Gå til innhold
🎄🎅❄️God Jul og Godt Nyttår fra alle oss i Diskusjon.no ×

Anbefalte innlegg

Kan noen hjelpe meg med å bli kvitt viruset jeg har på maskinen?

Malwarebytes-logg:

 

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Databaseversjon: v2012.05.20.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

John Alfred :: JOHNALFREDS-PC [administrator]

21.05.2012 10:02:58

mbam-log-2012-05-21 (10-02-58).txt

Skanntype: Hurtigsøk

Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM

Deaktiverte skanninnstillinger: P2P

Objekter skannet: 237866

Tid tilbakelagt: 13 minutt(er), 34 sekund(er)

Minneprosesser oppdaget: 0

(Ingen skadelige objekter funnet)

Minnemoduler oppdaget: 0

(Ingen skadelige objekter funnet)

Registernøkler oppdaget: 16

HKCR\CLSID\{864C6115-9FB8-46F9-9E8C-157F4F6FCCA3} (Trojan.FakeAlert) -> Satt i karantene og slettet vellykket.

HKCR\TypeLib\{04E35BAD-037C-4287-A819-359D7B178D8D} (Trojan.FakeAlert) -> Satt i karantene og slettet vellykket.

HKCR\Interface\{66D31A70-9E07-41CD-9482-2F819B9BE7CB} (Trojan.FakeAlert) -> Satt i karantene og slettet vellykket.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{864C6115-9FB8-46F9-9E8C-157F4F6FCCA3} (Trojan.FakeAlert) -> Satt i karantene og slettet vellykket.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{864C6115-9FB8-46F9-9E8C-157F4F6FCCA3} (Trojan.FakeAlert) -> Satt i karantene og slettet vellykket.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{864C6115-9FB8-46F9-9E8C-157F4F6FCCA3} (Trojan.FakeAlert) -> Satt i karantene og slettet vellykket.

HKCR\CLSID\{FD858878-29E2-4129-831C-06A61C344E15} (Trojan.FakeAlert) -> Satt i karantene og slettet vellykket.

HKCR\TypeLib\{D6E34D79-6CEE-4CB0-885A-70F79E31B87E} (Trojan.FakeAlert) -> Satt i karantene og slettet vellykket.

HKCR\Interface\{E926522D-EAF3-4100-B2EE-D16C7409F261} (Trojan.FakeAlert) -> Satt i karantene og slettet vellykket.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD858878-29E2-4129-831C-06A61C344E15} (Trojan.FakeAlert) -> Satt i karantene og slettet vellykket.

HKCR\etlrlws.bnfx (Trojan.FakeAlert) -> Satt i karantene og slettet vellykket.

HKCR\etlrlws.ToolBar.1 (Trojan.FakeAlert) -> Satt i karantene og slettet vellykket.

HKCR\MSVPS.MSVPSApp (Trojan.FakeAlert) -> Satt i karantene og slettet vellykket.

HKCR\sexvid (Trojan.DNSChanger) -> Satt i karantene og slettet vellykket.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Satt i karantene og slettet vellykket.

HKLM\System\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> Satt i karantene og slettet vellykket.

Registerverdier oppdaget: 4

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{FD858878-29E2-4129-831C-06A61C344E15} (Trojan.FakeAlert) -> Data: -> Satt i karantene og slettet vellykket.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{FD858878-29E2-4129-831C-06A61C344E15} (Trojan.FakeAlert) -> Data: -> Satt i karantene og slettet vellykket.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|altvxvm (Trojan.FakeAlert) -> Data: {D8D50A63-9ACE-4A59-BE7A-2827B8D96E66} -> Satt i karantene og slettet vellykket.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|bokpkov (Trojan.FakeAlert) -> Data: {49CA3F84-5BD7-4C28-943C-E003E03A449E} -> Satt i karantene og slettet vellykket.

Registerfiler oppdaget: 1

HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Dårlig: ("regedit.exe" "%1") God: (regedit.exe "%1") -> Satt i karantene og reparert vellykket.

Mapper oppdaget: 1

C:\resycled (Trojan.DNSChanger) -> Satt i karantene og slettet vellykket.

Filer oppdaget 3

C:\Users\Gjest\Downloads\SoftonicDownloader_for_sopcast.exe (PUP.OfferBundler.ST) -> Ingen tiltak tatt.

C:\Users\John Alfred\AppData\Local\Temp\ICReinstall\Facemoods.exe (Adware.InstallCore) -> Satt i karantene og slettet vellykket.

C:\Users\John Alfred\Downloads\Facemoods.exe (Adware.InstallCore) -> Satt i karantene og slettet vellykket.

(klar)

 

 

Combofix-logg (skrudde av AVG,men det rapporterte fortsatt at den kjørte...):

 

ComboFix 12-05-20.10 - John Alfred 21.05.2012 12:39:07.1.2 - x86

Kjører fra: c:\users\John Alfred\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\autorun.inf

c:\programdata\Local

D:\resycled

.

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_usnjsvc

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2012-04-21 til 2012-05-21 )))))))))))))))))))))))))))))))))

.

.

2012-05-21 10:47 . 2012-05-21 11:38 -------- d-----w- c:\users\John Alfred\AppData\Local\temp

2012-05-21 10:47 . 2012-05-21 10:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-21 07:59 . 2012-05-21 07:59 -------- d-----w- c:\users\John Alfred\AppData\Roaming\Malwarebytes

2012-05-21 07:59 . 2012-05-21 07:59 -------- d-----w- c:\programdata\Malwarebytes

2012-05-21 07:59 . 2012-05-21 07:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-21 07:59 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-18 12:43 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D82A6A5C-3230-496A-8695-F0BC4404B2DC}\mpengine.dll

2012-05-09 13:17 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-09 13:17 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 13:17 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-27 01:05 . 2012-01-16 17:41 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2012-02-29 15:11 . 2012-04-12 01:07 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-29 15:11 . 2012-04-12 01:07 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 15:09 . 2012-04-12 01:07 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 13:32 . 2012-04-12 01:07 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-02-28 01:18 . 2012-04-12 01:08 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11 . 2012-04-12 01:08 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 01:08 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03 . 2012-04-12 01:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-27 23:04 . 2011-07-28 21:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-23 08:18 . 2010-02-13 18:43 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-03-07 09:39 . 2011-05-10 10:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-03-12 19:28 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zebtab"="c:\users\John Alfred\AppData\Roaming\Microsoft\Windows\Start Menu/Programs/Zebtab/Zebtab.appref-ms" [X]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]

"PLFSet"="c:\windows\PLFSet.dll" [2007-08-08 45056]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]

"SetSpeaker"="c:\windows\SetSpkDefault.exe" [2007-11-27 86016]

"RtHDVCpl"="RtHDVCpl.exe" [2007-09-04 4702208]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-26 81920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-18 2042208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-03 198160]

"QuickTime Task"="d:\programfiler\Quick Time Player\QTTask.exe" [2010-09-08 421888]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]

.

c:\users\John Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]

Mannakorn.lnk - c:\windows\Installer\{DD8FD2DD-9BBB-47B7-9960-8F90EC604B34}\DbViewer.exe1_2591D4733A864620A0C71620ED4F698E.exe [2009-9-2 45056]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet]

2007-08-08 02:37 45056 ----a-w- c:\windows\PLFSet.dll

.

--- Andre tjenester/drivere lastet i minnet ---

.

*Deregistered* - AmFSM

*Deregistered* - PavProc

*Deregistered* - ShldDrv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

getPlusHelper REG_MULTI_SZ getPlusHelper

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 23:09]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 23:09]

.

2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-833421312-3509518398-1867728553-1000Core.job

- c:\users\John Alfred\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-12 16:00]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-833421312-3509518398-1867728553-1000UA.job

- c:\users\John Alfred\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-12 16:00]

.

.

------- Tilleggsskanning -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://search.linkury.com/newtab.html

mStart Page = hxxp://no.intl.acer.yahoo.com

uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll

FF - ProfilePath - c:\users\John Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\97g348h9.default\

FF - prefs.js: browser.search.selectedEngine - Linkury Smartbar Search

FF - prefs.js: browser.startup.homepage - hxxp://search.linkury.com

FF - prefs.js: keyword.URL - hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=

FF - prefs.js: network.proxy.ftp - 10.41.16.1

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - 10.41.16.1

FF - prefs.js: network.proxy.gopher_port - 8080

FF - prefs.js: network.proxy.http - 10.41.16.1

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - 10.41.16.1

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - 10.41.16.1

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 4

.

- - - - TOMME PEKERE FJERNET - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKCU-Run-Uniblue RegistryBooster 2 - d:\programfiler\registrybooster 2\StartRegistryBooster.exe

HKCU-Run-zweitgeist Assistant - c:\users\John Alfred\Documents\weblin\weblinAssistant.exe

HKCU-Run-Facebook Update - c:\users\John Alfred\AppData\Local\Facebook\Update\FacebookUpdate.exe

AddRemove-Electronic Arts Game Updater - d:\programfiler\Uninst.isu

AddRemove-Need For Speed - Porsche 2000 - d:\progra~1\uninst.log

AddRemove-TmNations_is1 - c:\program files\TrackMania Nations ESWC\TrackMania Nations ESWC\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-21 13:38

Windows 6.0.6002 Service Pack 2 NTFS

.

skanner skjulte prosesser ...

.

skanner skjulte autostart-oppføringer ...

.

skanner skjulte filer ...

.

skanning vellykket

skjulte filer: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_USERS\S-1-5-21-833421312-3509518398-1867728553-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:87,fb,b5,60,86,31,d4,22,bf,7a,44,0f,71,6e,9d,c9,ac,d5,b0,12,b7,28,1e,

b4,f5,52,36,e7,2a,7c,39,8f,5c,93,b0,52,d3,77,97,60,8b,04,92,56,f0,d8,db,a9,\

"??"=hex:1e,83,5b,2e,56,e6,4c,4c,62,cf,a6,3c,de,bd,01,fe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

.

- - - - - - - > 'Explorer.exe'(3736)

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\progra~1\AVG\AVG8\avgwdsvc.exe

c:\acer\Empowering Technology\eDataSecurity\eDSService.exe

c:\acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\acer\Empowering Technology\eNet\eNet Service.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\acer\Mobility Center\MobilityService.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

c:\progra~1\AVG\AVG8\avgemc.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\acer\Empowering Technology\ePower\ePowerSvc.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\conime.exe

c:\windows\RtHDVCpl.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\program files\AVG\AVG8\avgtray.exe

c:\windows\ehome\ehmsas.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

.

**************************************************************************

.

Tidspunkt ferdig: 2012-05-21 13:42:43 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2012-05-21 11:42

.

Pre-Run: 37 069 647 872 byte ledig

Post-Run: 38 337 683 456 byte ledig

.

- - End Of File - - 8B82016CF9A46413F6456C1BDAA1B344

 

 

Lenke til kommentar
Videoannonse
Annonse

Hai,

 

dette så ikke bra ut. Du har hatt blant annet en DNS Changer på systement. Dette betyr at du blir redirected til Malware Websider, når du søker på nettet.

 

Har du gjort online Kjøp eller Online Banking på denne maskinen?

 

 

Rense PCen:

 

1. Gjør en FULLSCAN med Malwarebytes Anti Malware. Slett alle Funn og post log.

 

2. Scan med HitmanPro og post log: http://www.surfright.nl/en/hitmanpro (Etter scan får du option til å kopiere scanresults til xml log.

 

3. Post en såkalt OTL log: http://www.geekstogo.com/1888/otl-by-oldtimer-a-modern-replacement-for-hijackthis/ (Bare Otl.txt!)

Post alle logs i Spoiler: Øverst til venstre i editor velg Spesiell BB-Kode.

Lenke til kommentar

Ja, jeg har kjøpt noe småtteri, og vært på nettbank på denne maskinen.

 

 

 

<?xml version="1.0"?>

-<Log filesProcessed="56283" timeSpentInSecs="352" date="2012-05-23T16:46:04" version="3.6.0.156" scan="Normal" computer="JOHNALFREDS-PC">-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:ad.tek.no"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:ad.yieldmanager.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:ads.adk2.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:ads.megavip.tv"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:ads.vg.no"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:ads.vip-live.tv"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:adtech.de"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:adviva.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:apmebf.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:atdmt.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:c.atdmt.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:clicksor.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:content.yieldmanager.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:doubleclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:fastclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:h.atdmt.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:invitemedia.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:kontera.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:media6degrees.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:myroitracking.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:revsci.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:serving-sys.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:smartadserver.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:specificclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:statcounter.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:track.adform.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:tradedoubler.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:xiti.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\Gjest\AppData\Roaming\Mozilla\Firefox\Profiles\j2rm940l.default\cookies.sqlite:yadro.ru"/></Item>-<Item status="Quarantiend" score="107.0" type="Malware" malwareName="Malware">-<Scanners><Scanner name="Infected" id="DrWeb"/></Scanners><File path="C:\Users\Gjest\Downloads\SoftonicDownloader_for_sopcast.exe" hash="AAE50FBF4419C1EBD6F2422BB82EAE66DB1110A994102A8988A0B3D9F8EC32CA"/></Item>-<Item status="Quarantiend" score="107.0" type="Malware" malwareName="Malware">-<Scanners><Scanner name="Infected" id="DrWeb"/></Scanners><File path="C:\Users\Gjest\Downloads\vshare-plugin.exe" hash="939F63DFF04033C4DF71771AEF878062EEACFBECE1F0AF7C34E6931682FEE2C2"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:122.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.doubleclick.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.leadbolt.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.start.no"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.tek.no"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.cartoonnetwork.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.dyrogmedia.no"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.gamersmedia.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.vg.no"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.itsfogo.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.twitpic.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:adverticum.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertserve.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:afe2.specificclick.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:cbsdigitalmedia.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas4.emediate.eu"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas8.emediate.eu"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ehg-deltatre.hitbox.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ehg-twi.hitbox.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:elkjop.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleads.g.doubleclick.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:hitbox.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:int.sitestat.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipcmedia.122.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:lego.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:logantod.122.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathworks.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftwlsearchcrm.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnportal.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:nhl.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:premiumtv.122.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:prisacom.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexuality.about.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.if.no"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.webhop.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:static.getclicky.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:stepstone.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:svd.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:telenor.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:thefa.122.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:timeoutcommunications.122.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:toptable.122.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.solocpm.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.vipgamesnetwork.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:trinitymirror.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:viasatsatelliteservices.112.2o7.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\0XL5VHSO.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\2ZIDZ6NR.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\43WKZROZ.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\7R0VDYIS.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\7XU4ZAEL.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\90BMT90M.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\91JCT30B.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\9BBMFIND.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\9QXOTASD.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\HN27L9BO.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\john_alfred@advertising[1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\john_alfred@adviva[1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\john_alfred@apmebf[1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\john_alfred@fastclick[2].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\john_alfred@myroitracking[1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\john_alfred@revsci[1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\john_alfred@specificclick[2].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\john_alfred@statcounter[1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\john_alfred@tradedoubler[1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\john_alfred@tribalfusion[1].txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\john_alfred@xiti[1].txt"/></Item>-<Item status="DeleteFailed" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\KK1OTBIU.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\NM2AZZCH.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\RPN37YW8.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Cookies\SDVNBX31.txt"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\97g348h9.default\cookies.sqlite:doubleclick.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\97g348h9.default\cookies.sqlite:overture.com"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\97g348h9.default\cookies.sqlite:revsci.net"/></Item>-<Item status="Deleted" score="0.0" type="Repair"><File path="C:\Users\John Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\97g348h9.default\cookies.sqlite:xiti.com"/></Item>-<Item status="Quarantiend" score="106.0" type="Malware" malwareName="Trojan">-<Scanners><Scanner name="Backdoor.Win32.Poison!IK" id="Ikarus"/></Scanners><File path="C:\Users\John Alfred\Documents\Visual Studio 2010\Projects\oving01\Debug\1a.exe" hash="8D299E0BBB23887F025D48C7F1CCC0F943F107700B001ABA5904907ABABD7758"/></Item>-<Item status="Quarantiend" score="106.0" type="Malware" malwareName="Trojan">-<Scanners><Scanner name="Backdoor.Win32.Poison!IK" id="Ikarus"/></Scanners><File path="C:\Users\John Alfred\Documents\Visual Studio 2010\Projects\oving01\Debug\oving01.exe" hash="94734954A04C86F765DAA94F5CA8333C176BE6A8442DB9B348A7861468E1C57E"/></Item>-<Item status="Quarantiend" score="106.0" type="Malware" malwareName="Trojan">-<Scanners><Scanner name="Backdoor.Win32.Poison!IK" id="Ikarus"/></Scanners><File path="C:\Users\John Alfred\Documents\Visual Studio 2010\Projects\oving08\Debug\oving08.exe" hash="57421FABE82D6604346ADA340CD61B37693327EBF1551FA22CA7E2C772DCD7C7"/></Item>-<Item status="Quarantiend" score="108.0" type="Malware" malwareName="Malware">-<Scanners><Scanner name="HackTool.Win32.Agent!IK" id="Ikarus"/></Scanners><File path="C:\Users\John Alfred\Documents\Visual Studio 2010\Projects\x08\Debug\x08.exe" hash="FB4EB6EB90951498643472BF0801130BDF066C63293609134A01A4CAAA4B65E2"/></Item>-<Item status="Quarantiend" score="110.0" type="Malware" malwareName="Trojan">-<Scanners><Scanner name="Trojan.Siggen4.190" id="DrWeb"/></Scanners><File path="C:\Users\John Alfred\Downloads\OTL.exe" hash="62B0FC5523569308B700C1E47A27293228DAF3BF067A142C66D4D9D256FC1E57"/></Item></Log>

 

 

 

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Databaseversjon: v2012.05.20.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

John Alfred :: JOHNALFREDS-PC [administrator]

23.05.2012 14:14:42

mbam-log-2012-05-23 (16-59-26).txt

Skanntype: Full skann

Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM

Deaktiverte skanninnstillinger: P2P

Objekter skannet: 494448

Tid tilbakelagt: 1 time®, 29 minutt(er), 27 sekund(er)

Minneprosesser oppdaget: 0

(Ingen skadelige objekter funnet)

Minnemoduler oppdaget: 0

(Ingen skadelige objekter funnet)

Registernøkler oppdaget: 0

(Ingen skadelige objekter funnet)

Registerverdier oppdaget: 0

(Ingen skadelige objekter funnet)

Registerfiler oppdaget: 0

(Ingen skadelige objekter funnet)

Mapper oppdaget: 0

(Ingen skadelige objekter funnet)

Filer oppdaget 1

C:\Users\Gjest\Downloads\SoftonicDownloader_for_sopcast.exe (PUP.OfferBundler.ST) -> Ingen tiltak tatt.

(klar)

 

 

 

Jeg har ikke kjørt OTL-greiene. Prøvde å laste ned OTL.exe, men det var ikke helt medgjørlig.

 

Jeg har ikke merka at det har skjedd noe mistenkelig, verken at jeg har blitt videreført til uønskede sider, eller noe annet.

Lenke til kommentar

Hvor har du dette fra?

 

C:\Users\John Alfred\Documents\Visual Studio 2010

 

Flere scanner melder her exe.filer med Backdoor funksjonalitet.

1a.exe

x08.exe

oving08.exe

oving01.exe

 

La oss gå rett på sak:

Bruker du VS for å programmere Malware?! :hmm:

 

 

OTL log:

Deaktiver alle Guards til AVG før du laster ned og utfører OTL. Hva var problemet?

 

Det kan godt være at du ikke har merket noe, dagens malware er svært "overbevisende".

Du har hatt veldig mye malware aktiv på PCen, jeg anbefaler deg derfor å forandre alle passord og spesiellt følge extra godt med når det gjelder Online Banking/Konto. Forandre alle passord og Login Data fra en annen og 100% clean PC.

 

Kjør dette Anti-Rootkit Tool fra Kaspersky:

http://support.kaspe.../?qid=208283363 Post log.

Endret av TheGenius
Lenke til kommentar

nei, jeg har brukt VS til å lage enkle programmer i et skolefag jeg har hatt i vår, og utfra eksamensresultatet er det lite som tyder på at jeg klarer å lage noe særlig malware på VS:p

 

 

Nå fikk jeg kjørt OTL, jeg hadde bare litt problemer med at det slutta å svare tidligere.

 

OTL logfile created on: 23.05.2012 19:50:04 - Run 1

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\John Alfred\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,66 Gb Available Physical Memory | 32,91% Memory free

4,23 Gb Paging File | 2,29 Gb Available in Paging File | 54,15% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 111,69 Gb Total Space | 35,75 Gb Free Space | 32,01% Space Free | Partition Type: NTFS

Drive D: | 108,19 Gb Total Space | 75,96 Gb Free Space | 70,20% Space Free | Partition Type: NTFS

Computer Name: JOHNALFREDS-PC | User Name: John Alfred | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.05.23 16:55:08 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John Alfred\Downloads\OTL.exe

PRC - [2012.05.21 14:09:56 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\JOHNAL~1\AppData\Local\Temp\RtkBtMnt.exe

PRC - [2012.03.12 21:28:05 | 000,918,880 | ---- | M] () -- C:\Programfiler\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

PRC - [2012.03.12 21:28:01 | 000,982,880 | ---- | M] () -- C:\Programfiler\AVG Secure Search\vprot.exe

PRC - [2012.02.29 22:45:11 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Programfiler\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2011.10.18 17:39:26 | 003,521,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgui.exe

PRC - [2011.10.18 17:39:25 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgtray.exe

PRC - [2011.08.22 12:32:06 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Internet Explorer\iexplore.exe

PRC - [2010.08.15 08:37:57 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgcsrvx.exe

PRC - [2010.08.15 08:37:45 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgwdsvc.exe

PRC - [2010.08.14 19:49:10 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgrsx.exe

PRC - [2010.08.14 19:49:02 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgnsx.exe

PRC - [2010.08.14 19:48:57 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programfiler\AVG\AVG8\avgemc.exe

PRC - [2009.08.03 19:14:36 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programfiler\Common Files\Real\Update_OB\realsched.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.09.30 18:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programfiler\OpenOffice.org 3\program\soffice.bin

PRC - [2008.09.30 18:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programfiler\OpenOffice.org 3\program\soffice.exe

PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmpnscfg.exe

PRC - [2007.09.04 12:39:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.07.03 11:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe

PRC - [2007.06.13 12:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

PRC - [2007.03.29 14:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2007.02.12 15:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programfiler\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007.02.12 15:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programfiler\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

 

========== Modules (No Company Name) ==========

MOD - [2012.05.09 05:04:52 | 000,441,840 | ---- | M] () -- C:\Users\John Alfred\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll

MOD - [2012.05.09 05:04:51 | 003,921,904 | ---- | M] () -- C:\Users\John Alfred\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll

MOD - [2012.05.09 05:03:25 | 000,134,656 | ---- | M] () -- C:\Users\John Alfred\AppData\Local\Google\Chrome\Application\19.0.1084.46\avutil-51.dll

MOD - [2012.05.09 05:03:24 | 000,250,368 | ---- | M] () -- C:\Users\John Alfred\AppData\Local\Google\Chrome\Application\19.0.1084.46\avformat-54.dll

MOD - [2012.05.09 05:03:23 | 002,375,680 | ---- | M] () -- C:\Users\John Alfred\AppData\Local\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll

MOD - [2012.05.09 04:09:13 | 008,743,584 | ---- | M] () -- C:\Users\JOHNAL~1\AppData\Local\Google\Chrome\APPLIC~1\190108~1.46\gcswf32.dll

MOD - [2012.05.09 04:09:13 | 008,743,584 | ---- | M] () -- C:\Users\John Alfred\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll

MOD - [2012.05.03 00:59:42 | 004,050,944 | ---- | M] () -- C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libglesv2.dll

MOD - [2012.05.03 00:59:42 | 000,100,864 | ---- | M] () -- C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libegl.dll

MOD - [2012.03.12 21:28:01 | 001,869,152 | ---- | M] () -- C:\Programfiler\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

MOD - [2012.03.12 21:28:01 | 000,982,880 | ---- | M] () -- C:\Programfiler\AVG Secure Search\vprot.exe

MOD - [2009.08.03 19:15:29 | 000,008,704 | ---- | M] () -- C:\Programfiler\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll

MOD - [2008.07.29 15:55:14 | 000,969,728 | ---- | M] () -- C:\Programfiler\OpenOffice.org 3\program\libxml2.dll

MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programfiler\WinRAR\RarExt.dll

MOD - [2007.03.29 14:02:48 | 000,126,976 | ---- | M] () -- C:\Programfiler\WIDCOMM\Bluetooth Software\BTKeyInd.dll

MOD - [2007.03.29 13:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll

 

========== Win32 Services (SafeList) ==========

SRV - [2012.03.12 21:28:05 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Programfiler\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)

SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programfiler\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2010.08.15 08:37:45 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programfiler\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2010.08.14 19:48:57 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programfiler\AVG\AVG8\avgemc.exe -- (avg8emc)

SRV - [2010.03.29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programfiler\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)

SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programfiler\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programfiler\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2007.10.25 16:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)

SRV - [2007.07.03 11:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)

SRV - [2007.06.13 12:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)

SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)

SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)

SRV - [2007.02.12 15:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programfiler\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

 

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wtsmpflt.sys -- (WtSmpFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wtsmpadap.sys -- (wtsmpadap)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Ndisprot.sys -- (Ndisprot)

DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2012.05.23 16:59:45 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\xqbh.sys -- (agdaom)

DRV - [2010.08.14 19:49:10 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010.08.14 19:49:10 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2010.08.14 19:49:03 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2009.06.19 23:01:17 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2009.01.04 20:10:43 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2008.12.24 23:40:15 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV - [2008.12.24 23:40:14 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2007.08.08 04:37:00 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2007.06.26 09:33:00 | 007,120,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007.04.19 09:09:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)

DRV - [2007.03.21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007.02.25 00:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006.12.07 19:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2006.11.02 17:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programfiler\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})

DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

 

========== Standard Registry (SafeList) ==========

 

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.linkury.com/newtab.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_no

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={336157AD-AC5F-4AF9-BF5A-D14F5BBF8F39}&mid=34b73b41737e71854d21022443e6e1fe-5aecc8cbb6d8d4fbaacbc7cd77914a3b48f36abd&lang=us&ds=AVG&pr=fr&d=2011-12-03 17:59:02&v=9.0.0.18&sap=dsp&q={searchTerms}

IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search"

FF - prefs.js..browser.startup.homepage: "http://search.linkury.com"

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429

FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006

FF - prefs.js..extensions.enabledItems: [email protected]:2.0.10.0

FF - prefs.js..extensions.enabledItems: [email protected]:2.0.10.0

FF - prefs.js..extensions.enabledItems: {331670ee-d8e6-47ae-83ba-c67bba95b1c4}:2.1

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.5.10.1

FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..keyword.URL: "http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q="

FF - prefs.js..network.proxy.backup.ftp: "10.41.16.1"

FF - prefs.js..network.proxy.backup.ftp_port: 8080

FF - prefs.js..network.proxy.backup.gopher: "10.41.16.1"

FF - prefs.js..network.proxy.backup.gopher_port: 8080

FF - prefs.js..network.proxy.backup.socks: "10.41.16.1"

FF - prefs.js..network.proxy.backup.socks_port: 8080

FF - prefs.js..network.proxy.backup.ssl: "10.41.16.1"

FF - prefs.js..network.proxy.backup.ssl_port: 8080

FF - prefs.js..network.proxy.ftp: "10.41.16.1"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.gopher: "10.41.16.1"

FF - prefs.js..network.proxy.gopher_port: 8080

FF - prefs.js..network.proxy.http: "10.41.16.1"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "10.41.16.1"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.ssl: "10.41.16.1"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - prefs.js..network.proxy.type: 4

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programfiler\DivX Player\DivX\DivX Web Player\npdivx32.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.338: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.338: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.338: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@3dmapview.myvr-software.com/myvrnpapi,version=2.000: C:\Users\John Alfred\AppData\Local\myVRnpapi\npmyvr.dll ()

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\John Alfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John Alfred\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John Alfred\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\John Alfred\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010.08.15 08:39:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012.03.12 21:28:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.07 11:39:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.20 15:16:13 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{331670ee-d8e6-47ae-83ba-c67bba95b1c4}: C:\Users\John Alfred\AppData\Roaming\zweitgeist\auto\firebathelper [2008.09.24 06:41:06 | 000,000,000 | ---D | M]

[2008.06.22 20:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John Alfred\AppData\Roaming\mozilla\Extensions

[2012.05.03 18:13:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John Alfred\AppData\Roaming\mozilla\Firefox\Profiles\97g348h9.default\extensions

[2012.02.27 20:34:56 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\John Alfred\AppData\Roaming\mozilla\Firefox\Profiles\97g348h9.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}

[2010.08.21 16:00:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\John Alfred\AppData\Roaming\mozilla\Firefox\Profiles\97g348h9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.04.05 22:51:48 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\John Alfred\AppData\Roaming\mozilla\Firefox\Profiles\97g348h9.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2010.06.15 11:00:16 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\John Alfred\AppData\Roaming\mozilla\Firefox\Profiles\97g348h9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2012.05.03 18:13:22 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\John Alfred\AppData\Roaming\mozilla\Firefox\Profiles\97g348h9.default\extensions\[email protected]

[2009.06.19 11:02:00 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\John Alfred\AppData\Roaming\mozilla\Firefox\Profiles\97g348h9.default\extensions\[email protected]

[2011.05.26 07:50:16 | 000,000,000 | ---D | M] (Norsk bokmÃ¥l ordliste) -- C:\Users\John Alfred\AppData\Roaming\mozilla\Firefox\Profiles\97g348h9.default\extensions\[email protected]

[2011.05.26 07:50:16 | 000,000,000 | ---D | M] (Norsk bokmÃ¥l og nynorsk ordliste) -- C:\Users\John Alfred\AppData\Roaming\mozilla\Firefox\Profiles\97g348h9.default\extensions\[email protected]

[2012.04.11 14:53:34 | 000,002,412 | ---- | M] () -- C:\Users\John Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\97g348h9.default\searchplugins\Linkury Smartbar Search.xml

[2012.03.07 11:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programfiler\Mozilla Firefox\extensions

[2011.07.27 19:22:44 | 000,096,925 | ---- | M] () (No name found) -- C:\USERS\JOHN ALFRED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\97G348H9.DEFAULT\EXTENSIONS\{C6F77964-B0B5-4953-A144-93051184EC0C}.XPI

[2012.02.27 20:34:56 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\JOHN ALFRED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\97G348H9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.02.27 20:34:53 | 000,097,572 | ---- | M] () (No name found) -- C:\USERS\JOHN ALFRED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\97G348H9.DEFAULT\EXTENSIONS\[email protected]

[2008.09.24 06:41:06 | 000,000,000 | ---D | M] (weblin Helper) -- C:\USERS\JOHN ALFRED\APPDATA\ROAMING\ZWEITGEIST\AUTO\FIREBATHELPER

[2012.03.07 11:39:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.03.07 11:39:43 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012.03.12 21:28:00 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

[2012.03.07 11:39:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.07 11:39:43 | 000,001,218 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bok-NO.xml

[2012.03.07 11:39:43 | 000,000,968 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\qxl-NO.xml

[2012.03.07 11:39:43 | 000,001,203 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\telefonkatalogen-NO.xml

[2012.03.07 11:39:43 | 000,001,176 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-NO.xml

[2012.03.07 11:39:43 | 000,001,192 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-NO.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\John Alfred\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\John Alfred\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\John Alfred\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\John Alfred\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\John Alfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: myVR 3D Framework (Enabled) = C:\Users\John Alfred\AppData\Local\myVRnpapi\npmyvr.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - Extension: AdBlock = C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\

CHR - Extension: Cargo Bridge = C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\

CHR - Extension: Plants vs Zombies = C:\Users\John Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\

O1 HOSTS File: ([2012.05.21 13:37:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Påloggingshjelp for Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programfiler\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programfiler\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programfiler\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Programfiler\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )

O4 - HKLM..\Run: [QuickTime Task] D:\Programfiler\Quick Time Player\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [setSpeaker] C:\Windows\SetSpkDefault.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKCU..\Run: [Zebtab] C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Start Menu/Programs/Zebtab/Zebtab.appref-ms File not found

O4 - Startup: C:\Users\John Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - c:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send side til &Bluetooth-enhet... - c:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programfiler\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programfiler\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{249667A3-0572-4BD2-8C6A-7B7B2EA2938C}: DhcpNameServer = 82.194.192.38 82.194.192.50

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DFCD516-D709-467F-945D-89F6143F15BB}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programfiler\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programfiler\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programfiler\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\John Alfred\Pictures\solskjær.jpg

O24 - Desktop BackupWallPaper: C:\Users\John Alfred\Pictures\solskjær.jpg

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (bootdelete)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.23 16:52:39 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2012.05.23 14:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2012.05.21 13:42:45 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012.05.21 13:42:45 | 000,000,000 | ---D | C] -- C:\Users\John Alfred\AppData\Local\temp

[2012.05.21 13:38:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012.05.21 12:35:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012.05.21 12:35:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012.05.21 12:35:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012.05.21 12:30:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012.05.21 12:27:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.05.21 09:59:50 | 000,000,000 | ---D | C] -- C:\Users\John Alfred\AppData\Roaming\Malwarebytes

[2012.05.21 09:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.05.21 09:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.05.21 09:59:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.05.21 09:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2012.05.23 19:51:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-833421312-3509518398-1867728553-1000UA.job

[2012.05.23 19:47:59 | 000,000,980 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.05.23 18:07:39 | 000,004,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.23 18:07:39 | 000,004,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.23 16:59:45 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\xqbh.sys

[2012.05.23 16:59:05 | 000,000,040 | ---- | M] () -- C:\Users\John Alfred\AppData\Roaming\mbam.context.scan

[2012.05.23 16:54:04 | 000,061,888 | ---- | M] () -- C:\Users\John Alfred\Desktop\log.xml

[2012.05.23 16:52:39 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe

[2012.05.23 16:52:39 | 000,001,074 | ---- | M] () -- C:\Windows\System32\bootdelete.lst

[2012.05.23 15:51:01 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-833421312-3509518398-1867728553-1000Core.job

[2012.05.22 23:48:01 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.05.22 09:25:49 | 000,248,407 | ---- | M] () -- C:\Users\John Alfred\AppData\Roaming\nvModes.001

[2012.05.22 09:25:48 | 000,248,407 | ---- | M] () -- C:\Users\John Alfred\AppData\Roaming\nvModes.dat

[2012.05.21 14:13:51 | 000,640,016 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.05.21 14:13:51 | 000,504,108 | ---- | M] () -- C:\Windows\System32\perfh014.dat

[2012.05.21 14:13:51 | 000,122,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.05.21 14:13:51 | 000,100,242 | ---- | M] () -- C:\Windows\System32\perfc014.dat

[2012.05.21 14:09:37 | 000,002,599 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mannakorn.lnk

[2012.05.21 14:07:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.21 14:06:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.05.21 13:37:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012.05.21 09:59:34 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.20 18:17:56 | 059,971,647 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2012.05.18 09:55:14 | 000,002,120 | ---- | M] () -- C:\Users\John Alfred\Desktop\Google Chrome.lnk

[2012.05.11 16:14:03 | 000,011,837 | ---- | M] () -- C:\Users\John Alfred\Desktop\bensin mars-mai.ods

[2012.05.11 15:00:26 | 000,011,822 | ---- | M] () -- C:\Users\John Alfred\Documents\bensin mars-mai.ods

[2012.05.10 03:35:07 | 000,321,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012.05.23 16:59:45 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\xqbh.sys

[2012.05.23 16:59:05 | 000,000,040 | ---- | C] () -- C:\Users\John Alfred\AppData\Roaming\mbam.context.scan

[2012.05.23 16:54:03 | 000,061,888 | ---- | C] () -- C:\Users\John Alfred\Desktop\log.xml

[2012.05.23 16:52:39 | 000,001,074 | ---- | C] () -- C:\Windows\System32\bootdelete.lst

[2012.05.21 12:35:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.05.21 12:35:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.05.21 12:35:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.05.21 12:35:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.05.21 12:35:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.05.21 09:59:34 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.11 16:14:02 | 000,011,837 | ---- | C] () -- C:\Users\John Alfred\Desktop\bensin mars-mai.ods

[2012.05.10 10:07:04 | 000,011,822 | ---- | C] () -- C:\Users\John Alfred\Documents\bensin mars-mai.ods

[2010.06.27 18:14:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010.06.27 18:14:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

========== LOP Check ==========

[2008.03.21 17:09:00 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\Acer

[2008.12.01 12:14:13 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\Armagetron

[2009.06.25 01:55:54 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\BitTorrent

[2009.01.04 20:18:23 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\DAEMON Tools

[2009.01.04 20:19:01 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\DAEMON Tools Lite

[2009.01.04 20:18:23 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\DAEMON Tools Pro

[2008.03.21 17:09:00 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\iWin

[2009.02.04 12:24:52 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\JLC's Software

[2010.12.16 16:16:49 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\Notepad++

[2012.04.05 13:04:24 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\OpenCandy

[2009.01.27 10:43:41 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\OpenOffice.org

[2011.10.13 14:46:53 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\Sports Interactive

[2011.05.17 10:05:09 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\Spotify

[2008.03.21 17:09:03 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\Uniblue

[2009.12.20 22:22:10 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\uTorrent

[2010.11.04 13:23:11 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\xm1

[2008.09.25 18:39:21 | 000,000,000 | ---D | M] -- C:\Users\John Alfred\AppData\Roaming\zweitgeist

[2012.05.21 14:06:21 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

 

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A95A95AC

< End of report >

 

 

og Anti-Rootkit Tool:

 

19:58:03.0191 4908 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30

19:58:03.0591 4908 ============================================================

19:58:03.0592 4908 Current date / time: 2012/05/23 19:58:03.0591

19:58:03.0592 4908 SystemInfo:

19:58:03.0592 4908

19:58:03.0592 4908 OS Version: 6.0.6002 ServicePack: 2.0

19:58:03.0592 4908 Product type: Workstation

19:58:03.0592 4908 ComputerName: JOHNALFREDS-PC

19:58:03.0592 4908 UserName: John Alfred

19:58:03.0592 4908 Windows directory: C:\Windows

19:58:03.0593 4908 System windows directory: C:\Windows

19:58:03.0593 4908 Processor architecture: Intel x86

19:58:03.0593 4908 Number of processors: 2

19:58:03.0593 4908 Page size: 0x1000

19:58:03.0593 4908 Boot type: Normal boot

19:58:03.0593 4908 ============================================================

19:58:04.0172 4908 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

19:58:04.0175 4908 ============================================================

19:58:04.0175 4908 \Device\Harddisk0\DR0:

19:58:04.0175 4908 MBR partitions:

19:58:04.0175 4908 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x1385000, BlocksNum 0xDF62000

19:58:04.0175 4908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF2E7000, BlocksNum 0xD862000

19:58:04.0175 4908 ============================================================

19:58:04.0213 4908 C: <-> \Device\Harddisk0\DR0\Partition0

19:58:04.0254 4908 D: <-> \Device\Harddisk0\DR0\Partition1

19:58:04.0255 4908 ============================================================

19:58:04.0255 4908 Initialize success

19:58:04.0255 4908 ============================================================

19:58:06.0334 1160 ============================================================

19:58:06.0334 1160 Scan started

19:58:06.0334 1160 Mode: Manual;

19:58:06.0334 1160 ============================================================

19:58:08.0049 1160 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

19:58:08.0055 1160 ACPI - ok

19:58:08.0118 1160 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

19:58:08.0152 1160 adp94xx - ok

19:58:08.0226 1160 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

19:58:08.0254 1160 adpahci - ok

19:58:08.0322 1160 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

19:58:08.0325 1160 adpu160m - ok

19:58:08.0375 1160 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

19:58:08.0388 1160 adpu320 - ok

19:58:08.0434 1160 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

19:58:08.0435 1160 AeLookupSvc - ok

19:58:08.0518 1160 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

19:58:08.0536 1160 AFD - ok

19:58:08.0608 1160 agdaom (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\xqbh.sys

19:58:08.0610 1160 agdaom - ok

19:58:08.0639 1160 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

19:58:08.0640 1160 agp440 - ok

19:58:08.0660 1160 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

19:58:08.0662 1160 aic78xx - ok

19:58:08.0728 1160 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

19:58:08.0729 1160 ALG - ok

19:58:08.0746 1160 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

19:58:08.0747 1160 aliide - ok

19:58:08.0770 1160 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

19:58:08.0772 1160 amdagp - ok

19:58:08.0790 1160 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

19:58:08.0791 1160 amdide - ok

19:58:08.0816 1160 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

19:58:08.0818 1160 AmdK7 - ok

19:58:08.0834 1160 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

19:58:08.0836 1160 AmdK8 - ok

19:58:08.0878 1160 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

19:58:08.0880 1160 Appinfo - ok

19:58:08.0923 1160 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

19:58:08.0926 1160 arc - ok

19:58:08.0940 1160 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

19:58:08.0942 1160 arcsas - ok

19:58:09.0144 1160 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

19:58:09.0207 1160 aspnet_state - ok

19:58:09.0254 1160 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

19:58:09.0254 1160 AsyncMac - ok

19:58:09.0285 1160 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

19:58:09.0285 1160 atapi - ok

19:58:09.0347 1160 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys

19:58:09.0378 1160 atksgt - ok

19:58:09.0456 1160 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

19:58:09.0488 1160 AudioEndpointBuilder - ok

19:58:09.0519 1160 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

19:58:09.0519 1160 Audiosrv - ok

19:58:09.0696 1160 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe

19:58:09.0730 1160 AVG Security Toolbar Service - ok

19:58:09.0869 1160 avg8emc (b9ae3c63a53396cd669ef8ae9c9cbd85) C:\PROGRA~1\AVG\AVG8\avgemc.exe

19:58:09.0887 1160 avg8emc - ok

19:58:09.0971 1160 avg8wd (db338a6bd3976904eb0f8343f51e64eb) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

19:58:10.0011 1160 avg8wd - ok

19:58:10.0485 1160 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys

19:58:10.0514 1160 AvgLdx86 - ok

19:58:10.0524 1160 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys

19:58:10.0525 1160 AvgMfx86 - ok

19:58:10.0667 1160 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys

19:58:10.0682 1160 AvgTdiX - ok

19:58:10.0714 1160 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys

19:58:10.0729 1160 b57nd60x - ok

19:58:10.0776 1160 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

19:58:10.0776 1160 Beep - ok

19:58:10.0838 1160 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

19:58:10.0870 1160 BFE - ok

19:58:11.0026 1160 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll

19:58:11.0041 1160 BITS - ok

19:58:11.0058 1160 blbdrive - ok

19:58:11.0103 1160 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

19:58:11.0106 1160 bowser - ok

19:58:11.0167 1160 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

19:58:11.0168 1160 BrFiltLo - ok

19:58:11.0215 1160 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

19:58:11.0216 1160 BrFiltUp - ok

19:58:11.0256 1160 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

19:58:11.0259 1160 Browser - ok

19:58:11.0285 1160 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

19:58:11.0287 1160 Brserid - ok

19:58:11.0305 1160 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

19:58:11.0306 1160 BrSerWdm - ok

19:58:11.0329 1160 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

19:58:11.0330 1160 BrUsbMdm - ok

19:58:11.0340 1160 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

19:58:11.0342 1160 BrUsbSer - ok

19:58:11.0380 1160 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

19:58:11.0381 1160 BthEnum - ok

19:58:11.0401 1160 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

19:58:11.0402 1160 BTHMODEM - ok

19:58:11.0441 1160 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

19:58:11.0444 1160 BthPan - ok

19:58:11.0521 1160 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys

19:58:11.0538 1160 BTHPORT - ok

19:58:11.0602 1160 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll

19:58:11.0604 1160 BthServ - ok

19:58:11.0666 1160 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys

19:58:11.0667 1160 BTHUSB - ok

19:58:11.0699 1160 catchme - ok

19:58:11.0738 1160 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

19:58:11.0740 1160 cdfs - ok

19:58:11.0780 1160 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

19:58:11.0782 1160 cdrom - ok

19:58:11.0829 1160 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

19:58:11.0831 1160 CertPropSvc - ok

19:58:11.0857 1160 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

19:58:11.0859 1160 circlass - ok

19:58:11.0945 1160 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

19:58:11.0967 1160 CLFS - ok

19:58:12.0069 1160 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:58:12.0074 1160 clr_optimization_v2.0.50727_32 - ok

19:58:12.0242 1160 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:58:12.0429 1160 clr_optimization_v4.0.30319_32 - ok

19:58:12.0476 1160 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

19:58:12.0476 1160 CmBatt - ok

19:58:12.0491 1160 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

19:58:12.0491 1160 cmdide - ok

19:58:12.0507 1160 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

19:58:12.0523 1160 Compbatt - ok

19:58:12.0523 1160 COMSysApp - ok

19:58:12.0523 1160 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

19:58:12.0538 1160 crcdisk - ok

19:58:12.0554 1160 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

19:58:12.0554 1160 Crusoe - ok

19:58:12.0616 1160 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

19:58:12.0616 1160 CryptSvc - ok

19:58:12.0715 1160 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

19:58:12.0772 1160 DcomLaunch - ok

19:58:12.0830 1160 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

19:58:12.0832 1160 DfsC - ok

19:58:13.0125 1160 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

19:58:13.0197 1160 DFSR - ok

19:58:13.0446 1160 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

19:58:13.0450 1160 Dhcp - ok

19:58:13.0505 1160 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

19:58:13.0506 1160 disk - ok

19:58:13.0572 1160 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

19:58:13.0573 1160 DKbFltr - ok

19:58:13.0598 1160 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

19:58:13.0601 1160 Dnscache - ok

19:58:13.0671 1160 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

19:58:13.0686 1160 dot3svc - ok

19:58:13.0733 1160 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

19:58:13.0780 1160 DPS - ok

19:58:13.0795 1160 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

19:58:13.0795 1160 drmkaud - ok

19:58:13.0889 1160 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

19:58:13.0920 1160 DXGKrnl - ok

19:58:13.0967 1160 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

19:58:13.0967 1160 E1G60 - ok

19:58:14.0029 1160 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

19:58:14.0029 1160 EapHost - ok

19:58:14.0061 1160 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

19:58:14.0076 1160 Ecache - ok

19:58:14.0291 1160 eDataSecurity Service (f54907aa07f60aff81e1e09e97af98b0) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

19:58:14.0301 1160 eDataSecurity Service - ok

19:58:14.0387 1160 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

19:58:14.0429 1160 ehRecvr - ok

19:58:14.0482 1160 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

19:58:14.0496 1160 ehSched - ok

19:58:14.0519 1160 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

19:58:14.0520 1160 ehstart - ok

19:58:14.0568 1160 eLockService (a7b5f3b9363f9ab1d4fe459baf3b15d6) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

19:58:14.0569 1160 eLockService - ok

19:58:14.0650 1160 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

19:58:14.0665 1160 elxstor - ok

19:58:14.0760 1160 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

19:58:14.0772 1160 EMDMgmt - ok

19:58:14.0810 1160 eNet Service (207e2dda01aac6ad64f0368ca59fc179) C:\Acer\Empowering Technology\eNet\eNet Service.exe

19:58:14.0824 1160 eNet Service - ok

19:58:14.0890 1160 eRecoveryService (a7b084bfbbd582a843d2f5c35220f962) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

19:58:14.0896 1160 eRecoveryService - ok

19:58:14.0937 1160 eSettingsService (06484e97d22f06de8de0f8e2bec6fa9e) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

19:58:14.0938 1160 eSettingsService - ok

19:58:15.0028 1160 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

19:58:15.0035 1160 EventSystem - ok

19:58:15.0176 1160 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

19:58:15.0189 1160 exfat - ok

19:58:15.0275 1160 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

19:58:15.0322 1160 fastfat - ok

19:58:15.0353 1160 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

19:58:15.0353 1160 fdc - ok

19:58:15.0415 1160 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

19:58:15.0415 1160 fdPHost - ok

19:58:15.0447 1160 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

19:58:15.0447 1160 FDResPub - ok

19:58:15.0478 1160 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

19:58:15.0493 1160 FileInfo - ok

19:58:15.0525 1160 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

19:58:15.0525 1160 Filetrace - ok

19:58:15.0571 1160 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

19:58:15.0571 1160 flpydisk - ok

19:58:15.0618 1160 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

19:58:15.0634 1160 FltMgr - ok

19:58:15.0841 1160 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll

19:58:15.0878 1160 FontCache - ok

19:58:16.0013 1160 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

19:58:16.0015 1160 FontCache3.0.0.0 - ok

19:58:16.0056 1160 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

19:58:16.0057 1160 Fs_Rec - ok

19:58:16.0091 1160 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

19:58:16.0093 1160 gagp30kx - ok

19:58:16.0121 1160 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\Drivers\GEARAspiWDM.sys

19:58:16.0122 1160 GEARAspiWDM - ok

19:58:16.0184 1160 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files\NOS\bin\getPlus_Helper.dll

19:58:16.0186 1160 getPlusHelper - ok

19:58:16.0309 1160 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

19:58:16.0364 1160 gpsvc - ok

19:58:16.0501 1160 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

19:58:16.0515 1160 gupdate - ok

19:58:16.0536 1160 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

19:58:16.0538 1160 gupdatem - ok

19:58:16.0577 1160 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

19:58:16.0580 1160 gusvc - ok

19:58:16.0630 1160 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys

19:58:16.0632 1160 hamachi - ok

19:58:16.0699 1160 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:58:16.0724 1160 HDAudBus - ok

19:58:16.0782 1160 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

19:58:16.0782 1160 HidBth - ok

19:58:16.0829 1160 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

19:58:16.0829 1160 HidIr - ok

19:58:16.0860 1160 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll

19:58:16.0875 1160 hidserv - ok

19:58:16.0922 1160 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

19:58:16.0938 1160 HidUsb - ok

19:58:16.0969 1160 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

19:58:16.0985 1160 hkmsvc - ok

19:58:17.0000 1160 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

19:58:17.0000 1160 HpCISSs - ok

19:58:17.0047 1160 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

19:58:17.0094 1160 HSFHWAZL - ok

19:58:17.0250 1160 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

19:58:17.0298 1160 HSF_DPV - ok

19:58:17.0298 1160 HSXHWAZL - ok

19:58:17.0372 1160 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

19:58:17.0403 1160 HTTP - ok

19:58:17.0411 1160 hwdatacard - ok

19:58:17.0465 1160 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

19:58:17.0467 1160 i2omp - ok

19:58:17.0500 1160 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

19:58:17.0502 1160 i8042prt - ok

19:58:17.0619 1160 IAANTMON (582f2d900a3ac34c98fbdc2c0abef6b9) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

19:58:17.0631 1160 IAANTMON - ok

19:58:17.0700 1160 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys

19:58:17.0703 1160 iaStor - ok

19:58:17.0773 1160 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

19:58:17.0778 1160 iaStorV - ok

19:58:17.0894 1160 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

19:58:17.0896 1160 IDriverT - ok

19:58:18.0081 1160 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:58:18.0109 1160 idsvc - ok

19:58:18.0428 1160 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

19:58:18.0429 1160 iirsp - ok

19:58:18.0513 1160 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

19:58:18.0533 1160 IKEEXT - ok

19:58:18.0731 1160 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys

19:58:18.0733 1160 int15 - ok

19:58:18.0958 1160 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys

19:58:19.0010 1160 IntcAzAudAddService - ok

19:58:19.0230 1160 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

19:58:19.0231 1160 intelide - ok

19:58:19.0265 1160 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

19:58:19.0267 1160 intelppm - ok

19:58:19.0311 1160 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

19:58:19.0314 1160 IPBusEnum - ok

19:58:19.0367 1160 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:58:19.0369 1160 IpFilterDriver - ok

19:58:19.0414 1160 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

19:58:19.0447 1160 iphlpsvc - ok

19:58:19.0495 1160 IpInIp - ok

19:58:19.0547 1160 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

19:58:19.0549 1160 IPMIDRV - ok

19:58:19.0622 1160 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

19:58:19.0624 1160 IPNAT - ok

19:58:19.0660 1160 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

19:58:19.0661 1160 IRENUM - ok

19:58:19.0679 1160 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

19:58:19.0681 1160 isapnp - ok

19:58:19.0726 1160 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

19:58:19.0730 1160 iScsiPrt - ok

19:58:19.0775 1160 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

19:58:19.0777 1160 iteatapi - ok

19:58:19.0794 1160 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

19:58:19.0796 1160 iteraid - ok

19:58:19.0850 1160 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

19:58:19.0850 1160 kbdclass - ok

19:58:19.0882 1160 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

19:58:19.0882 1160 kbdhid - ok

19:58:19.0928 1160 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:58:19.0928 1160 KeyIso - ok

19:58:19.0992 1160 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

19:58:20.0019 1160 KSecDD - ok

19:58:20.0118 1160 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

19:58:20.0156 1160 KtmRm - ok

19:58:20.0215 1160 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll

19:58:20.0264 1160 LanmanServer - ok

19:58:20.0313 1160 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

19:58:20.0319 1160 LanmanWorkstation - ok

19:58:20.0420 1160 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

19:58:20.0422 1160 LightScribeService - ok

19:58:20.0490 1160 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys

19:58:20.0492 1160 lirsgt - ok

19:58:20.0531 1160 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

19:58:20.0532 1160 lltdio - ok

19:58:20.0617 1160 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

19:58:20.0623 1160 lltdsvc - ok

19:58:20.0647 1160 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

19:58:20.0650 1160 lmhosts - ok

19:58:20.0686 1160 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

19:58:20.0688 1160 LSI_FC - ok

19:58:20.0709 1160 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

19:58:20.0711 1160 LSI_SAS - ok

19:58:20.0730 1160 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

19:58:20.0733 1160 LSI_SCSI - ok

19:58:20.0776 1160 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

19:58:20.0778 1160 luafv - ok

19:58:20.0835 1160 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

19:58:20.0838 1160 Mcx2Svc - ok

19:58:20.0843 1160 mdmxsdk - ok

19:58:20.0875 1160 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

19:58:20.0877 1160 megasas - ok

19:58:20.0922 1160 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

19:58:20.0925 1160 MMCSS - ok

19:58:20.0964 1160 MobilityService - ok

19:58:21.0019 1160 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

19:58:21.0021 1160 Modem - ok

19:58:21.0053 1160 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

19:58:21.0055 1160 monitor - ok

19:58:21.0079 1160 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

19:58:21.0080 1160 mouclass - ok

19:58:21.0147 1160 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

19:58:21.0148 1160 mouhid - ok

19:58:21.0194 1160 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

19:58:21.0196 1160 MountMgr - ok

19:58:21.0248 1160 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

19:58:21.0251 1160 mpio - ok

19:58:21.0292 1160 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

19:58:21.0293 1160 mpsdrv - ok

19:58:21.0394 1160 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

19:58:21.0425 1160 MpsSvc - ok

19:58:21.0457 1160 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

19:58:21.0457 1160 Mraid35x - ok

19:58:21.0503 1160 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

19:58:21.0519 1160 MRxDAV - ok

19:58:21.0550 1160 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:58:21.0550 1160 mrxsmb - ok

19:58:21.0609 1160 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:58:21.0614 1160 mrxsmb10 - ok

19:58:21.0654 1160 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:58:21.0657 1160 mrxsmb20 - ok

19:58:21.0706 1160 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

19:58:21.0708 1160 msahci - ok

19:58:21.0732 1160 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

19:58:21.0734 1160 msdsm - ok

19:58:21.0797 1160 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

19:58:21.0814 1160 MSDTC - ok

19:58:21.0876 1160 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

19:58:21.0877 1160 Msfs - ok

19:58:21.0900 1160 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

19:58:21.0901 1160 msisadrv - ok

19:58:21.0969 1160 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

19:58:21.0973 1160 MSiSCSI - ok

19:58:21.0978 1160 msiserver - ok

19:58:22.0030 1160 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

19:58:22.0031 1160 MSKSSRV - ok

19:58:22.0071 1160 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

19:58:22.0072 1160 MSPCLOCK - ok

19:58:22.0113 1160 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

19:58:22.0114 1160 MSPQM - ok

19:58:22.0182 1160 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

19:58:22.0195 1160 MsRPC - ok

19:58:22.0219 1160 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

19:58:22.0220 1160 mssmbios - ok

19:58:22.0243 1160 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

19:58:22.0244 1160 MSTEE - ok

19:58:22.0261 1160 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

19:58:22.0263 1160 Mup - ok

19:58:22.0335 1160 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

19:58:22.0344 1160 napagent - ok

19:58:22.0414 1160 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

19:58:22.0463 1160 NativeWifiP - ok

19:58:22.0555 1160 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

19:58:22.0586 1160 NDIS - ok

19:58:22.0615 1160 Ndisprot - ok

19:58:22.0660 1160 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

19:58:22.0662 1160 NdisTapi - ok

19:58:22.0705 1160 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

19:58:22.0706 1160 Ndisuio - ok

19:58:22.0755 1160 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

19:58:22.0758 1160 NdisWan - ok

19:58:22.0817 1160 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

19:58:22.0819 1160 NDProxy - ok

19:58:22.0884 1160 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

19:58:22.0886 1160 NetBIOS - ok

19:58:22.0942 1160 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

19:58:22.0945 1160 netbt - ok

19:58:22.0988 1160 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:58:22.0991 1160 Netlogon - ok

19:58:23.0111 1160 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

19:58:23.0120 1160 Netman - ok

19:58:23.0249 1160 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

19:58:23.0332 1160 NetMsmqActivator - ok

19:58:23.0337 1160 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

19:58:23.0338 1160 NetPipeActivator - ok

19:58:23.0420 1160 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

19:58:23.0440 1160 netprofm - ok

19:58:23.0445 1160 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

19:58:23.0447 1160 NetTcpActivator - ok

19:58:23.0452 1160 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

19:58:23.0456 1160 NetTcpPortSharing - ok

19:58:23.0759 1160 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys

19:58:23.0868 1160 NETw4v32 - ok

19:58:24.0119 1160 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

19:58:24.0121 1160 nfrd960 - ok

19:58:24.0168 1160 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

19:58:24.0202 1160 NlaSvc - ok

19:58:24.0286 1160 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

19:58:24.0288 1160 Npfs - ok

19:58:24.0323 1160 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

19:58:24.0326 1160 nsi - ok

19:58:24.0364 1160 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

19:58:24.0365 1160 nsiproxy - ok

19:58:24.0561 1160 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

19:58:24.0616 1160 Ntfs - ok

19:58:24.0648 1160 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys

19:58:24.0649 1160 NTIDrvr - ok

19:58:24.0691 1160 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

19:58:24.0692 1160 ntrigdigi - ok

19:58:24.0711 1160 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

19:58:24.0712 1160 Null - ok

19:58:25.0559 1160 nvlddmkm (8e5e17b69830d7cc4691a8e564870c46) C:\Windows\system32\DRIVERS\nvlddmkm.sys

19:58:25.0768 1160 nvlddmkm - ok

19:58:26.0003 1160 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

19:58:26.0005 1160 nvraid - ok

19:58:26.0057 1160 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

19:58:26.0059 1160 nvstor - ok

19:58:26.0079 1160 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

19:58:26.0082 1160 nv_agp - ok

19:58:26.0087 1160 NwlnkFlt - ok

19:58:26.0094 1160 NwlnkFwd - ok

19:58:26.0239 1160 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:58:26.0274 1160 odserv - ok

19:58:26.0315 1160 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

19:58:26.0317 1160 ohci1394 - ok

19:58:26.0350 1160 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:58:26.0353 1160 ose - ok

19:58:26.0464 1160 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:58:26.0512 1160 p2pimsvc - ok

19:58:26.0521 1160 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:58:26.0529 1160 p2psvc - ok

19:58:26.0601 1160 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

19:58:26.0603 1160 Parport - ok

19:58:26.0651 1160 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys

19:58:26.0652 1160 partmgr - ok

19:58:26.0701 1160 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

19:58:26.0702 1160 Parvdm - ok

19:58:26.0740 1160 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

19:58:26.0743 1160 PcaSvc - ok

19:58:26.0790 1160 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

19:58:26.0804 1160 pci - ok

19:58:26.0839 1160 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

19:58:26.0840 1160 pciide - ok

19:58:26.0866 1160 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

19:58:26.0880 1160 pcmcia - ok

19:58:26.0980 1160 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

19:58:27.0000 1160 PEAUTH - ok

19:58:27.0186 1160 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

19:58:27.0257 1160 pla - ok

19:58:27.0448 1160 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

19:58:27.0454 1160 PlugPlay - ok

19:58:27.0532 1160 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:58:27.0539 1160 PNRPAutoReg - ok

19:58:27.0549 1160 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

19:58:27.0556 1160 PNRPsvc - ok

19:58:27.0639 1160 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

19:58:27.0656 1160 PolicyAgent - ok

19:58:27.0733 1160 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

19:58:27.0735 1160 PptpMiniport - ok

19:58:27.0767 1160 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

19:58:27.0768 1160 Processor - ok

19:58:27.0817 1160 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

19:58:27.0831 1160 ProfSvc - ok

19:58:27.0883 1160 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:58:27.0886 1160 ProtectedStorage - ok

19:58:27.0930 1160 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

19:58:27.0932 1160 PSched - ok

19:58:27.0962 1160 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys

19:58:27.0964 1160 PSDFilter - ok

19:58:27.0976 1160 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys

19:58:27.0977 1160 PSDNServ - ok

19:58:27.0998 1160 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys

19:58:28.0000 1160 psdvdisk - ok

19:58:28.0097 1160 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

19:58:28.0119 1160 ql2300 - ok

19:58:28.0151 1160 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

19:58:28.0155 1160 ql40xx - ok

19:58:28.0209 1160 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

19:58:28.0243 1160 QWAVE - ok

19:58:28.0316 1160 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

19:58:28.0317 1160 QWAVEdrv - ok

19:58:28.0357 1160 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

19:58:28.0358 1160 RasAcd - ok

19:58:28.0394 1160 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

19:58:28.0398 1160 RasAuto - ok

19:58:28.0450 1160 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:58:28.0453 1160 Rasl2tp - ok

19:58:28.0505 1160 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

19:58:28.0550 1160 RasMan - ok

19:58:28.0608 1160 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

19:58:28.0610 1160 RasPppoe - ok

19:58:28.0675 1160 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

19:58:28.0677 1160 RasSstp - ok

19:58:28.0725 1160 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

19:58:28.0749 1160 rdbss - ok

19:58:28.0832 1160 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:58:28.0833 1160 RDPCDD - ok

19:58:28.0913 1160 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

19:58:28.0918 1160 rdpdr - ok

19:58:28.0941 1160 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

19:58:28.0942 1160 RDPENCDD - ok

19:58:29.0097 1160 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

19:58:29.0115 1160 RDPWD - ok

19:58:29.0159 1160 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

19:58:29.0163 1160 RemoteAccess - ok

19:58:29.0224 1160 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

19:58:29.0240 1160 RemoteRegistry - ok

19:58:29.0317 1160 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

19:58:29.0330 1160 RFCOMM - ok

19:58:29.0418 1160 RichVideo (0a468612a19feb657d127e7c4810f6fc) C:\Program Files\CyberLink\Shared Files\RichVideo.exe

19:58:29.0462 1160 RichVideo - ok

19:58:29.0507 1160 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

19:58:29.0509 1160 rimmptsk - ok

19:58:29.0540 1160 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys

19:58:29.0542 1160 rimsptsk - ok

19:58:29.0552 1160 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys

19:58:29.0554 1160 rismxdp - ok

19:58:29.0596 1160 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

19:58:29.0599 1160 RpcLocator - ok

19:58:29.0678 1160 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll

19:58:29.0685 1160 RpcSs - ok

19:58:29.0752 1160 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

19:58:29.0754 1160 rspndr - ok

19:58:29.0790 1160 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

19:58:29.0792 1160 SamSs - ok

19:58:29.0830 1160 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

19:58:29.0833 1160 sbp2port - ok

19:58:29.0899 1160 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

19:58:29.0915 1160 SCardSvr - ok

19:58:30.0038 1160 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

19:58:30.0053 1160 Schedule - ok

19:58:30.0110 1160 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

19:58:30.0111 1160 SCPolicySvc - ok

19:58:30.0217 1160 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

19:58:30.0220 1160 sdbus - ok

19:58:30.0250 1160 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

19:58:30.0255 1160 SDRSVC - ok

19:58:30.0310 1160 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

19:58:30.0311 1160 secdrv - ok

19:58:30.0370 1160 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

19:58:30.0374 1160 seclogon - ok

19:58:30.0415 1160 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll

19:58:30.0419 1160 SENS - ok

19:58:30.0444 1160 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

19:58:30.0446 1160 Serenum - ok

19:58:30.0467 1160 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

19:58:30.0470 1160 Serial - ok

19:58:30.0502 1160 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

19:58:30.0503 1160 sermouse - ok

19:58:30.0583 1160 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

19:58:30.0588 1160 SessionEnv - ok

19:58:30.0648 1160 sfdrv01 (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys

19:58:30.0650 1160 sfdrv01 - ok

19:58:30.0687 1160 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

19:58:30.0689 1160 sffdisk - ok

19:58:30.0696 1160 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

19:58:30.0697 1160 sffp_mmc - ok

19:58:30.0728 1160 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

19:58:30.0730 1160 sffp_sd - ok

19:58:30.0775 1160 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys

19:58:30.0777 1160 sfhlp02 - ok

19:58:30.0793 1160 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

19:58:30.0794 1160 sfloppy - ok

19:58:30.0814 1160 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys

19:58:30.0816 1160 sfvfs02 - ok

19:58:30.0872 1160 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

19:58:30.0911 1160 SharedAccess - ok

19:58:31.0008 1160 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

19:58:31.0039 1160 ShellHWDetection - ok

19:58:31.0077 1160 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

19:58:31.0079 1160 sisagp - ok

19:58:31.0098 1160 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

19:58:31.0100 1160 SiSRaid2 - ok

19:58:31.0121 1160 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

19:58:31.0123 1160 SiSRaid4 - ok

19:58:31.0542 1160 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

19:58:31.0667 1160 slsvc - ok

19:58:32.0105 1160 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

19:58:32.0110 1160 SLUINotify - ok

19:58:32.0194 1160 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

19:58:32.0196 1160 Smb - ok

19:58:32.0289 1160 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

19:58:32.0293 1160 SNMPTRAP - ok

19:58:32.0496 1160 SNP2UVC (1c550748f896e53b7b0fe7717845132b) C:\Windows\system32\DRIVERS\snp2uvc.sys

19:58:32.0599 1160 SNP2UVC - ok

19:58:32.0861 1160 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

19:58:32.0862 1160 spldr - ok

19:58:32.0943 1160 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

19:58:32.0957 1160 Spooler - ok

19:58:33.0228 1160 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys

19:58:33.0228 1160 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b

19:58:33.0230 1160 sptd ( LockedFile.Multi.Generic ) - warning

19:58:33.0230 1160 sptd - detected LockedFile.Multi.Generic (1)

19:58:33.0301 1160 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

19:58:33.0329 1160 srv - ok

19:58:33.0369 1160 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

19:58:33.0382 1160 srv2 - ok

19:58:33.0422 1160 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

19:58:33.0425 1160 srvnet - ok

19:58:33.0481 1160 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

19:58:33.0494 1160 SSDPSRV - ok

19:58:33.0580 1160 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

19:58:33.0619 1160 SstpSvc - ok

19:58:33.0739 1160 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

19:58:33.0751 1160 stisvc - ok

19:58:33.0823 1160 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

19:58:33.0824 1160 swenum - ok

19:58:33.0887 1160 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

19:58:33.0925 1160 swprv - ok

19:58:33.0997 1160 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

19:58:33.0999 1160 Symc8xx - ok

19:58:34.0050 1160 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

19:58:34.0052 1160 Sym_hi - ok

19:58:34.0077 1160 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

19:58:34.0078 1160 Sym_u3 - ok

19:58:34.0121 1160 SynTP (5d6e865780aae258aba1a1484782cfec) C:\Windows\system32\DRIVERS\SynTP.sys

19:58:34.0167 1160 SynTP - ok

19:58:34.0264 1160 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

19:58:34.0308 1160 SysMain - ok

19:58:34.0367 1160 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

19:58:34.0374 1160 TabletInputService - ok

19:58:34.0439 1160 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

19:58:34.0458 1160 TapiSrv - ok

19:58:34.0493 1160 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

19:58:34.0498 1160 TBS - ok

19:58:34.0622 1160 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys

19:58:34.0672 1160 Tcpip - ok

19:58:34.0714 1160 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys

19:58:34.0721 1160 Tcpip6 - ok

19:58:34.0753 1160 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

19:58:34.0754 1160 tcpipreg - ok

19:58:34.0789 1160 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

19:58:34.0790 1160 TDPIPE - ok

19:58:34.0828 1160 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

19:58:34.0830 1160 TDTCP - ok

19:58:34.0867 1160 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

19:58:34.0869 1160 tdx - ok

19:58:34.0912 1160 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

19:58:34.0914 1160 TermDD - ok

19:58:35.0013 1160 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

19:58:35.0029 1160 TermService - ok

19:58:35.0107 1160 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

19:58:35.0107 1160 Themes - ok

19:58:35.0154 1160 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

19:58:35.0154 1160 THREADORDER - ok

19:58:35.0216 1160 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

19:58:35.0232 1160 TrkWks - ok

19:58:35.0294 1160 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

19:58:35.0294 1160 TrustedInstaller - ok

19:58:35.0325 1160 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:58:35.0341 1160 tssecsrv - ok

19:58:35.0372 1160 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

19:58:35.0372 1160 tunmp - ok

19:58:35.0419 1160 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

19:58:35.0419 1160 tunnel - ok

19:58:35.0481 1160 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

19:58:35.0481 1160 uagp35 - ok

19:58:35.0612 1160 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

19:58:35.0617 1160 udfs - ok

19:58:35.0698 1160 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

19:58:35.0702 1160 UI0Detect - ok

19:58:35.0740 1160 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

19:58:35.0742 1160 uliagpkx - ok

19:58:35.0772 1160 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

19:58:35.0804 1160 uliahci - ok

19:58:35.0860 1160 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

19:58:35.0863 1160 UlSata - ok

19:58:35.0910 1160 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

19:58:35.0912 1160 ulsata2 - ok

19:58:35.0946 1160 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

19:58:35.0948 1160 umbus - ok

19:58:36.0002 1160 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

19:58:36.0044 1160 upnphost - ok

19:58:36.0114 1160 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\Windows\system32\Drivers\usbaapl.sys

19:58:36.0115 1160 USBAAPL - ok

19:58:36.0149 1160 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

19:58:36.0151 1160 usbccgp - ok

19:58:36.0176 1160 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

19:58:36.0179 1160 usbcir - ok

19:58:36.0217 1160 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

19:58:36.0219 1160 usbehci - ok

19:58:36.0266 1160 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

19:58:36.0277 1160 usbhub - ok

19:58:36.0313 1160 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

19:58:36.0314 1160 usbohci - ok

19:58:36.0363 1160 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

19:58:36.0364 1160 usbprint - ok

19:58:36.0388 1160 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:58:36.0390 1160 USBSTOR - ok

19:58:36.0426 1160 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

19:58:36.0427 1160 usbuhci - ok

19:58:36.0462 1160 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

19:58:36.0467 1160 UxSms - ok

19:58:36.0551 1160 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

19:58:36.0583 1160 vds - ok

19:58:36.0614 1160 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

19:58:36.0614 1160 vga - ok

19:58:36.0645 1160 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

19:58:36.0645 1160 VgaSave - ok

19:58:36.0676 1160 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

19:58:36.0676 1160 viaagp - ok

19:58:36.0707 1160 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

19:58:36.0707 1160 ViaC7 - ok

19:58:36.0723 1160 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

19:58:36.0723 1160 viaide - ok

19:58:36.0754 1160 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

19:58:36.0770 1160 volmgr - ok

19:58:36.0833 1160 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

19:58:36.0872 1160 volmgrx - ok

19:58:36.0937 1160 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

19:58:36.0982 1160 volsnap - ok

19:58:37.0025 1160 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

19:58:37.0027 1160 vsmraid - ok

19:58:37.0191 1160 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

19:58:37.0249 1160 VSS - ok

19:58:37.0486 1160 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

19:58:37.0515 1160 vToolbarUpdater10.2.0 - ok

19:58:37.0770 1160 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

19:58:37.0812 1160 W32Time - ok

19:58:37.0894 1160 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

19:58:37.0896 1160 WacomPen - ok

19:58:37.0933 1160 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

19:58:37.0935 1160 Wanarp - ok

19:58:37.0983 1160 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

19:58:37.0984 1160 Wanarpv6 - ok

19:58:38.0037 1160 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

19:58:38.0095 1160 wcncsvc - ok

19:58:38.0173 1160 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

19:58:38.0173 1160 WcsPlugInService - ok

19:58:38.0205 1160 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

19:58:38.0205 1160 Wd - ok

19:58:38.0283 1160 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

19:58:38.0314 1160 Wdf01000 - ok

19:58:38.0361 1160 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

19:58:38.0376 1160 WdiServiceHost - ok

19:58:38.0376 1160 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

19:58:38.0376 1160 WdiSystemHost - ok

19:58:38.0532 1160 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

19:58:38.0548 1160 WebClient - ok

19:58:38.0626 1160 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll

19:58:38.0626 1160 Wecsvc - ok

19:58:38.0648 1160 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

19:58:38.0653 1160 wercplsupport - ok

19:58:38.0710 1160 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

19:58:38.0714 1160 WerSvc - ok

19:58:38.0797 1160 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

19:58:38.0824 1160 winachsf - ok

19:58:38.0868 1160 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys

19:58:38.0869 1160 winbondcir - ok

19:58:39.0017 1160 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

19:58:39.0040 1160 WinDefend - ok

19:58:39.0053 1160 WinHttpAutoProxySvc - ok

19:58:39.0252 1160 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

19:58:39.0256 1160 Winmgmt - ok

19:58:39.0406 1160 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll

19:58:39.0433 1160 WinRM - ok

19:58:39.0531 1160 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

19:58:39.0574 1160 Wlansvc - ok

19:58:39.0743 1160 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe

19:58:39.0743 1160 WLSetupSvc - ok

19:58:39.0821 1160 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

19:58:39.0821 1160 WmiAcpi - ok

19:58:39.0945 1160 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

19:58:39.0945 1160 wmiApSrv - ok

19:58:40.0101 1160 WMIService (e8781cf1a4262881897444d22921a3a6) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

19:58:40.0119 1160 WMIService - ok

19:58:40.0277 1160 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

19:58:40.0345 1160 WMPNetworkSvc - ok

19:58:40.0669 1160 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

19:58:40.0718 1160 WPCSvc - ok

19:58:40.0770 1160 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll

19:58:40.0775 1160 WPDBusEnum - ok

19:58:40.0858 1160 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

19:58:40.0859 1160 WpdUsb - ok

19:58:41.0147 1160 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

19:58:41.0198 1160 WPFFontCache_v0400 - ok

19:58:41.0249 1160 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

19:58:41.0250 1160 ws2ifsl - ok

19:58:41.0338 1160 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll

19:58:41.0343 1160 wscsvc - ok

19:58:41.0348 1160 WSearch - ok

19:58:41.0360 1160 wtsmpadap - ok

19:58:41.0367 1160 WtSmpFlt - ok

19:58:41.0647 1160 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

19:58:41.0705 1160 wuauserv - ok

19:58:41.0907 1160 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:58:41.0910 1160 WUDFRd - ok

19:58:41.0986 1160 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

19:58:41.0991 1160 wudfsvc - ok

19:58:42.0115 1160 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl

19:58:42.0132 1160 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok

19:58:42.0180 1160 MBR (0x1B8) (491c1210e12439fa79450fc718bb74f5) \Device\Harddisk0\DR0

19:58:45.0268 1160 \Device\Harddisk0\DR0 - ok

19:58:45.0338 1160 Boot (0x1200) (306108abac22b3f37b3e696e81b63412) \Device\Harddisk0\DR0\Partition0

19:58:45.0340 1160 \Device\Harddisk0\DR0\Partition0 - ok

19:58:45.0365 1160 Boot (0x1200) (3a50abe3761efdf29baa3b90ef222b60) \Device\Harddisk0\DR0\Partition1

19:58:45.0367 1160 \Device\Harddisk0\DR0\Partition1 - ok

19:58:45.0371 1160 ============================================================

19:58:45.0371 1160 Scan finished

19:58:45.0371 1160 ============================================================

19:58:45.0384 0124 Detected object count: 1

19:58:45.0384 0124 Actual detected object count: 1

19:58:56.0259 0124 sptd ( LockedFile.Multi.Generic ) - skipped by user

19:58:56.0259 0124 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

 

 

Lenke til kommentar

IKARUS melder noe av filene som befinner seg under:

C:\Users\John Alfred\Documents\Visual Studio 2010\Projects

som Malware (Hacktool, Backdoor Poison)

 

Men nok om det. HitmanPro har puttet disse filene i Quarantene. Hvis du er sikker på at du kjenner disse filene og de er sikre kan du flytte dem ut av Quarantene igjen. Opp til deg.

 

 

OTL FIX:

 

Avslutt alle aktive programer og deaktiver alle Antivirus Guards.

åpne OTL.exe som Administrator. (høyreklick)

Kopier og lim in

følgende text in i den hvite textboksen til OTL.

 

:OTL

FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search"

FF - prefs.js..browser.startup.homepage: "http://search.linkury.com"

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

@Alternate Data Stream - 125 bytes -&--#62; C:\ProgramData\TEMP:A95A95AC

:Commands

[purity]

[emptytemp]

[emtyflash]

[resethosts]

 

Klick deretter: FIX

PC vil restarte og det kommer opp et log. Post det.

 

 

 

2. Scan av ukjent driver hos virusTotal. Gå til https://www.virustotal.com/

Klick: Choose File. I det nye vinduet under "Filenavn" kopierer du inn:

 

C:\Windows\System32\drivers\xqbh.sys

Klick "Åpne".

Post log av scan.

 

3. Scan av MBR:

http://public.avast....erek/aswMBR.htm Post log.

 

Hvordan fungerer PCen nå?

Endret av TheGenius
Lenke til kommentar

otl logg:

 

All processes killed

========== OTL ==========

Prefs.js: "Linkury Smartbar Search" removed from browser.search.selectedEngine

Prefs.js: "http://search.linkury.com" removed from browser.startup.homepage

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA not found.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Unable to delete ADS Alternate Data Stream - 125 bytes -&--#62; C:\ProgramData\TEMP:A95A95AC .

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Gjest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: John Alfred

->Temp folder emptied: 5263838 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 9184850 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4045351 bytes

RecycleBin emptied: 929 bytes

 

Total Files Cleaned = 18,00 mb

 

Error: Unable to interpret <[emtyflash]> in the current context!

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.43.1 log created on 05242012_081952

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

 

 

VirusTotal: finner ikke filen.

 

aswMBR:

 

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-24 08:00:54

-----------------------------

08:00:54.181 OS Version: Windows 6.0.6002 Service Pack 2

08:00:54.181 Number of processors: 2 586 0xF0D

08:00:54.182 ComputerName: JOHNALFREDS-PC UserName: John Alfred

08:00:55.345 Initialize success

08:01:08.394 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

08:01:08.394 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3

08:01:08.410 Disk 0 MBR read successfully

08:01:08.425 Disk 0 MBR scan

08:01:08.425 Disk 0 unknown MBR code

08:01:08.425 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63

08:01:08.441 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 114372 MB offset 20467712

08:01:08.472 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 110788 MB offset 254701568

08:01:08.503 Disk 0 Partition 4 00 12 Compaq diag NTFS 3320 MB offset 481595392

08:01:08.503 Disk 0 scanning sectors +488394752

08:01:08.581 Disk 0 scanning C:\Windows\system32\drivers

08:01:23.752 Service scanning

08:01:47.308 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

08:01:56.247 Modules scanning

08:02:26.572 Disk 0 trace - called modules:

08:02:26.604 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iastor.sys spaj.sys >>UNKNOWN [0x85df7938]<<

08:02:26.604 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86dfa978]

08:02:26.604 3 CLASSPNP.SYS[891188b3] -> nt!IofCallDriver -> [0x85eef790]

08:02:26.604 5 acpi.sys[88c086bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85ed6030]

08:02:26.604 Scan finished successfully

08:09:33.284 Disk 0 MBR has been saved successfully to "C:\Users\John Alfred\Desktop\MBR.dat"

08:09:33.284 The log file has been saved successfully to "C:\Users\John Alfred\Desktop\aswMBR.txt"

 

 

Lenke til kommentar

PCen har forsåvidt alltid fungert, men jeg har fått beskjed om at det er uønska trafikk på internettforbindelsen min, som jeg er nødt til å få fjerna, ellers truer internettleverandøren med å stenge linja. Problemet er jo at jeg ikke har visst om at jeg har hatt noe virus/Malware, annet enn at jeg merker at den litt slitne PCen min er ganske treig.

Lenke til kommentar

Script for Combofix:

 

 

- Deaktiver alle AntivirusGuards!

- Avslutt alle programmer.

- Slett combofix.exe og last ned combofix ned på nytt direkte på ditt desktop.

- Åpne Notepad.

- Kopier in følgende text:

 

 

FOLDER::

C:\Users\John Alfred\AppData\Roaming\OpenCandy

ROOTKIT::

C:\Windows\System32\drivers\xqbh.sys

DRIVER::

agdaom

 

- Lagre txt. filen som CFScript.txt

 

- Klick og dra txt. filen CFScript.txt med musen over combofix.exe og slipp den.

 

Combofix vil starte. Vent til den restarte PCen og det kommer opp et log. Post denne.

 

 

2. Online Scan med ESET Online Scanner:

http://www.eset.com/us/online-scanner/

Slett alle funn og post log.

 

3. Spørsmål:

Har du aktivert denne Proxyen i Firefox?

FF - prefs.js..network.proxy.ftp: "10.41.16.1"

FF - prefs.js..network.proxy.ftp_port: 8080

 

Hvis ikke deaktiver proxyen.

Endret av TheGenius
Lenke til kommentar

ComboFix-logg:

 

ComboFix 12-05-25.03 - John Alfred 25.05.2012 22:18:45.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.2046.982 [GMT 2:00]

Kjører fra: c:\users\John Alfred\Desktop\ComboFix.exe

Command switches brukt :: c:\users\John Alfred\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\John Alfred\AppData\Roaming\OpenCandy

c:\users\John Alfred\AppData\Roaming\OpenCandy\59EE843EBB1D401F99863D8D831F9E2E\2922.ico

c:\users\John Alfred\AppData\Roaming\OpenCandy\59EE843EBB1D401F99863D8D831F9E2E\EBB77268-338F-4C6A-8590-AD88FED26F4A

c:\users\John Alfred\AppData\Roaming\OpenCandy\59EE843EBB1D401F99863D8D831F9E2E\LinkuryInstaller.msi

c:\users\John Alfred\AppData\Roaming\OpenCandy\59EE843EBB1D401F99863D8D831F9E2E\LinkuryInstallerCHCB_p1v13.exe

c:\users\John Alfred\AppData\Roaming\OpenCandy\59EE843EBB1D401F99863D8D831F9E2E\OCBrowserHelper_1.0.3.85.dll

c:\users\John Alfred\AppData\Roaming\OpenCandy\59EE843EBB1D401F99863D8D831F9E2E\OCStatsdll.dll

c:\windows\hide.exe

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\ReadMe.txt

.

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2012-04-25 til 2012-05-25 )))))))))))))))))))))))))))))))))

.

.

2012-05-25 20:26 . 2012-05-25 20:30 -------- d-----w- c:\users\John Alfred\AppData\Local\temp

2012-05-25 20:26 . 2012-05-25 20:26 -------- d-----w- c:\users\Gjest\AppData\Local\temp

2012-05-25 20:26 . 2012-05-25 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-25 20:26 . 2012-05-25 20:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-05-25 20:17 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5B097AF7-625E-44C6-9738-D0A997A661F3}\mpengine.dll

2012-05-24 05:17 . 2012-05-24 05:17 -------- d-----w- C:\_OTL

2012-05-23 14:52 . 2012-05-23 14:52 12872 ----a-w- c:\windows\system32\bootdelete.exe

2012-05-23 12:23 . 2012-05-23 14:52 -------- d-----w- c:\programdata\HitmanPro

2012-05-21 07:59 . 2012-05-21 07:59 -------- d-----w- c:\users\John Alfred\AppData\Roaming\Malwarebytes

2012-05-21 07:59 . 2012-05-21 07:59 -------- d-----w- c:\programdata\Malwarebytes

2012-05-21 07:59 . 2012-05-21 07:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-21 07:59 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-09 13:17 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-09 13:17 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 13:17 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-27 01:05 . 2012-01-16 17:41 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2012-02-29 15:11 . 2012-04-12 01:07 5120 ----a-w- c:\windows\system32\wmi.dll

2012-02-29 15:11 . 2012-04-12 01:07 172032 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 15:09 . 2012-04-12 01:07 157696 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 13:32 . 2012-04-12 01:07 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-02-28 01:18 . 2012-04-12 01:08 1799168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 01:11 . 2012-04-12 01:08 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 01:08 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 01:03 . 2012-04-12 01:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-27 23:04 . 2011-07-28 21:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-07 09:39 . 2011-05-10 10:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zebtab"="c:\users\John Alfred\AppData\Roaming\Microsoft\Windows\Start Menu/Programs/Zebtab/Zebtab.appref-ms" [X]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]

"PLFSet"="c:\windows\PLFSet.dll" [2007-08-08 45056]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]

"SetSpeaker"="c:\windows\SetSpkDefault.exe" [2007-11-27 86016]

"RtHDVCpl"="RtHDVCpl.exe" [2007-09-04 4702208]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-26 81920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-03 198160]

"QuickTime Task"="d:\programfiler\Quick Time Player\QTTask.exe" [2010-09-08 421888]

.

c:\users\John Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]

Mannakorn.lnk - c:\windows\Installer\{DD8FD2DD-9BBB-47B7-9960-8F90EC604B34}\DbViewer.exe1_2591D4733A864620A0C71620ED4F698E.exe [2009-9-2 45056]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet]

2007-08-08 02:37 45056 ----a-w- c:\windows\PLFSet.dll

.

--- Andre tjenester/drivere lastet i minnet ---

.

*Deregistered* - AmFSM

*Deregistered* - PavProc

*Deregistered* - ShldDrv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

getPlusHelper REG_MULTI_SZ getPlusHelper

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

.

2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 23:09]

.

2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 23:09]

.

2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-833421312-3509518398-1867728553-1000Core.job

- c:\users\John Alfred\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-12 16:00]

.

2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-833421312-3509518398-1867728553-1000UA.job

- c:\users\John Alfred\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-12 16:00]

.

.

------- Tilleggsskanning -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://search.linkury.com/newtab.html

mStart Page = hxxp://no.intl.acer.yahoo.com

uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\John Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\97g348h9.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL - hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=

FF - prefs.js: network.proxy.ftp - 10.41.16.1

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - 10.41.16.1

FF - prefs.js: network.proxy.gopher_port - 8080

FF - prefs.js: network.proxy.http - 10.41.16.1

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.socks - 10.41.16.1

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - 10.41.16.1

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 4

.

- - - - TOMME PEKERE FJERNET - - - -

.

HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-25 22:30

Windows 6.0.6002 Service Pack 2 NTFS

.

skanner skjulte prosesser ...

.

skanner skjulte autostart-oppføringer ...

.

skanner skjulte filer ...

.

skanning vellykket

skjulte filer: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

.

[HKEY_USERS\S-1-5-21-833421312-3509518398-1867728553-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:87,fb,b5,60,86,31,d4,22,bf,7a,44,0f,71,6e,9d,c9,ac,d5,b0,12,b7,28,1e,

b4,f5,52,36,e7,2a,7c,39,8f,5c,93,b0,52,d3,77,97,60,8b,04,92,56,f0,d8,db,a9,\

"??"=hex:1e,83,5b,2e,56,e6,4c,4c,62,cf,a6,3c,de,bd,01,fe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

.

- - - - - - - > 'Explorer.exe'(4080)

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\acer\Empowering Technology\eDataSecurity\eDSService.exe

c:\acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\acer\Empowering Technology\eNet\eNet Service.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\acer\Mobility Center\MobilityService.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\acer\Empowering Technology\ePower\ePowerSvc.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\conime.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\windows\RtHDVCpl.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\rundll32.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\users\JOHNAL~1\AppData\Local\Temp\RtkBtMnt.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2012-05-25 22:38:26 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2012-05-25 20:38

ComboFix2.txt 2012-05-21 11:42

.

Pre-Run: 55 932 866 560 byte ledig

Post-Run: 55 578 046 464 byte ledig

.

- - End Of File - - A4A5273A99909AC966C0A1F62A4081EB

 

 

 

Jeg la også merke til at SetSPKDefault.exe kjører ved oppstart. Dette er vel også noe rusk...?

Og så har jeg nettsida "search . babylon . com" som har tatt over firefox virker det som :p

 

Jeg fikk ikke kjørt ESET-scannen. Lasta ned en fil for å akesptere noen vilkår, men den ville ikke kjøre i det hele tatt.

Lenke til kommentar

SetSPKDefault.exe er ingen fare, dette er en legitim file.

 

Men du har fortsatt aktive Rootkits. Etter en total analyse og feedback med en kollege anbefaler jeg deg å reinstallere Windows ny. (Evtl. bruke Windows Restore Option, som setter PCen tilbake til utleveringstilstand, sjekk PC Håndbok om dette er installert.

 

Grunn for denne anbefalingen:

 

PCen din var svært infisert og det er fortsatt malware aktiv.

Du har Autorun Malware. Dette betyr at noe av dine mobile Medier (USB Sticks, Mobil...) er infisert med et såkalt Worm (AutorunMalware)

http://en.wikipedia....i/Computer_worm

 

Funn fra Combofix peker på at det er/var en Keylogger aktiv på ditt system.

http://en.wikipedia.org/wiki/Keystroke_logging

 

Derfor: Install Windows på nytt, deaktiver Autorun og kontroller alle dine mobile Medier på malware.

Forandre alle dine Passord fra en annen PC.

Endret av TheGenius
Lenke til kommentar

Det er vel min konklusjon etter hvert også. Tryggest å gjøre det. Er det noe spesiell formattering jeg bør gjøre utenom å formattere på vanlig måte (det finnes vel noe hardcore program eller noe for å gjøre det skikkelig)?

 

Er det en mulighet for at viruset har "smittet" til andre PCer som er tilkoblet samme trådløse nettverk? Har sjekket den andre PCenmed MSE og malwarebytes, og de rapporterte ikke om noe galt. Jeg har også en Mac, og har kjørt avira AntiVir på den for sikkerhets skyld, men den rapporterte ikke om noe (Mac går vel for å være ganske trygt i utganspunktet også).

 

Kanskje dumt spørsmål, men er det en mulighet at det kan ligge noe igjen på routeren...? Er det slik at en eventuell keylogger kan ha snappet opp passord fra de andre PCene som er tilkoblet nettverket? Bør routeren resettes? :whistle:

Lenke til kommentar

Hai igjen.

 

Ja, du burde, når du reinstaller Windows, løse opp alle partitioner og lage dem på nytt. Gjennom det skriver du MBR på nytt, i tilfelle MBR infeksjon.

 

http://windows.microsoft.com/en-us/windows-vista/Installing-and-reinstalling-Windows-Vista (Clean install)

 

Dine filer kan du først lagre på en clean ekstern disk med en såkalt Live-CD. Eksempel:

http://www.howtogeek.com/howto/windows-vista/use-ubuntu-live-cd-to-backup-files-from-your-dead-windows-computer/

http://www.bootmed.com/bootmed/

 

Ja, det er stor mulighet at AutorunMalware kan springe over til andre PC eller på mobile Medier, når de er tilkoblet i samme nettverk eller tilkobles direkte. Routeren burde du resette, ja.

 

Mac er trygg? Ikke lenger. http://www.informationweek.com/news/security/vulnerabilities/232800374

 

Viktig for at du i fremtiden ungår malware infeksjoner:

http://tips4pc.com/top_10_computer_tips/top-10-tips-to-protect-yourself-against-computer-viruses.htm

 

Spesiellt viktig: Alltid update alle dine programmer og Windows!

http://www.filehippo.com/updatechecker/

 

Lykke til :thumbs:

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
×
×
  • Opprett ny...