 01:10:28.0903 1904 TsUsbFlt - ok 01:10:28.0981 1904 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 01:10:28.0997 1904 tunnel - ok 01:10:29.0028 1904 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 01:10:29.0028 1904 uagp35 - ok 01:10:29.0075 1904 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys 01:10:29.0075 1904 UBHelper - ok 01:10:29.0137 1904 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 01:10:29.0137 1904 udfs - ok 01:10:29.0168 1904 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 01:10:29.0168 1904 UI0Detect - ok 01:10:29.0215 1904 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 01:10:29.0215 1904 uliagpkx - ok 01:10:29.0293 1904 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 01:10:29.0293 1904 umbus - ok 01:10:29.0309 1904 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 01:10:29.0309 1904 UmPass - ok 01:10:29.0402 1904 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe 01:10:29.0402 1904 Updater Service - ok 01:10:29.0449 1904 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 01:10:29.0465 1904 upnphost - ok 01:10:29.0527 1904 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 01:10:29.0543 1904 usbaudio - ok 01:10:29.0589 1904 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 01:10:29.0589 1904 usbccgp - ok 01:10:29.0605 1904 USBCCID - ok 01:10:29.0667 1904 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 01:10:29.0667 1904 usbcir - ok 01:10:29.0714 1904 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 01:10:29.0714 1904 usbehci - ok 01:10:29.0792 1904 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 01:10:29.0808 1904 usbhub - ok 01:10:29.0855 1904 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 01:10:29.0855 1904 usbohci - ok 01:10:29.0901 1904 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 01:10:29.0901 1904 usbprint - ok 01:10:29.0948 1904 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 01:10:29.0948 1904 USBSTOR - ok 01:10:30.0011 1904 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 01:10:30.0011 1904 usbuhci - ok 01:10:30.0089 1904 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 01:10:30.0089 1904 usbvideo - ok 01:10:30.0120 1904 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 01:10:30.0120 1904 UxSms - ok 01:10:30.0167 1904 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 01:10:30.0167 1904 VaultSvc - ok 01:10:30.0229 1904 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 01:10:30.0229 1904 vdrvroot - ok 01:10:30.0291 1904 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 01:10:30.0307 1904 vds - ok 01:10:30.0354 1904 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 01:10:30.0354 1904 vga - ok 01:10:30.0369 1904 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 01:10:30.0369 1904 VgaSave - ok 01:10:30.0416 1904 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 01:10:30.0432 1904 vhdmp - ok 01:10:30.0479 1904 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 01:10:30.0479 1904 viaide - ok 01:10:30.0541 1904 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 01:10:30.0541 1904 volmgr - ok 01:10:30.0603 1904 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 01:10:30.0603 1904 volmgrx - ok 01:10:30.0666 1904 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 01:10:30.0666 1904 volsnap - ok 01:10:30.0713 1904 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 01:10:30.0713 1904 vsmraid - ok 01:10:30.0822 1904 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 01:10:30.0853 1904 VSS - ok 01:10:30.0931 1904 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 01:10:30.0931 1904 vwifibus - ok 01:10:30.0962 1904 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 01:10:30.0962 1904 vwififlt - ok 01:10:30.0994 1904 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 01:10:30.0994 1904 vwifimp - ok 01:10:31.0040 1904 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 01:10:31.0040 1904 W32Time - ok 01:10:31.0072 1904 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 01:10:31.0072 1904 WacomPen - ok 01:10:31.0134 1904 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 01:10:31.0150 1904 WANARP - ok 01:10:31.0165 1904 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 01:10:31.0165 1904 Wanarpv6 - ok 01:10:31.0259 1904 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 01:10:31.0274 1904 WatAdminSvc - ok 01:10:31.0368 1904 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 01:10:31.0399 1904 wbengine - ok 01:10:31.0493 1904 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 01:10:31.0508 1904 WbioSrvc - ok 01:10:31.0555 1904 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 01:10:31.0571 1904 wcncsvc - ok 01:10:31.0618 1904 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 01:10:31.0618 1904 WcsPlugInService - ok 01:10:31.0649 1904 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 01:10:31.0649 1904 Wd - ok 01:10:31.0696 1904 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 01:10:31.0711 1904 Wdf01000 - ok 01:10:31.0727 1904 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 01:10:31.0727 1904 WdiServiceHost - ok 01:10:31.0742 1904 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 01:10:31.0742 1904 WdiSystemHost - ok 01:10:31.0789 1904 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 01:10:31.0805 1904 WebClient - ok 01:10:31.0836 1904 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 01:10:31.0852 1904 Wecsvc - ok 01:10:31.0867 1904 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 01:10:31.0867 1904 wercplsupport - ok 01:10:31.0898 1904 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 01:10:31.0898 1904 WerSvc - ok 01:10:31.0945 1904 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 01:10:31.0945 1904 WfpLwf - ok 01:10:31.0961 1904 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 01:10:31.0961 1904 WIMMount - ok 01:10:31.0992 1904 WinDefend - ok 01:10:31.0992 1904 WinHttpAutoProxySvc - ok 01:10:32.0070 1904 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 01:10:32.0070 1904 Winmgmt - ok 01:10:32.0179 1904 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 01:10:32.0226 1904 WinRM - ok 01:10:32.0382 1904 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 01:10:32.0382 1904 WinUsb - ok 01:10:32.0444 1904 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 01:10:32.0460 1904 Wlansvc - ok 01:10:32.0569 1904 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 01:10:32.0569 1904 wlcrasvc - ok 01:10:32.0725 1904 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 01:10:32.0756 1904 wlidsvc - ok 01:10:32.0881 1904 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 01:10:32.0881 1904 WmiAcpi - ok 01:10:32.0944 1904 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 01:10:32.0944 1904 wmiApSrv - ok 01:10:32.0990 1904 WMPNetworkSvc - ok 01:10:33.0022 1904 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 01:10:33.0037 1904 WPCSvc - ok 01:10:33.0084 1904 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 01:10:33.0084 1904 WPDBusEnum - ok 01:10:33.0100 1904 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 01:10:33.0115 1904 ws2ifsl - ok 01:10:33.0146 1904 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 01:10:33.0146 1904 wscsvc - ok 01:10:33.0162 1904 WSearch - ok 01:10:33.0302 1904 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 01:10:33.0334 1904 wuauserv - ok 01:10:33.0458 1904 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 01:10:33.0458 1904 WudfPf - ok 01:10:33.0490 1904 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 01:10:33.0490 1904 WUDFRd - ok 01:10:33.0552 1904 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 01:10:33.0552 1904 wudfsvc - ok 01:10:33.0583 1904 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 01:10:33.0583 1904 WwanSvc - ok 01:10:33.0646 1904 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 01:10:33.0724 1904 \Device\Harddisk0\DR0 - ok 01:10:33.0724 1904 Boot (0x1200) (014635d9565514de67d1eebdc6967c7f) \Device\Harddisk0\DR0\Partition0 01:10:33.0724 1904 \Device\Harddisk0\DR0\Partition0 - ok 01:10:33.0739 1904 Boot (0x1200) (56874c2103766a2591dc32de20c17b6d) \Device\Harddisk0\DR0\Partition1 01:10:33.0739 1904 \Device\Harddisk0\DR0\Partition1 - ok 01:10:33.0739 1904 ============================================================ 01:10:33.0739 1904 Scan finished 01:10:33.0739 1904 ============================================================ 01:10:33.0755 1156 Detected object count: 0 01:10:33.0755 1156 Actual detected object count: 0 01:30:31.0422 1608 Deinitialize success Denne er fra Malwarebytes Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.org Databaseversjon: v2012.05.05.08 Windows 7 Service Pack 1 x64 NTFS (Sikkerhetsmodus med nettverk) Internet Explorer 9.0.8112.16421 Anon :: Anon-PC [administrator] 06.05.2012 01:16:38 mbam-log-2012-05-06 (01-16-38).txt Skanntype: Hurtigsøk Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM Deaktiverte skanninnstillinger: P2P Objekter skannet: 219021 Tid tilbakelagt: 6 minutt(er), 54 sekund(er) Minneprosesser oppdaget: 0 (Ingen skadelige objekter funnet) Minnemoduler oppdaget: 0 (Ingen skadelige objekter funnet) Registernøkler oppdaget: 0 (Ingen skadelige objekter funnet) Registerverdier oppdaget: 0 (Ingen skadelige objekter funnet) Registerfiler oppdaget: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Dårlig: (0) God: (1) -> Satt i karantene og reparert vellykket. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Dårlig: (0) God: (1) -> Satt i karantene og reparert vellykket. Mapper oppdaget: 0 (Ingen skadelige objekter funnet) Filer oppdaget 0 (Ingen skadelige objekter funnet) (klar) Lenke til kommentar
Dr.Geek Skrevet 7. mai 2012 Del Skrevet 7. mai 2012 (endret) Dette er såkalt "scamware", altså fake. Ikke følg noen av linkene. Gjør følgende: Gjør en Fullscan med Malwarebytes Anti Malware i sikker modus. Slett alle funn og post loggen. Reboot i normal modus: Kjør Combofix: http://www.bleepingc...to-use-combofix (deaktiver alle Antivirus Guards før start, lukk alle programmer!) (post loggen) Etterpå kan vi gjøre dine filer som er blitt skjulte synnlige igjen med unhide.exe. Du trenger ikke være redd for å miste data. Endret 7. mai 2012 av TheGenius 1 Lenke til kommentar
Sensorium Skrevet 7. mai 2012 Forfatter Del Skrevet 7. mai 2012 (endret) Hei! Jeg gjorde følgende: kjørte Malware Fullscan i sikkerhetsmodus, dette er loggen fra Malware 18:47 07.05.2012 Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.org Databaseversjon: v2012.05.05.08 Windows 7 Service Pack 1 x64 NTFS (Sikkerhetsmodus med nettverk) Internet Explorer 9.0.8112.16421 Anon :: Anon-PC [administrator] 07.05.2012 15:49:43 mbam-log-2012-05-07 (15-49-43).txt Skanntype: Full skann Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM Deaktiverte skanninnstillinger: P2P Objekter skannet: 402725 Tid tilbakelagt: 1 time®, 3 minutt(er), 7 sekund(er) Minneprosesser oppdaget: 0 (Ingen skadelige objekter funnet) Minnemoduler oppdaget: 0 (Ingen skadelige objekter funnet) Registernøkler oppdaget: 0 (Ingen skadelige objekter funnet) Registerverdier oppdaget: 0 (Ingen skadelige objekter funnet) Registerfiler oppdaget: 0 (Ingen skadelige objekter funnet) Mapper oppdaget: 0 (Ingen skadelige objekter funnet) Filer oppdaget 0 (Ingen skadelige objekter funnet) (klar) Etterpå startet jeg dataen på nytt i normal modus. Da kom AVG og hadde funnet en trussel, som jeg ikke husker på hva var (kan sikkert finnes det senere). Jeg prøvde å deaktivere alle anti-virus programmer (deaktiverte Resident Shield). Så innstalerte og kjørte jeg Combofix. Programmet begynte å kjøre, men dataen gikk desverre i dvalemodus. Når jeg startet opp data virket det som om Combofix hadde stoppet, der sto det "Forbereder Rapport, Ikke start andre programmer før Combofix har kjørt ferdig". det dukket opp en "Threat detected" meding som er fra AVG kom fram. "File name" er C:\COMBOFIX\REGT.3XE , her kan velge mellom å "Move to Vault" eller "Allow". Er litt usikker på hva jeg kan gjøre videre her. . . Endret 7. mai 2012 av Sensorium Lenke til kommentar
Dr.Geek Skrevet 7. mai 2012 Del Skrevet 7. mai 2012 Du må deaktivere AVG og alt annet av Antivirus Guards. Hos AVG betyr det at du må gå til: Antivirus, Identity Protect og Link Scanner. Her deaktiverer du alle funksjoner. Så laster du combofix ned på nytt og kjører det. Og/eller post meg en OTL log (otl.txt) http://www.geekstogo...for-hijackthis/ Post loggen i Spoiler: (Spesiell BB-Kode) Lenke til kommentar
Sensorium Skrevet 7. mai 2012 Forfatter Del Skrevet 7. mai 2012 Virker som om jeg ikke har noen muligheter til å deaktivere "Anti-Virus Component". Lurer og på hva jeg skal trykke "allow" eller "Move to Valut" på AVG "threat detected"? (føler at jeg jeg maser litt på deg her, men er redd for å gjøre feil, er ikke så flink på slike ting.,) Lenke til kommentar
Dr.Geek Skrevet 7. mai 2012 Del Skrevet 7. mai 2012 (endret) du skal trykke "allow". AVG deaktiveres gjennom å ta bort avkryssning på "enable resident shield". Det samme gjør du med de andre funksjoner. Får du dette ikke til post meg som sagt en OTL log. Endret 7. mai 2012 av TheGenius Lenke til kommentar
Sensorium Skrevet 7. mai 2012 Forfatter Del Skrevet 7. mai 2012 (endret) Hei! Da har jeg kjørt Combofix, og OTL Her er Combofix loggen ComboFix 12-05-07.02 - Anon 07.05.2012 20:20:28.3.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1044.18.4028.2021 [GMT 2:00] Kjører fra: c:\users\Anon\Documents\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-04-07 til 2012-05-07 ))))))))))))))))))))))))))))))))) . . 2012-05-07 18:29 . 2012-05-07 18:29 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-05-07 18:29 . 2012-05-07 18:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-02 18:51 . 2012-05-02 18:51 -------- d-----w- c:\users\Anon\AppData\Roaming\Apple Computer 2012-05-02 18:46 . 2012-05-02 18:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-05-02 18:46 . 2012-05-02 18:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-05-02 18:46 . 2012-05-02 18:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-05-02 18:46 . 2012-05-02 18:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-05-02 18:46 . 2012-05-02 18:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-05-02 18:46 . 2012-05-02 18:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-05-02 18:46 . 2012-05-02 18:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-05-02 18:45 . 2012-05-02 18:45 -------- d-----w- c:\programdata\Apple Computer 2012-05-02 18:43 . 2012-05-02 18:43 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-05-02 18:42 . 2012-05-02 18:42 -------- d-----w- c:\users\Anon\AppData\Local\Apple 2012-05-02 18:42 . 2012-05-02 18:42 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-05-02 18:42 . 2012-05-02 18:42 -------- d-----w- c:\programdata\Apple 2012-04-14 23:26 . 2012-04-14 23:26 -------- d-----w- C:\cd9c36d3143c5e3a2ee824b2a0c1 2012-04-12 06:40 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 06:40 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-12 06:40 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-12 06:40 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-12 06:40 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-12 06:40 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-12 06:40 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-09 18:48 . 2012-04-09 18:56 -------- d-----w- c:\programdata\MyHeritage 2012-04-09 18:48 . 2012-04-09 18:51 -------- d-----w- c:\users\Anon\AppData\Roaming\MyHeritage 2012-04-09 18:47 . 2012-04-09 18:47 -------- d-----w- c:\users\Anon\AppData\Roaming\The Complete Genealogy Reporter - FTB 2012-04-09 18:47 . 2003-07-06 11:07 372736 ----a-w- c:\windows\SysWow64\ijl15.dll 2012-04-09 18:47 . 2002-03-06 22:19 454656 ----a-w- c:\windows\SysWow64\PaintX.dll 2012-04-09 18:47 . 2000-05-22 14:58 608448 ----a-w- c:\windows\SysWow64\comctl32.ocx 2012-04-09 18:47 . 2000-03-13 21:00 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2012-04-09 18:47 . 1998-06-23 22:00 137000 ----a-w- c:\windows\SysWow64\msmapi32.ocx 2012-04-09 18:46 . 2012-04-09 18:47 -------- d-----w- c:\program files (x86)\MyHeritage . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 13:56 . 2011-03-12 17:45 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-17 06:38 . 2012-03-13 19:22 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-13 19:22 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-13 19:22 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-13 19:22 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-02-10 06:36 . 2012-03-13 20:29 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-13 20:29 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll . . ((((((((((((((((((((((((((((( SnapShot_2012-05-07_17.17.24 ))))))))))))))))))))))))))))))))))))))))) . - 2010-08-17 12:40 . 2012-05-07 15:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-08-17 12:40 . 2012-05-07 17:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-08-17 12:40 . 2012-05-07 17:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-08-17 12:40 . 2012-05-07 15:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-07 17:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-07 15:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-01-16 17:38 1811296 ----a-w- c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-28 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-03-08 17037704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-09 98304] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432] "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-17 2339168] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-01-16 939872] "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Family Tree Builder Update"="c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] . c:\users\Anon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GameRanger.lnk - c:\users\Anon\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2010-12-10 1273568] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-1-27 708608] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-17 135664] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264] R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-17 135664] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-10-02 786976] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-09-04 158240] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-17 09:27] . 2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-17 09:27] . 2012-04-29 c:\windows\Tasks\Norton Security Scan for Anon.job - c:\progra~2\NORTON~2\Engine\311~1.6\Nss.exe [2011-05-07 10:23] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-09 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-09 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-09 365592] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-10-02 496160] "ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-09-04 221728] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.sol.no/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=aspire_4810t&r=273608101816l0478z125t4461b368 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd til OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://161.115.4.53/activex/AMC.cab . - - - - TOMME PEKERE FJERNET - - - - . Toolbar-Locked - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) . . . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tidspunkt ferdig: 2012-05-07 20:33:13 ComboFix-quarantined-files.txt 2012-05-07 18:33 ComboFix2.txt 2012-05-07 17:25 ComboFix3.txt 2011-03-12 18:48 . Pre-Run: 97 142 620 160 byte ledig Post-Run: 96 873 324 544 byte ledig . - - End Of File - - CBE3DF2638456DBA24127FB3A26EA52D Dette er OTL loggen OTL logfile created on: 5/7/2012 9:12:13 PM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Anon\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 3.93 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 48.62% Memory free 7.87 Gb Paging File | 5.92 Gb Available in Paging File | 75.33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453.94 Gb Total Space | 90.06 Gb Free Space | 19.84% Space Free | Partition Type: NTFS Computer Name: Anon-PC | User Name: Anon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/07 21:10:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Anon\Downloads\OTL.exe PRC - [2012/03/21 22:30:32 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe PRC - [2012/01/16 19:38:25 | 000,939,872 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe PRC - [2009/11/02 01:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009/09/25 00:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009/09/25 00:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009/09/11 07:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009/08/28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe PRC - [2009/08/24 20:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2009/08/04 23:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009/07/10 12:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2009/06/05 05:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/06/05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009/04/16 09:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe ========== Modules (No Company Name) ========== MOD - [2012/01/16 19:38:25 | 000,939,872 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe MOD - [2009/02/03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/10/03 04:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/10/03 01:24:36 | 000,786,976 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2009/09/09 09:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/09/05 01:44:14 | 000,158,240 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/11/10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/09/25 00:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009/09/11 07:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009/08/28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009/08/24 20:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2009/07/10 12:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel® SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009/11/14 03:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009/10/03 09:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/09/18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/09/15 22:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel® DRV:64bit: - [2009/09/09 10:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/09/09 10:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2009/09/09 09:05:12 | 000,142,848 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009/09/09 07:50:32 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2009/09/09 07:50:32 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/08/29 20:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/08/29 20:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/02 13:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009/06/20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV:64bit: - [2009/06/10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/06/05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009/06/03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009/06/03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009/06/03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009/05/06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/05/06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009/04/08 16:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...78z125t4461b368 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...78z125t4461b368 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sol.no/ IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_noNO393NO394 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-12 18:07:53&v=9.0.0.18&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/03 18:50:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/12/12 19:08:09 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Anon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.2.0.7165_0\npSkypeChromePlugin.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Anon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: AVG Safe Search = C:\Users\Anon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\ CHR - Extension: Skype Extension = C:\Users\Anon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.2.0.7165_0\ O1 HOSTS File: ([2012/05/07 17:41:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - Startup: C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\Anon\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd til OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd til OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://213.134.175.1...sCamControl.cab (CamImage Class) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://161.115.4.53/activex/AMC.cab (AxisMediaControlEmb Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFB6E8B8-72E6-4C5C-BA72-8A5AA44EC161}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/07 20:33:15 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/05/07 17:12:08 | 004,486,979 | R--- | C] (Swearware) -- C:\Users\Anon\Documents\ComboFix.exe [2012/05/07 17:06:18 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{2C0AB178-CD38-4A1C-8416-CEE6D0052C34} [2012/05/07 17:06:05 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{65621DB9-97B7-487C-8818-3E333502DCB1} [2012/05/07 17:05:27 | 000,000,000 | R--D | C] -- C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012/05/06 00:21:34 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{455E2E9D-F101-4BE6-A20D-F006E1D8699D} [2012/05/06 00:21:04 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{CF28036B-ABAA-4B8A-805E-37690F7833AD} [2012/05/05 16:35:11 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{91F83300-4F65-49CD-8CCA-1F840CCDFE3C} [2012/05/05 16:34:42 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{49753236-7BF1-4AB0-8CDD-CDC1585CD5C1} [2012/05/05 09:28:56 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{2648088C-5EA9-44A5-AE2A-EE4B71D4BD4E} [2012/05/05 09:28:34 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{F283F851-ECF2-48E4-A73B-20E542AF46B6} [2012/05/04 16:16:36 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{24AFA5B6-52E8-48A7-B6A5-B0BD550BB523} [2012/05/04 16:16:12 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{69541AC1-387D-498A-BDF3-BE47777D1086} [2012/05/04 07:31:43 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{368B417D-8E7F-4AE5-8457-C56533F84A94} [2012/05/04 07:31:14 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{B02368B3-7ACE-4B69-9A14-411DF7D0A7E0} [2012/05/03 22:34:17 | 000,000,000 | ---D | C] -- C:\Users\Anon\Documents\Iaeste [2012/05/03 16:28:09 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{BEE1EB2F-D374-4F7F-B11D-7FDA9D403106} [2012/05/03 16:27:44 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{7309BAA1-F4B5-46AB-8BF5-98A11F9BDBDD} [2012/05/03 08:36:51 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{8E2351BD-B1BD-465B-9AFA-5B433153B583} [2012/05/03 08:36:26 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{A9C3C883-0DBB-4799-A212-69871555D124} [2012/05/02 20:51:48 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{06308D16-9A05-4ADD-981E-2D83C0FD9D88} [2012/05/02 20:51:44 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Roaming\Apple Computer [2012/05/02 20:51:17 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{A7135EED-6B7F-4C88-B7A2-DD9036B0511B} [2012/05/02 20:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/05/02 20:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012/05/02 20:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012/05/02 20:42:54 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\Apple [2012/05/02 20:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012/05/02 20:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012/05/02 16:43:05 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{00A5E31D-836E-4288-84A0-134805AD898B} [2012/05/02 16:42:33 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{8A74B088-EDDB-4BE8-A04D-930A97BC5E52} [2012/05/02 08:28:42 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{0B66BA08-226C-4E34-AB4E-B147CABB7E2D} [2012/05/02 08:28:26 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{FF3AC832-4703-45D2-A65A-12F39772F366} [2012/05/01 14:33:21 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{ED1F98EF-E6B3-4B17-AD40-5E6A08A04398} [2012/05/01 14:32:54 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{A3CAD25E-7F38-4B26-81A0-72D6C6CAA84B} [2012/05/01 08:51:33 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{1CB11E8A-E8EE-42E2-9A41-4793374A3176} [2012/05/01 08:51:04 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{2ED40BC1-BD97-4769-AD46-209A13D7711A} [2012/04/30 18:04:39 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{AD409D4C-6F02-488E-8E9A-8BBDD4D7609F} [2012/04/30 18:04:26 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{B58F6378-B6D4-4006-9C32-8D5BE387706B} [2012/04/30 08:42:26 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{28EAB79B-C6E4-4A2C-860C-947A8E38EF44} [2012/04/30 08:42:12 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{3B33410D-ED99-4EC6-A2F8-CDB41060BB0C} [2012/04/29 10:37:58 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{0E3F7BA9-5A9B-4462-BAE0-8AB524798105} [2012/04/29 10:37:43 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{6BA8A9E9-3874-406F-ACB3-E4291669D913} [2012/04/28 18:33:49 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{2A835499-339B-4601-A993-21F48A01323A} [2012/04/28 18:33:34 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{EA746D83-6DD9-41BB-8799-FB9A2BB7E3E8} [2012/04/28 11:11:04 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{5FF27739-0DED-48C7-92A1-FB5C70218DEC} [2012/04/28 09:33:13 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{C209C436-E613-4BF8-BD29-994FFC1C8A8E} [2012/04/28 09:32:54 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{DA4CB24F-9440-494B-816D-308F2BBE2FBD} [2012/04/26 14:48:12 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{F4BC9708-6DF7-421B-A41C-E5A2C49C6834} [2012/04/26 14:47:58 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{A6CA3515-DAF0-41FF-999A-C5BAD41B7056} [2012/04/26 08:28:36 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{F34A4B94-74F8-4759-9638-C1C165E96C79} [2012/04/26 08:28:13 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{A69F9138-C43F-4E87-AB8D-435CEFB2FD83} [2012/04/25 16:42:18 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{8AA0F3A7-5A4C-4E55-8CD4-68E804DFB671} [2012/04/25 16:42:05 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{3563F647-A074-4D1F-A07D-088A161D4909} [2012/04/25 08:29:53 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{A1823E2C-23FA-43E4-9597-AC46880C1763} [2012/04/25 08:29:41 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{26325A69-58F2-4600-95B5-7C932BDBE1D6} [2012/04/25 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{A156CE98-6CBB-4DCF-8EB6-380F7834E948} [2012/04/25 00:01:53 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{20BB50F1-6CEC-4726-83CA-7D30342D861A} [2012/04/24 17:07:22 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{AE554EC5-4DE8-4C9B-B88F-37E3EFF61245} [2012/04/24 17:06:47 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{9961B7DE-C4E3-4CB5-A22B-0293F4876E2F} [2012/04/24 08:48:32 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{E9E4BC54-C6AD-4B8A-B876-1ED388E99FCB} [2012/04/24 08:48:05 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{28B698C1-71D2-4B89-BD05-F2A21A6574F6} [2012/04/23 19:34:39 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{5ACCFF23-AE99-4C59-9AB4-23D84C6FB886} [2012/04/23 19:34:13 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{47B353F4-F0FB-49B3-9020-C46848FC1B30} [2012/04/23 09:23:45 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{D5FA061F-A17E-44D5-AD48-3F6B77E6714B} [2012/04/23 09:23:27 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{893FDC39-19A3-4419-AC51-9E22CA721CFD} [2012/04/22 10:36:55 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{30B6B0C0-5DA7-42A6-8FA2-95D6E74D9091} [2012/04/22 10:36:42 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{DEED2CE4-FD38-434F-A7D7-E405E67FBBBC} [2012/04/21 15:36:40 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{40FC5E3C-34CC-45DF-A39F-8553C1DA49A9} [2012/04/21 15:36:25 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{8B4DB577-6F57-4B2E-A31F-3F7BF372065E} [2012/04/21 11:10:33 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{9FFF18A3-7506-49AF-8F72-3C653116E8EF} [2012/04/21 09:06:42 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{CAA03151-81BD-438B-85A6-D1ECDA2FAA7F} [2012/04/21 09:06:29 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{40D68CE3-BCB2-4B44-92CC-FBC36291E941} [2012/04/20 21:14:08 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{F15E95A5-8435-4043-8B69-C56E60041B4F} [2012/04/20 21:13:54 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{83224DF9-C380-490C-A4BC-5BBED8141086} [2012/04/20 05:41:16 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{1B425255-16C1-4B4F-972C-51DBC324F9B7} [2012/04/20 05:41:04 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{768F89B4-B881-4117-BAA3-8B9BD0987242} [2012/04/19 14:46:41 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{95666207-5ED3-4F16-9F62-7B4F9BCAA7A8} [2012/04/19 14:46:25 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{D70A3B4D-E403-4162-AAAA-1BAB455A7B3B} [2012/04/19 07:52:37 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{59932838-4C5D-4FB0-AE9B-433C9D22BB5D} [2012/04/19 07:52:23 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{F4F063F1-6D95-46D5-A326-413CB06E9A41} [2012/04/18 18:09:34 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{04B504BE-A0D7-43C4-A561-9A2187CBE126} [2012/04/18 18:09:18 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{092220B0-623F-441E-8327-EBB101EE0CE1} [2012/04/18 08:33:49 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{708E53DF-CA23-4841-8220-1E8CBD3377F0} [2012/04/18 08:33:33 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{9AEB0A02-2D4F-42C7-BFAC-133E0523EC0E} [2012/04/17 16:47:39 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{814AF696-1EAE-4092-A53C-F5BB362D87A8} [2012/04/17 16:47:23 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{980527EA-FE66-4546-967C-1D25E8773B1F} [2012/04/16 16:48:09 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{31511C79-3996-4E81-91B1-9E4F754B55C1} [2012/04/16 16:47:39 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{56C28B13-F755-4D38-B742-47BBA9C95EEB} [2012/04/16 08:33:42 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{C7995C61-3B48-40A8-BE95-0AACBD4C4150} [2012/04/16 08:33:26 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{962CC634-7772-4868-919A-E857C21ECCAF} [2012/04/15 10:06:40 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{BEE02ADD-B1D8-40AB-AE45-DC83CB7D1B71} [2012/04/15 10:06:21 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{68F03058-87D5-41DD-9153-B5743FEDDC01} [2012/04/15 01:26:37 | 000,000,000 | ---D | C] -- C:\cd9c36d3143c5e3a2ee824b2a0c1 [2012/04/14 17:07:37 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{D6BB692B-445B-438B-A753-5074922985EF} [2012/04/14 17:07:23 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{744603D4-9D42-4745-A2C6-3042ABBA2648} [2012/04/14 09:26:17 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{A40546B7-27C5-4106-9786-7235A9FFC586} [2012/04/14 09:26:02 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{F0313672-A3BC-4B72-8572-6CB321DFA6E2} [2012/04/13 10:14:49 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{EBA7D19D-7812-439A-9FC8-021E22B610F3} [2012/04/12 08:35:05 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{0DFB181D-D07F-48AA-840A-909AB6E37B60} [2012/04/11 09:45:40 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{C2838069-C9E3-4EAC-8C51-9EEC29233742} [2012/04/11 06:34:00 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{B94B646B-6391-4F4D-A528-E3D76C859F2A} [2012/04/09 20:48:24 | 000,000,000 | ---D | C] -- C:\Users\Anon\Documents\MyHeritage [2012/04/09 20:48:24 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Roaming\MyHeritage [2012/04/09 20:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\MyHeritage [2012/04/09 20:48:14 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyHeritage.com [2012/04/09 20:47:57 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Roaming\The Complete Genealogy Reporter - FTB [2012/04/09 20:46:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyHeritage [2012/04/09 10:20:37 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{B7CAA425-AC9D-4AD0-9434-6B976714330F} [2012/04/08 13:00:41 | 000,000,000 | ---D | C] -- C:\Users\Anon\AppData\Local\{5BA33714-C359-430B-B488-C43A45EE63E5} ========== Files - Modified Within 30 Days ========== [2012/05/07 20:35:01 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/07 18:31:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/07 17:41:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/05/07 17:13:10 | 000,017,600 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/07 17:13:10 | 000,017,600 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/07 17:12:08 | 004,486,979 | R--- | M] (Swearware) -- C:\Users\Anon\Documents\ComboFix.exe [2012/05/07 17:08:17 | 097,383,047 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/05/07 17:04:32 | 000,000,988 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/07 17:04:06 | 3167,580,160 | -HS- | M] () -- C:\hiberfil.sys [2012/05/06 01:15:22 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/06 00:54:36 | 001,008,141 | ---- | M] () -- C:\Users\Anon\Documents\rkill.com [2012/05/05 18:55:34 | 000,437,267 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/05/01 19:17:14 | 001,248,852 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/05/01 19:17:14 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/05/01 19:17:14 | 000,456,978 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat [2012/05/01 19:17:14 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/05/01 19:17:14 | 000,077,452 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat [2012/04/30 23:38:18 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/04/30 18:08:55 | 000,000,564 | ---- | M] () -- C:\Windows\MyHeritage.INI [2012/04/29 17:40:04 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Anon.job [2012/04/24 10:18:09 | 000,020,340 | ---- | M] () -- C:\Users\Anon\Documents\Årsoppgavet.servlets.pdf [2012/04/09 20:48:14 | 000,001,129 | ---- | M] () -- C:\Users\Anon\Desktop\MyHeritage Family Tree Builder.lnk ========== Files Created - No Company Name ========== [2012/05/07 17:33:39 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012/05/07 17:33:39 | 000,001,782 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk [2012/05/07 17:33:26 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk [2012/05/07 17:33:26 | 000,002,494 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012/05/07 17:33:26 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012/05/07 17:33:26 | 000,001,450 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk [2012/05/07 17:33:26 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2012/05/07 17:33:26 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [2012/05/07 17:33:26 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2012/05/07 17:33:26 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012/05/07 17:33:26 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2012/05/07 17:33:26 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2012/05/07 17:33:26 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2012/05/07 17:33:26 | 000,001,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Oppgavevelger.lnk [2012/05/07 17:33:25 | 000,002,575 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk [2012/05/07 17:33:25 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/05/07 17:33:25 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012/05/07 17:33:25 | 000,001,361 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk [2012/05/07 17:33:25 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012/05/07 17:33:25 | 000,001,215 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk [2012/05/07 17:33:25 | 000,001,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012/05/07 17:33:24 | 000,002,513 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012/05/07 17:33:24 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk [2012/05/07 17:33:24 | 000,002,348 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/05/07 17:33:24 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012/05/07 17:33:24 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\Valg av nettleser.lnk [2012/05/07 17:33:24 | 000,001,527 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk [2012/05/07 17:33:24 | 000,001,348 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk [2012/05/07 17:33:24 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2012/05/07 17:33:24 | 000,001,270 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk [2012/05/07 17:33:24 | 000,001,177 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk [2012/05/07 17:33:24 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2012/05/07 17:33:24 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\EOS Utility.lnk [2012/05/07 17:33:24 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk [2012/05/07 17:33:23 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\Acer GameZone Console.lnk [2012/05/07 17:33:23 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012/05/07 17:33:23 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk [2012/05/07 17:33:23 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk [2012/05/06 01:15:22 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/06 00:54:36 | 001,008,141 | ---- | C] () -- C:\Users\Anon\Documents\rkill.com [2012/04/24 10:18:09 | 000,020,340 | ---- | C] () -- C:\Users\Anon\Documents\Årsoppgavet.servlets.pdf [2012/04/09 20:55:56 | 000,000,564 | ---- | C] () -- C:\Windows\MyHeritage.INI [2012/04/09 20:48:14 | 000,001,129 | ---- | C] () -- C:\Users\Anon\Desktop\MyHeritage Family Tree Builder.lnk [2012/04/09 20:47:57 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll [2011/06/12 23:34:43 | 000,001,456 | ---- | C] () -- C:\Users\Anon\AppData\Local\Adobe Save for Web 12.0 Prefs [2011/05/19 16:14:46 | 000,000,000 | ---- | C] () -- C:\Users\Anon\AppData\Local\{919C5754-0CFA-418B-8FFE-8E43CC0BE69C} [2011/05/13 16:01:00 | 000,000,000 | ---- | C] () -- C:\Users\Anon\AppData\Local\{3ED16BA7-4691-4648-824A-4955D234B780} [2011/03/12 20:36:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/03/12 20:36:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/03/12 20:36:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/03/12 20:36:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/03/12 20:36:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010/11/02 21:06:48 | 000,007,168 | ---- | C] () -- C:\Users\Anon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/08/30 00:13:45 | 000,007,638 | ---- | C] () -- C:\Users\Anon\AppData\Local\Resmon.ResmonCfg [2010/08/17 12:42:13 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2011/03/18 23:43:40 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\AVG10 [2010/09/12 11:06:46 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Canon [2010/08/18 21:55:38 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\GameConsole [2011/01/25 20:00:18 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\GameRanger [2011/12/22 18:57:01 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\gtk-2.0 [2012/04/09 20:51:20 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\MyHeritage [2010/09/30 14:45:46 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Participatory Culture Foundation [2012/02/12 02:25:10 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\PCF-VLC [2011/05/13 15:43:07 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\PlayFirst [2010/11/02 20:39:22 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\Sony [2011/02/27 23:07:04 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/04/09 20:47:57 | 000,000,000 | ---D | M] -- C:\Users\Anon\AppData\Roaming\The Complete Genealogy Reporter - FTB [2012/05/04 16:14:33 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -&--#62; C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 138 bytes -&--#62; C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 133 bytes -&--#62; C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 124 bytes -&--#62; C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 122 bytes -&--#62; C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 116 bytes -&--#62; C:\ProgramData\Temp:0B9176C0 &--#60; End of report &--#62; Og til sist, det kom opp en Extra.Txt fra OTL OTL Extras logfile created on: 5/7/2012 9:12:13 PM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Anon\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 3.93 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 48.62% Memory free 7.87 Gb Paging File | 5.92 Gb Available in Paging File | 75.33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453.94 Gb Total Space | 90.06 Gb Free Space | 19.84% Space Free | Partition Type: NTFS Computer Name: Anon-PC | User Name: Anon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\&--#60;extension&--#62;] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\&--#60;extension&--#62;] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\&--#60;extension&--#62;] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\&--#60;key&--#62;\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\&--#60;key&--#62;\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06D0FB20-40E1-408E-8AD3-5AF36EDDF11E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2B8D1318-2788-46B1-B5EA-D905070C10CC}" = rport=10243 | protocol=6 | dir=out | app=system | "{2F0282D8-9FF9-413C-87CC-5B01A016375C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{4B68FDB5-0C6C-499E-8B14-96C74363C50A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{5D7CEB1A-4BE4-4609-868B-5F7B7C88C5E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{67C22992-01AD-4527-B48B-00235D27E394}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7A17C125-B5DF-43CE-AF3B-9AF240861E3C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{86871721-E07E-404E-B40E-7FAC2CFE92E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{8A1CEF66-9E17-4E5E-BED7-AFD8153C545C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{90F7CC1F-FBC4-49DD-A6D5-D85D81530E05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{92B2BC21-1FBE-4F6A-BCFA-5C2685138A10}" = rport=137 | protocol=17 | dir=out | app=system | "{97524615-A797-444B-B568-FEB12CA68DF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A650B7B9-6348-44B1-8488-AE0925840F4F}" = rport=138 | protocol=17 | dir=out | app=system | "{A6F13EA4-830F-466D-82EB-D9ECD06B2D44}" = rport=139 | protocol=6 | dir=out | app=system | "{A73A9E8E-00C7-4E03-B705-86B3F531399D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AE6A9E0A-BD6A-4BF6-8B95-7B799436369D}" = lport=137 | protocol=17 | dir=in | app=system | "{B0140B23-CF01-4866-8D6E-9B5455BCD5B5}" = lport=445 | protocol=6 | dir=in | app=system | "{B04DA117-A55F-4403-8D99-02E6463A509E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CAA7D8FB-57C9-42EC-BF85-FABC4504D22D}" = lport=2869 | protocol=6 | dir=in | app=system | "{CE2323FA-B960-4CAB-851C-C268F2AAE232}" = lport=139 | protocol=6 | dir=in | app=system | "{CE93BD6E-5797-46C1-B2A3-7245C47767C7}" = lport=2869 | protocol=6 | dir=in | app=system | "{D1A8BFB2-9797-4BEE-91C5-9953D687B220}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D3521BF9-7CD0-43A8-BD0D-451527EAA79B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{DB185539-7A93-4DFF-9FF7-24A77C26182D}" = lport=10243 | protocol=6 | dir=in | app=system | "{E0174D95-246A-46B0-8E3B-030E08BB99D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E15720FD-5C04-40E3-8503-F1C0BA3FC917}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{E670E25E-FD7B-4AB4-9663-4D0B9B055A10}" = rport=445 | protocol=6 | dir=out | app=system | "{FFC68255-EE71-40AD-9B1A-68EAB7333958}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{062E1F1E-CB47-4A36-8E8E-3835A3CB09FD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{0704586A-F77E-4C84-B591-F0FB183AD678}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{0796F9EB-6B84-42DA-8B16-22E8CA53547A}" = protocol=58 | dir=out | [email protected],-28546 | "{09D5FFBA-5CEB-4E57-8706-C76F2DB93C46}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0C06935C-A6FE-4244-B972-A938EAAD4077}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0D6C5C7A-B379-4CF7-997B-9AB6898EFA19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{18D2273C-26A1-45EF-A910-306C06114EBC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | "{2189C44A-16E6-4F0D-9F99-59FD5F44A1CA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{26F9AD74-FE40-44F8-923D-A1023B779455}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{27221883-B95C-4369-A043-74CF5D48C15F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{27D224EA-00E4-40A2-B32B-AC5B06E400C0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{323BD877-86E5-486A-A348-BE00F615BDED}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{36044D87-52B7-4DDD-951C-E5C1183FEFC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4356405D-AC39-44AB-8F1E-1E40CCA4BE85}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{45FA8366-6299-485B-A856-3C24C7552FEE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{4B4843E7-B07D-41F2-A5B0-6F0487E72F24}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | "{562179EA-D7E7-4C55-9866-CD45BF4D47B9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{580DC7A6-953C-4F30-AEDA-5BA86B6808BC}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | "{5BD3C963-D62E-4EDC-8EAE-C3E512D97475}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5D75925B-35FF-4841-8E4C-70C0F0037B69}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{66A59190-7EBC-4357-9D5B-2EB3AE46EA37}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{66E2F96C-9C0B-45E0-BD6D-3CA00654E230}" = protocol=6 | dir=out | app=system | "{78B637EF-3694-4B61-B3A1-01BF870AB2C6}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | "{7AA94019-8AEE-4344-8329-AA19737A692F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{87E667A8-B1A3-46DF-8AD5-8FE966C37DF7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{904DA5FD-08D1-4612-979E-9432BABBECC9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{9275A1E8-9406-40D3-AC19-6CEE1701A2D3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{928E7FEB-3032-462E-8F60-14A3FF7BD8E3}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{9474A2AB-6956-40C7-A507-0486D29B8023}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{94BB26E2-899B-4225-95E9-B33F1D0A9635}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{970EF1F7-70E4-438B-9690-9BDF6CCE046B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{9FCDFC5C-7FA0-4C5D-AFBC-B97B7282692A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A911D057-4CCC-4B4F-9233-843B44870438}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{A97FC35E-0D0C-4E51-A7C2-ADE3AA8F8DA2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{A9E0DB5D-62E2-40E4-A7EB-42EC1E803DDC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{AD6F38F2-B4DE-413C-94D8-E93C386F42A0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{BA7CAF88-DEF3-468E-919A-F97764EA7C99}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{BAE3FDD8-A7A4-4037-AA5B-7AD011F69CAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BCAE82F8-DAB5-4E32-8DC7-D7D5EA7DAC04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C173A377-342B-4E21-929F-58B0A95712BA}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{C4B547A6-0839-482B-A060-849E641BED09}" = protocol=1 | dir=out | [email protected],-28544 | "{C4DDF536-BFD8-4672-81AD-B2E4B84AE9FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D3CFF195-8777-4DB1-9F66-9B09558C1BA5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D4DE06C8-7A38-43FB-BD9B-53EE8071AF2F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{D664E3C5-643D-4862-8BB2-7B95E8DA26A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D7FD266F-EED9-433E-826B-CEF8097E1CF1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{DE61E482-602C-488D-B162-5C6E173676EC}" = protocol=1 | dir=in | [email protected],-28543 | "{E317AC97-75CE-4252-A669-32DDD109198D}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | "{F30ECD2F-797C-466E-95EB-29B1C86A0921}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F6B2E0E0-6A3C-4F88-808D-1EDDB714ED7E}" = protocol=58 | dir=in | [email protected],-28545 | "TCP Query User{03B7A398-A2DC-4F0C-AACC-A08D80AED187}C:\users\Anon\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\Anon\appdata\roaming\gameranger\gameranger\gameranger.exe | "TCP Query User{1A101F34-D008-4D47-8388-E7DA6948E4D6}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{2B61F280-9663-463F-AE9B-AAD4AA12F058}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{403259F0-414B-4970-8A44-748D7FC2C583}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{413BEBCC-EDB8-438B-AF77-3FF470DE439D}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe | "TCP Query User{5E0B5706-3466-4310-B343-5EB7DE111EC3}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{6A8A74D3-CFF2-4A29-A612-DA03680A3695}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{6F10F4F9-FA8F-43A7-89A8-3F08DD9D5A3F}C:\program files (x86)\sony\vegas pro 9.0\vegsrv90.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vegas pro 9.0\vegsrv90.exe | "TCP Query User{79246E26-7CBD-4D89-87D4-9435C7F47E5E}C:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | "TCP Query User{AEDBA4E6-F1A6-402D-B031-1B40A1AA69FE}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{BCF8BEE3-5F44-43F7-8F59-E038AAE004E3}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe | "TCP Query User{C9BF35C2-23E7-4E87-A7F7-F8751560317E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{D418129C-601F-4C01-A748-584E92552672}C:\users\Anon\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\Anon\appdata\roaming\gameranger\gameranger\gameranger.exe | "TCP Query User{EC0ED8F6-1A78-4A2D-8BA6-C800505096CD}C:\spel\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\spel\microsoft games\age of empires\empires.exe | "UDP Query User{188EA11B-0F87-4E59-BB90-73B46BD627F6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{1AF4F675-726D-4378-87E3-DEF1F1C88FD9}C:\spel\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\spel\microsoft games\age of empires\empires.exe | "UDP Query User{2ECC031F-2799-4A9B-A5DD-432BE4A425B3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{2FA7739C-E0A7-41B9-804B-0E62368FBE33}C:\users\Anon\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\Anon\appdata\roaming\gameranger\gameranger\gameranger.exe | "UDP Query User{3E456307-E6E2-49C9-A603-34FEFF8071C0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{43545667-69A8-4FC2-94B2-75A3546CC798}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe | "UDP Query User{4E0E9497-27C9-40D5-95C2-3BED1A437D0C}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{5F6F1A51-F7CE-4AAA-8A23-5B9F4E357531}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{7C74FDEB-3E7E-4FD9-B4DE-C34FE03767C3}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{8D2BF732-A799-4132-AD72-0B67429B4512}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe | "UDP Query User{B62C9B89-52AB-4F6D-B806-3AD72D4D02D9}C:\program files (x86)\sony\vegas pro 9.0\vegsrv90.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vegas pro 9.0\vegsrv90.exe | "UDP Query User{C8BAD99E-5431-4DFD-BB57-298FFC83AB26}C:\users\Anon\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\Anon\appdata\roaming\gameranger\gameranger\gameranger.exe | "UDP Query User{EFD7E0CE-B875-4E6E-879B-7E30DD010871}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{F98DA855-B94E-48E5-8148-F43984CB91BE}C:\program files (x86)\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{2CF025A4-321E-C776-B04C-3AC66DC50907}" = ATI AVIVO64 Codecs "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{46786BEA-EA68-4A45-93C4-4A0D4E5A8C3C}" = AVG 2011 "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{4968C926-8496-9FC1-13A8-4AC1FE8B5B46}" = ATI Catalyst Install Manager "{58B1C341-6DD6-4D0F-A953-53C335DC2F56}" = Windows Live Family Safety "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011 "{6D9DCF92-F8A3-33A2-897A-9C379448E0D8}" = Microsoft .NET Framework 4 Client Profile NOR Language Pack "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{90120000-002A-0414-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2007 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0414-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B26B41EB-32E0-2680-D524-2558541933DD}" = ccc-utility64 "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "AVG" = AVG 2011 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile NOR Language Pack" = Microsoft .NET Framework 4 Client Profile NOR Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "VueScan" = VueScan [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{086CF780-DA3F-6757-D834-C84BC58A87D1}" = CCC Help English "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger "{0AC84F2E-640B-FB92-779A-D6FFACBB7CE5}" = CCC Help French "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2 "{1A95E365-9CF8-0391-661B-F4C2AF7F34FB}" = CCC Help Czech "{1C71DC57-1388-4C1C-AB2F-2B9C0EF83409}" = Windows Live UX Platform Language Pack "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5 "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 30 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding "{34D9F830-3A03-7F79-251B-C15B002633E1}" = Catalyst Control Center Graphics Light "{34DBCB78-C244-0AD0-3D8F-F272067C79FA}" = CCC Help Greek "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{42A2ED4D-332B-11C1-251D-3EB716781621}" = CCC Help Chinese Traditional "{49AB94D9-8FBB-5B8C-9F2E-AF4460D19CD9}" = ccc-core-static "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4EF669B9-BA18-D426-24B0-841D19B7FBF3}" = Catalyst Control Center Graphics Full Existing "{5118AC20-6A87-01CD-B036-10E11FA663B6}" = CCC Help German "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.2 "{54A32A13-E55D-00E3-A4CF-D91752D95447}" = Catalyst Control Center Core Implementation "{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0 "{56D42B00-572C-4AE9-BCFB-CD45A3B5D0E1}" = Messenger Assistent "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{60CBBC35-75D4-D0E8-8B6A-000E6F9957F1}" = CCC Help Spanish "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{7453E7D0-AA0D-E702-ACBE-FE60D94D5CFF}" = CCC Help Swedish "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7C7841EB-DE0C-E931-DCAD-0929FB6406A5}" = CCC Help Hungarian "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AFEE9BF-D99C-4FEB-7E33-EFBBE25A8ABC}" = Catalyst Control Center InstallProxy "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DA9DA10-E01F-12AD-60D9-BAD83B32D291}" = CCC Help Russian "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console "{90120000-0015-0414-0000-0000000FF1CE}" = Microsoft Office Access MUI (Norwegian (Bokmål)) 2007 "{90120000-0015-0414-0000-0000000FF1CE}_OMUI.nb-no_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0414-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007 "{90120000-0016-0414-0000-0000000FF1CE}_OMUI.nb-no_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0414-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Norwegian (Bokmål)) 2007 "{90120000-0017-0414-0000-0000000FF1CE}_OMUI.nb-no_{53EFA1AD-FFA0-443E-80AF-18CD374C393C}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007 "{90120000-0018-0414-0000-0000000FF1CE}_OMUI.nb-no_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0414-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007 "{90120000-0019-0414-0000-0000000FF1CE}_OMUI.nb-no_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0414-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007 "{90120000-001A-0414-0000-0000000FF1CE}_OMUI.nb-no_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0414-0000-0000000FF1CE}" = Microsoft Office Word MUI (Norwegian (Bokmål)) 2007 "{90120000-001B-0414-0000-0000000FF1CE}_OMUI.nb-no_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.nb-no_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.nb-no_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2007 "{90120000-001F-0414-0000-0000000FF1CE}_OMUI.nb-no_{F47DC432-9E71-4DC4-A488-9842D767DDDB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2007 "{90120000-001F-0814-0000-0000000FF1CE}_OMUI.nb-no_{67BED6C1-5AE1-45CD-8060-BFFD37ED0DDD}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0414-0000-0000000FF1CE}" = Compatibility Pack for 2007 Office "{90120000-002A-0414-1000-0000000FF1CE}_OMUI.nb-no_{F12E93BA-172F-4875-A3C6-FE271A461AA1}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0414-0000-0000000FF1CE}" = Microsoft Office Proofing (Norwegian (Bokmål)) 2007 "{90120000-0044-0414-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2007 "{90120000-0044-0414-0000-0000000FF1CE}_OMUI.nb-no_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0414-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007 "{90120000-006E-0414-0000-0000000FF1CE}_OMUI.nb-no_{F12E93BA-172F-4875-A3C6-FE271A461AA1}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0414-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007 "{90120000-00A1-0414-0000-0000000FF1CE}_OMUI.nb-no_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0414-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Norwegian (Bokmål)) 2007 "{90120000-00BA-0414-0000-0000000FF1CE}_OMUI.nb-no_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0414-0000-0000000FF1CE}" = Microsoft Office O MUI (Norwegian (Bokmål)) 2007 "{90120000-0100-0414-0000-0000000FF1CE}_OMUI.nb-no_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0414-0000-0000000FF1CE}" = Microsoft Office X MUI (Norwegian (Bokmål)) 2007 "{90120000-0101-0414-0000-0000000FF1CE}_OMUI.nb-no_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-0015-0414-0000-0000000FF1CE}" = Microsoft Office Access MUI (Norwegian (Bokmål)) 2010 "{90140000-0015-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0414-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010 "{90140000-0016-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010 "{90140000-0018-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0414-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010 "{90140000-0019-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0414-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010 "{90140000-001A-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0414-0000-0000000FF1CE}" = Microsoft Office Word MUI (Norwegian (Bokmål)) 2010 "{90140000-001B-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010 "{90140000-001F-0414-0000-0000000FF1CE}_Office14.SingleImage_{F3137115-1D72-46BE-9D42-B5DE61971F2A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010 "{90140000-001F-0814-0000-0000000FF1CE}_Office14.SingleImage_{751049E8-D99F-4DE1-9FC2-71DE06655678}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0414-1000-0000000FF1CE}_Office14.SingleImage_{BBFE07A3-B32C-4D6E-B5CA-9F420106EC9D}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0414-0000-0000000FF1CE}" = Microsoft Office Proofing (Norwegian (Bokmål)) 2010 "{90140000-002C-0414-0000-0000000FF1CE}_Office14.SingleImage_{66FC3637-893A-4837-A32C-0DD98E7F8444}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0414-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010 "{90140000-006E-0414-0000-0000000FF1CE}_Office14.SingleImage_{C166254D-5FB6-4D3F-8509-3575387141B9}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0414-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010 "{90140000-00A1-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90470DB8-70FC-2A03-8B53-7FE312AC245C}" = CCC Help Thai "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Norwegian (Bokmål)) "{95140000-007A-0414-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A44DC95-026F-4A07-98A0-EBDB9ED2DE19}" = Windows Live Sync "{9B4D5767-98CE-D0F0-8156-4E3601826F3F}" = PX Profile Update "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A7E6880B-7118-A96A-609F-14D7360E7D61}" = CCC Help Danish "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1044-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Norsk "{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management "{B2107940-7236-213E-C220-6046712063F8}" = CCC Help Portuguese "{B3CEA4A7-03EC-8962-3C5F-A214FE039AA5}" = Catalyst Control Center Graphics Previews Vista "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B863D083-8782-C588-74EB-3B4F42AD737A}" = Catalyst Control Center Graphics Full New "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CE825A45-067E-41AF-2E6B-BE1B8BC23628}" = CCC Help Norwegian "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1824129-8BE2-4FA6-B262-C4D99F7355D3}" = Microsoft Works "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DDA475ED-DC7B-44E5-7680-EF6407065176}" = CCC Help Italian "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3F7E760-CD3F-7317-3E9B-DEEAF12B93DC}" = CCC Help Turkish "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E751664E-7AB9-36E2-344D-26A2D38783BC}" = CCC Help Dutch "{E7E27B47-BD17-46C3-2232-C82269C958F8}" = CCC Help Polish "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F08348FE-F080-706C-FD13-ABEACB5E6D15}" = CCC Help Korean "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F66F8651-4666-D528-6B19-E124E11D2B7D}" = CCC Help Japanese "{F90F3043-6DD4-4596-44AF-85AE350AB02E}" = Catalyst Control Center Localization All "{F994030D-1E19-944F-D35F-6124CD5424AF}" = CCC Help Chinese Standard "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FED25C64-2FA3-D409-ABCC-D0668D5274F5}" = CCC Help Finnish "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Age of Empires" = Microsoft Age of Empires "AutocompletePro3_is1" = AutocompletePro "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "AVS4YOU Video Converter 7_is1" = AVS Video Converter 7 "AXIS Media Control Embedded" = AXIS Media Control Embedded "CAL" = Canon Camera Access Library "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CSCLIB" = Canon Camera Support Core Library "CyberIpod WebVideo Grabber_is1" = CyberIpod WebVideo Grabber 1.1.0.7 "DPP" = Canon Utilities Digital Photo Professional 3.4 "EOS Utility" = Canon Utilities EOS Utility "Family Tree Builder" = MyHeritage Family Tree Builder "Google Chrome" = Google Chrome "GridVista" = Acer GridVista "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versjon 1.61.0.1400 "McAfee Security Scan" = McAfee Security Scan Plus "NSS" = Norton Security Scan "Office14.SingleImage" = Microsoft Office Home and Student 2010 "OMUI.nb-no" = Microsoft Office Language Pack 2007 - Norwegian/norsk "PhotoStitch" = Canon Utilities PhotoStitch "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX "SnagIt5" = SnagIt 5 "webmmf" = WebM Media Foundation Components "WinLiveSuite" = Windows Live Essentials "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GameRanger" = GameRanger "Virtual Globe." = Virtual Globe. ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/2/2012 12:16:56 PM | Computer Name = Anon-PC | Source = Application Error | ID = 1000 Description = Programnavn med feil: CALMAIN.exe, versjon: 8.1.0.14, tidsangivelse: 0x433d11f9 Modulnavn med feil: msvcrt.dll, versjon: 7.0.7601.17744, tidsangivelse: 0x4eeaf722 Unntakskode: 0xc0000005 Feilforskyvning: 0x00009966 Feil prosess-ID: 0xf24 Feil starttid for program: 0x01cd2871b9656e12 Feil programbane: C:\Program Files (x86)\Canon\CAL\CALMAIN.exe Feil modulbane: C:\Windows\syswow64\msvcrt.dll Rapport-ID: 3c650029-9472-11e1-8290-00262d82a9df Error - 5/2/2012 3:41:12 PM | Computer Name = Anon-PC | Source = Application Error | ID = 1000 Description = Programnavn med feil: CALMAIN.exe, versjon: 8.1.0.14, tidsangivelse: 0x433d11f9 Modulnavn med feil: msvcrt.dll, versjon: 7.0.7601.17744, tidsangivelse: 0x4eeaf722 Unntakskode: 0xc0000005 Feilforskyvning: 0x00009966 Feil prosess-ID: 0xb58 Feil starttid for program: 0x01cd28946509924c Feil programbane: C:\Program Files (x86)\Canon\CAL\CALMAIN.exe Feil modulbane: C:\Windows\syswow64\msvcrt.dll Rapport-ID: c58bd079-948e-11e1-a8a5-00262d82a9df Error - 5/3/2012 1:02:43 PM | Computer Name = Anon-PC | Source = Application Error | ID = 1000 Description = Programnavn med feil: CALMAIN.exe, versjon: 8.1.0.14, tidsangivelse: 0x433d11f9 Modulnavn med feil: msvcrt.dll, versjon: 7.0.7601.17744, tidsangivelse: 0x4eeaf722 Unntakskode: 0xc0000005 Feilforskyvning: 0x00009966 Feil prosess-ID: 0xaf8 Feil starttid for program: 0x01cd2938c35312e9 Feil programbane: C:\Program Files (x86)\Canon\CAL\CALMAIN.exe Feil modulbane: C:\Windows\syswow64\msvcrt.dll Rapport-ID: cbfe87c6-9541-11e1-bdcc-00262d82a9df Error - 5/4/2012 1:41:12 AM | Computer Name = Anon-PC | Source = Application Error | ID = 1000 Description = Programnavn med feil: CALMAIN.exe, versjon: 8.1.0.14, tidsangivelse: 0x433d11f9 Modulnavn med feil: msvcrt.dll, versjon: 7.0.7601.17744, tidsangivelse: 0x4eeaf722 Unntakskode: 0xc0000005 Feilforskyvning: 0x00009966 Feil prosess-ID: 0xb28 Feil starttid for program: 0x01cd29b6fa813ebf Feil programbane: C:\Program Files (x86)\Canon\CAL\CALMAIN.exe Feil modulbane: C:\Windows\syswow64\msvcrt.dll Rapport-ID: c17f964e-95ab-11e1-bd59-00262d82a9df Error - 5/4/2012 10:16:50 AM | Computer Name = Anon-PC | Source = Application Error | ID = 1000 Description = Programnavn med feil: CALMAIN.exe, versjon: 8.1.0.14, tidsangivelse: 0x433d11f9 Modulnavn med feil: msvcrt.dll, versjon: 7.0.7601.17744, tidsangivelse: 0x4eeaf722 Unntakskode: 0xc0000005 Feilforskyvning: 0x00009966 Feil prosess-ID: 0xd4c Feil starttid for program: 0x01cd2a0051a61382 Feil programbane: C:\Program Files (x86)\Canon\CAL\CALMAIN.exe Feil modulbane: C:\Windows\syswow64\msvcrt.dll Rapport-ID: c9f4e0d2-95f3-11e1-b91e-00262d82a9df Error - 5/5/2012 3:32:04 AM | Computer Name = Anon-PC | Source = Application Error | ID = 1000 Description = Programnavn med feil: CALMAIN.exe, versjon: 8.1.0.14, tidsangivelse: 0x433d11f9 Modulnavn med feil: msvcrt.dll, versjon: 7.0.7601.17744, tidsangivelse: 0x4eeaf722 Unntakskode: 0xc0000005 Feilforskyvning: 0x00009966 Feil prosess-ID: 0x904 Feil starttid for program: 0x01cd2a9084d00d89 Feil programbane: C:\Program Files (x86)\Canon\CAL\CALMAIN.exe Feil modulbane: C:\Windows\syswow64\msvcrt.dll Rapport-ID: 68e04b2f-9684-11e1-b95e-00262d82a9df Error - 5/5/2012 12:23:35 PM | Computer Name = Anon-PC | Source = Application Error | ID = 1000 Description = Programnavn med feil: CALMAIN.exe, versjon: 8.1.0.14, tidsangivelse: 0x433d11f9 Modulnavn med feil: msvcrt.dll, versjon: 7.0.7601.17744, tidsangivelse: 0x4eeaf722 Unntakskode: 0xc0000005 Feilforskyvning: 0x00009966 Feil prosess-ID: 0x8d4 Feil starttid for program: 0x01cd2acc0ab62711 Feil programbane: C:\Program Files (x86)\Canon\CAL\CALMAIN.exe Feil modulbane: C:\Windows\syswow64\msvcrt.dll Rapport-ID: a94ee4ff-96ce-11e1-bdeb-00262d82a9df Error - 5/5/2012 7:13:00 PM | Computer Name = Anon-PC | Source = System Restore | ID = 8193 Description = Error - 5/7/2012 11:54:55 AM | Computer Name = Anon-PC | Source = Application Error | ID = 1000 Description = Programnavn med feil: CALMAIN.exe, versjon: 8.1.0.14, tidsangivelse: 0x433d11f9 Modulnavn med feil: msvcrt.dll, versjon: 7.0.7601.17744, tidsangivelse: 0x4eeaf722 Unntakskode: 0xc0000005 Feilforskyvning: 0x00009966 Feil prosess-ID: 0x9cc Feil starttid for program: 0x01cd2c62b2d57e34 Feil programbane: C:\Program Files (x86)\Canon\CAL\CALMAIN.exe Feil modulbane: C:\Windows\syswow64\msvcrt.dll Rapport-ID: fd07148b-985c-11e1-a783-00262d82a9df Error - 5/7/2012 3:03:49 PM | Computer Name = Anon-PC | Source = SideBySide | ID = 16842815 Description = Generering av aktiveringskontekst mislyktes for C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll. Feil i manifest- eller policyfilen C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll i linje 3. Verdien MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR til attributtet version i elementet assemblyIdentity er ugyldig. [ System Events ] Error - 5/7/2012 10:59:44 AM | Computer Name = Anon-PC | Source = Service Control Manager | ID = 7001 Description = Tjenesten Computer Browser avhenger av tjenesten Server som ikke kan starte på grunn av følgende feil: %%1068 Error - 5/7/2012 11:19:24 AM | Computer Name = Anon-PC | Source = bowser | ID = 8003 Description = Error - 5/7/2012 11:33:42 AM | Computer Name = Anon-PC | Source = Service Control Manager | ID = 7030 Description = Tjenesten PEVSystemStart er merket som en interaktiv tjeneste. Men systemet er konfigurert for ikke å tillate interaktive tjenester. Denne tjenesten vil muligens ikke fungere som den skal. Error - 5/7/2012 11:39:47 AM | Computer Name = Anon-PC | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys er blokkert fra å lastes inn på grunn av inkompatibilitet med dette systemet. Kontakt programvareleverandøren for å få en kompatibel versjon av driveren. Error - 5/7/2012 11:39:47 AM | Computer Name = Anon-PC | Source = Service Control Manager | ID = 7030 Description = Tjenesten PEVSystemStart er merket som en interaktiv tjeneste. Men systemet er konfigurert for ikke å tillate interaktive tjenester. Denne tjenesten vil muligens ikke fungere som den skal. Error - 5/7/2012 11:41:19 AM | Computer Name = Anon-PC | Source = Service Control Manager | ID = 7030 Description = Tjenesten PEVSystemStart er merket som en interaktiv tjeneste. Men systemet er konfigurert for ikke å tillate interaktive tjenester. Denne tjenesten vil muligens ikke fungere som den skal. Error - 5/7/2012 11:54:58 AM | Computer Name = Anon-PC | Source = Service Control Manager | ID = 7034 Description = Tjenesten Canon Camera Access Library 8 avsluttet uventet. Det har den gjort 1 gang(er). Error - 5/7/2012 1:33:10 PM | Computer Name = Anon-PC | Source = bowser | ID = 8003 Description = Error - 5/7/2012 2:24:24 PM | Computer Name = Anon-PC | Source = Service Control Manager | ID = 7030 Description = Tjenesten PEVSystemStart er merket som en interaktiv tjeneste. Men systemet er konfigurert for ikke å tillate interaktive tjenester. Denne tjenesten vil muligens ikke fungere som den skal. Error - 5/7/2012 2:29:14 PM | Computer Name = Anon-PC | Source = Service Control Manager | ID = 7030 Description = Tjenesten PEVSystemStart er merket som en interaktiv tjeneste. Men systemet er konfigurert for ikke å tillate interaktive tjenester. Denne tjenesten vil muligens ikke fungere som den skal. &--#60; End of report &--#62; Tror du viruset er borte? Jeg har også funnet 3 trusler på AVG, virus vault (dette fant jeg tidligere, før jeg kjørte Combofix og OTL) Virus name: Trojan Horse Java/Downloader.CZ , Trojan Horse Generic21.ARFG, og Corrupted executable file. Endret 7. mai 2012 av Sensorium Lenke til kommentar
Dr.Geek Skrevet 8. mai 2012 Del Skrevet 8. mai 2012 1. OTL Fix. Avslutt alle aktive programer og deaktiver alle Antivirus Guards. åpne OTL.exe som Administrator. (høyreklick) Kopier og lim in følgende text in i den hvite textboksen til OTL. :OTL FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll File not found O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 @Alternate Data Stream - 146 bytes -&--#62; C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 138 bytes -&--#62; C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 133 bytes -&--#62; C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 124 bytes -&--#62; C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 122 bytes -&--#62; C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 116 bytes -&--#62; C:\ProgramData\Temp:0B9176C0 :Commands [purity] [emptytemp] [emtyflash] [resethosts] Klick deretter: FIX PCen vil restarte automatisk og det kommer opp et log. Post det. 2. Scan med HitmanPro. Post loggen: http://www.surfright.nl/en Lenke til kommentar
mobile999 Skrevet 8. mai 2012 Del Skrevet 8. mai 2012 (endret) Fjern følgende linje fra TheGenius sitt OTL script: [emptytemp] Dette for å unngå at virusets backup av startmenyen forsvinner (den ligger i en midlertidig mappe). Restart pc'en umiddelbart manuelt hvis den ikke gjør det automatisk (etter OTL fix'en). Endret 8. mai 2012 av mobile999 Lenke til kommentar
Sensorium Skrevet 14. mai 2012 Forfatter Del Skrevet 14. mai 2012 Hei. Jeg har vært borte en liten uke, så har ikke helt gjort med ferdig her. Jeg kjørte scriptet i OTL, og fjernet der fjernet jeg den ene linjen, emptytemp, slik som mobile999 anbefalte. Her er loggen: ========== OTL ==========File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully. Unable to delete ADS Alternate Data Stream - 146 bytes -&--#62; C:\ProgramData\Temp:AB689DEA . Unable to delete ADS Alternate Data Stream - 138 bytes -&--#62; C:\ProgramData\Temp:5D7E5A8F . Unable to delete ADS Alternate Data Stream - 133 bytes -&--#62; C:\ProgramData\Temp:93DE1838 . Unable to delete ADS Alternate Data Stream - 124 bytes -&--#62; C:\ProgramData\Temp:E1F04E8D . Unable to delete ADS Alternate Data Stream - 122 bytes -&--#62; C:\ProgramData\Temp:ABE89FFE . Unable to delete ADS Alternate Data Stream - 116 bytes -&--#62; C:\ProgramData\Temp:0B9176C0 . ========== COMMANDS ========== Error: Unable to interpret <[emtyflash]> in the current context! C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.42.3 log created on 05142012_212852 Restartet maskinen manuelt, lastet ned og kjørte Hitman Pro (64-bit): (lå loggen som spoiler siden den var så lang) <?xml version="1.0"?> <Log filesProcessed="65837" timeSpentInSecs="304" date="2012-05-14T21:42:23" version="3.6.0.156" scan="Normal" computer="ANON-PC"><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Local\Google\Chrome\User Data\Default\Cookies:divx.112.2o7.net"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Local\Google\Chrome\User Data\Default\Cookies:surveymonkey.122.2o7.net"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\014B3BKZ.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\017I7NF1.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\0EUZOYS9.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\0GT1PERE.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\0NU38CJ6.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\0SWXS6SH.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\0VLRKIB0.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\11WKO5KR.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\12AEZKIS.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\1BD2T4DU.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\1LFB2ZV2.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\1M8GIMMM.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\1T7XKLHU.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\1W5JP80W.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\2DJ1PG1S.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\2GMC2FLA.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\2HBUABQM.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\2M0SF6ER.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\2Q3VMAAR.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\2TJ8G0KS.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\2UOEE6D9.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\2X89Y5MG.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\2XBR3LS7¬¬¬¬¬¬-.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\2ZPF0KIR.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\371XZ3LJ.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\3LIM7Y4Y.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\3SC4LNOE.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\4DWS915R.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\4JUMFQMQ.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\4LE40A1P.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\4PEBAT9K.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\528IMMIK.txt"/></Item><Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\52S43VX7.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\53SNH3V0.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\5OR9JR0Q.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\64DT966C.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\64ZD7SHN.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\683CPSKY.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\6I30OM9S.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\6M9HUGDL.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\6RIMASF4.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\6Y28QU47.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\70OVWXZJ.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\763QJYVB.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\76B913AA.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\771U1GYN.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\7993FPBH.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\7B6LTTF1.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\7CMSMHDG.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\7EN4A1NN.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\7FEOASM5.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\7K3BEQP8.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\7MTLTZS9.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\7N8JYBF6.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\7S46B1C4.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\82CSCIJF.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\8GHXRC60.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\8PAVL30A.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\8PVE2J2P.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\8SSUXM2N.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\8YWYMGU8.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\8ZFB7YR9.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\8ZN7ASEO.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\90CP2W7T.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\9C3Y314S.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\9GX8S70K.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\9JF0B9ZN.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\9K4CGJ2K.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\9KFH97SV.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\9QVB8QLB.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\9RNNP1G1.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\9TPR239H.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\AO7CTNM4.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\APPS2RDE.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\AXHG4AGT.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\B33X900E.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\BIJDPJNM.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\BIOK33IA.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\BUE8VNPV.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\BUP9XYYX.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\C1Q18S1E.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\CB3SXTP6.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\CCX27CHA.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\CGD6GSIB.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\COPQUDQK.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\CQG5ER40.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\D3DGOZMM.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\D3R9FVTC.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\D8LL42AG.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\DCA780JC.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\DE4SQLRV.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\DEBS07ZT.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\DPXRFYLQ.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\DSR5N3EX.txt"/></Item><Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\DZHIUI7X.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\E46126QE.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\EJAGP4J2.txt"/></Item><Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\EJP2O15Y.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\ELSJ5SIT.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\EX91PP5I.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\F16J0QLM.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\FGLR2JBP.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\FLADNMCB.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\FNB50NU4.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\G2T7EFU1.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\G71TA1DP.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\G8J52RU9.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\GACSXYNX.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\GALPY0V4.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\GJIUIRWM.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\GMQ8OY06.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\GO2XWYIN.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\GRPOF8XV.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\H2HH62KB.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\H6UOPSH4.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\HGHMN7PU.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\HHEK84YS.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\HIJ56TDL.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\HM780VKR.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\IP7NV06B.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\IR5G9TT3.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\J44MUUOH.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\J4OYUSOP.txt"/></Item><Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\J50FEZ7C.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\J80X199Y.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\J9ULQET5.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\JEBM5CZ1.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\JM1B4L50.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\JRJBIM6T.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\JZ3YQU02.txt"/></Item><Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\K5DWIW1K.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\KKARATRC.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\KPZHWTHZ.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\KUWFLGAP.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\KV38705E.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\L7REPEZ5.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\LA3WO28Y.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\LH6PD1TF.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\LNE46D76.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\LPGLJFO9.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\LRFMJOAY.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\LS5LO2V1.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\LXXJV3LQ.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\M0IP028K.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\M3SMAP4Z.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\M3TQMCLG.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\M8NWVO2A.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\MOCE6OP7.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\MUK6RA3K.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\MUYEDL36.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\N2JOLU2F.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\NDEDM0CO.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\NHF3IF4H.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\NQKDNFRW.txt"/></Item><Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\O8U47YBF.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\OBJQ8V4Q.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\OG6SRAM3.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\OG6XP9AG.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\OHVUVQW0.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\OJCJ3918.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\ORJR4BKT.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\OW9JTQ9M.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\OYHVX66R.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\OZ0HEO7H.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\P4D8M3FE.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\PGVF9R87.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\PS6TGK93.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\PY9RJL4G.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\Q0P2BHOG.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\Q0ROQF4B.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\Q3Q0JYBK.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\Q8LI1CNO.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\Q8R86IZH.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\Q9ZNYKQ7.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\QORDMSW4.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\QRMSA0CQ.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\R6NQ8DQ7.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\R98P4KGH.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\RDG27B6D.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\RFQQZQI1.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\RJQKRM2C.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\SLIXT0U4.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\T79WUDG4.txt"/></Item><Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\TBMRBGZJ.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\TIUPQNPE.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\TO713XOF.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\TZRV5R1I.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\U3SCMQC6.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\U65QKQEX.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\U68RRHFQ.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\U84NACI3.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\UA207E38.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\UE1I15BN.txt"/></Item><Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\UJZ2280O.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\ULLSD8Y7.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\UWT3MDDA.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\V2IE0G0C.txt"/></Item><Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\V54IW5FQ.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\VCHVRFXY.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\VN3SA9Z0.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\VSPUEZYZ.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\VU5XXZEV.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\VVYN0IPG.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\VX2LCXQT.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\W76N6E2Z.txt"/></Item><Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\W912EPP1.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\WMD1KBBX.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\WNPASWGR.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\X118DIXB.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\X7FNO2K0.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\X82CGK2Z.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\XAL7UU5E.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\XJ45L0IP.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\XKA8EM0Q.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\XM6IUYIG.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\XU6ZQK3W.txt"/></Item><Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\XUJYYBZ2.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\XW2CASO3.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\Y0L56LRF.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\Y36810SW.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\YEY65F22.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\YJDBDB9H.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\YS3MOWVG.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\YT58HKY8.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\YTBI7BWF.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\YVWOQMW9.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\ZAUV458W.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\ZDVLER74.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\ZFP62R73.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\ZFUWTMZL.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\ZHUDG1BR.txt"/></Item><Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Anon\AppData\Roaming\Microsoft\Windows\Cookies\ZOUMDGJU.txt"/></Item><Item status="Repaired" score="0.0" type="Repair"><File path="C:\Windows\system32\drivers\etc\hosts"/></Item></Log> Lenke til kommentar
Dr.Geek Skrevet 15. mai 2012 Del Skrevet 15. mai 2012 (endret) Hei. Jeg har vært borte en liten uke, så har ikke helt gjort med ferdig her. Jeg kjørte scriptet i OTL, og fjernet der fjernet jeg den ene linjen, emptytemp, slik som mobile999 anbefalte. Her er loggen: Hvordan er det med mappene og filene på skrivebordet. Synlig? Hvis ikke utfør unhide.exe. http://www.bleepingc...ti-virus/unhide Problemet med mobile999 er at OTL ikke fikk restarte automatisk som er i command emtytemp og dermed ikke har fjernet en del malware filer som kjører fra temp mappe. Du må lage meg en ny OTL log (Otl.txt) @mobille999 Hvis du er uenig med mine scripts/whatsoever send meg en personlig melding og ikke forandre mine scripts, da blir det lite effektiv å prøve å hjelpe her, takk. Endret 15. mai 2012 av TheGenius Lenke til kommentar
Sensorium Skrevet 15. mai 2012 Forfatter Del Skrevet 15. mai 2012 Hei. Kun noen mapper vises på skrivebordet etter at jeg rett etter fikk viruset trykket på "vis skjulte filer og mapper". Skal prøve unhide.exe og håper det siste vil komme opp. Jeg kjørte OTL igjen, med ditt orginale script, dataen startet seg selv på nytt og en ny logg kom frem. All processes killed========== OTL ========== File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files (x86)\RelevantKnowledge not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found. Unable to delete ADS Alternate Data Stream - 146 bytes -&--#62; C:\ProgramData\Temp:AB689DEA . Unable to delete ADS Alternate Data Stream - 138 bytes -&--#62; C:\ProgramData\Temp:5D7E5A8F . Unable to delete ADS Alternate Data Stream - 133 bytes -&--#62; C:\ProgramData\Temp:93DE1838 . Unable to delete ADS Alternate Data Stream - 124 bytes -&--#62; C:\ProgramData\Temp:E1F04E8D . Unable to delete ADS Alternate Data Stream - 122 bytes -&--#62; C:\ProgramData\Temp:ABE89FFE . Unable to delete ADS Alternate Data Stream - 116 bytes -&--#62; C:\ProgramData\Temp:0B9176C0 . File rity] not found. File ptytemp] not found. File tyflash] not found. File sethosts] not found. OTL by OldTimer - Version 3.2.42.3 log created on 05152012_185844 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Tror du viruset er borte? Lenke til kommentar
mobile999 Skrevet 15. mai 2012 Del Skrevet 15. mai 2012 (endret) @mobille999 Hvis du er uenig med mine scripts/whatsoever send med en personlig melding og ikke forandre mine scripts, da blir det lite effektiv å prøve å hjelpe her, takk. @TheGenius: Den infeksjonen vi har med å gjøre her sletter snarveier som finnes på forskjellige steder og lagrer en backup av dem i en midlertidig mappe. Forfatteren av programmet unhide.exe skriver klart og tydelig at det er viktig å ikke slette filer i midlertidige mapper eller bruke programmer som rydder opp i disse mappene fordi man vil slette den nevnte backupen. Du har i dette tilfellet gitt instruksjoner som sletter nødvendig informasjon for å gjenopprette skadene som infeksjonen har gjort. Dette er dårlig praksis. Du kan ikke regne med at jeg lar være å skrive til tråder for å forsøke å hindre at dine instruksjoner får uheldige konsekvenser. Endret 15. mai 2012 av mobile999 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå