arthon Skrevet 24. mai 2012 Del Skrevet 24. mai 2012 (endret) Jeg hadde plutselig noen problemer når Win7 startet her om dagen. Mest sannsynlig pga. en ny nVidia driver versjon som ikke helt fungerte med Windows. I min leting etter en reparasjon/løsning sjekket jeg Startup menyen i Windows og fant dette programmet; HKCU:Run yHefo C:\Users\[userName]\AppData\Roaming\diyEq.exe Googlet det uten å fine noen treff før etter mange forsøk, og fant dette; http://www.threatexp...7debe35100b42e9 What's been foundProduces outbound traffic. Downloads/requests other files from Internet. Creates a startup registry entry. The newly created Registry Value is: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] yHefo = "%AppData%\diyEq.exe" KB00441600.exe = ""%AppData%\KB00441600.exe"" so that %AppData%\diyEq.exe runs every time Windows starts so that KB00441600.exe runs every time Windows starts The following Internet Connection was established: Server Name Server Port Connect as User Connection Password antifraudprotectsustema.ru, 443 antifraudprotectsustema.ru, antifraudprotectsustema.ru Regnet som lavt trusselnivå, men kan jo selvfølgelig være en ventende Backdoor. Jeg fjernet hele programmet fra Startup med CCleaner. Resultatet er at innlogging og "sleep time" forandret seg. Skannet PC'n med Microsoft Security Essentials før programmet ble fjernet fra Startup menyen med resultat, Ingen Trussel Funnet. Selv om programmet er fjernet fra Startup menuen så har jeg ikke klart å finne de eventuelle forandringer som er gjort til Registry. Er det andre som har samme program på Startup menyen? Noen som har forslag til eventuelt å fjerne forandringen i Registry? Er yHefo et generelt navn for andre programfunksjoner for Win Startup? Andre forslag og erfaringer? Endret 24. mai 2012 av arthon Lenke til kommentar
Dr.Geek Skrevet 24. mai 2012 Del Skrevet 24. mai 2012 (endret) Hai. Dette er Malware, ja. Antageligvis er det den: https://www.virustot...0e7c1/analysis/ Gå til: https://www.virustotal.com/ og last opp denne filen C:\Users\[userName]\AppData\Roaming\diyEq.exe (du må gjøre skjulte filer og mapper synlige før du laster opp filen) Post log. Etter det gjør en fullscan med: http://www.malwareby...lwarebytes_free (Free) Post log. Endret 24. mai 2012 av TheGenius Lenke til kommentar
arthon Skrevet 24. mai 2012 Forfatter Del Skrevet 24. mai 2012 ^^^^ Takk!! Det skulle jeg jo selvfølgelig visst i går. Problemet nå er at jeg fjernet; [C:\Users\[userName]\AppData\Roaming\diyEq.exe] entry fra Startup menyen, så nå finner jeg jo ikke igjen den (bare notatet jeg gjorde til notepad) og kan ikke få skannet den via linken du postet. Før jeg installerer Malwarebytes og skanner; Vil det programmet finne viruset og assosierte filer nå når jeg har fjernet det fra Startup? Lenke til kommentar
Dr.Geek Skrevet 24. mai 2012 Del Skrevet 24. mai 2012 Filen ligger akkurat her, som sagt: [C:\Users\[userName]\AppData\Roaming\diyEq.exe] UserName må du erstatte med ditt brukerkonto/brukernavn. Malwarebytes er svært god på å finne utbredt Malware. Install det update det og gjør en fullscan. Så poster du loggen av scan. Den vil gi oss et godt oversikt over infeksjonsgraden, ja. Lenke til kommentar
arthon Skrevet 24. mai 2012 Forfatter Del Skrevet 24. mai 2012 Det er mulig jeg missforstår, men når jeg går til linken VirusTotal og Choose file så vil den jo hente filen fra Pc'n min. Men den har jeg jo slettet fra Startup og kan ikke finne igjen. Jeg vil installere Malaware bytes og skanne og se om den kommer opp med noe (og poste log i løpet av kvelden). Lenke til kommentar
Dr.Geek Skrevet 24. mai 2012 Del Skrevet 24. mai 2012 (endret) Det er mulig jeg missforstår, men når jeg går til linken VirusTotal og Choose file så vil den jo hente filen fra Pc'n min. Men den har jeg jo slettet fra Startup og kan ikke finne igjen. Jeg vil installere Malaware bytes og skanne og se om den kommer opp med noe (og poste log i løpet av kvelden). Du var jo så flink og fant med Google fram til ThreatExpert sin oversikt over truselen . Der står det jo blant annet: The newly created Registry Value is: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] yHefo = "%AppData%\diyEq.exe" KB00441600.exe = ""%AppData%\KB00441600.exe"" so that %AppData%\diyEq.exe runs every time Windows starts Registry "RunYHefo" entry peker mot selve filen som du ikke har slettet. Du har bare deaktivert Registry entry. Men ikke bekym deg mer om dette. Malwarebytes vil finne den for oss. Husk å poste loggen. Endret 24. mai 2012 av TheGenius Lenke til kommentar
arthon Skrevet 24. mai 2012 Forfatter Del Skrevet 24. mai 2012 Her er loggen. Kan ikke se at den filen jeg lette etter ble funnet, men en annen (Rogue.WormsRemover) som muligens har en sammenheng. Så jeg vet jo ikke helt sikkert om yHefo/diyEq.exe filen er funnet. Log med Username som ****** Malwarebytes Anti-Malware (Trial) 1.61.0.1400www.malwarebytes.org Database version: v2012.05.24.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ****** :: *****-PC [administrator] Protection: Enabled 24.05.2012 18:45:56 mbam-log-2012-05-24 (18-45-56).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 346931 Time elapsed: 16 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Junior Icon Editor (Rogue.WormsRemover) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files (x86)\Junior Icon Editor\uninstall.exe (Rogue.WormsRemover) -> Quarantined and deleted successfully. (end) Er det noe problem å ha Malaware bytes og Microsoft Security Essentilas kjørende samtidig i "Real time" eller er det best at Malaware ikke startes og heller brukes for ekstra skanning nå og da? Lenke til kommentar
Dr.Geek Skrevet 24. mai 2012 Del Skrevet 24. mai 2012 Nei, Malwarebytes fant den ikke. Vi gjør det med et OTL Log: http://www.geekstogo.com/1888/otl-by-oldtimer-a-modern-replacement-for-hijackthis/ (Bare post OTL.txt) Post denne loggen i Spoiler: Oppe til venstre i editor velg: Spesiell BB-Kode. Lenke til kommentar
arthon Skrevet 24. mai 2012 Forfatter Del Skrevet 24. mai 2012 Litt usikker på om det var dette du mente, men her er OT scan txt OTL logfile created on: 24.05.2012 20:00:02 - Run 1 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Arthon\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy 15,49 Gb Total Physical Memory | 13,35 Gb Available Physical Memory | 86,19% Memory free 30,97 Gb Paging File | 28,73 Gb Available in Paging File | 92,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 124,05 Gb Total Space | 61,35 Gb Free Space | 49,46% Space Free | Partition Type: NTFS Drive D: | 349,30 Gb Total Space | 337,68 Gb Free Space | 96,67% Space Free | Partition Type: NTFS Drive E: | 349,33 Gb Total Space | 188,37 Gb Free Space | 53,92% Space Free | Partition Type: NTFS Computer Name: ARTHON-PC | User Name: Arthon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.24 19:59:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Arthon\Desktop\OTL.exe PRC - [2012.05.13 00:33:59 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.02.06 19:32:34 | 000,102,568 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe PRC - [2012.01.30 14:32:16 | 001,120,936 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe PRC - [2011.12.23 16:39:38 | 000,174,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.12.22 19:58:42 | 000,318,080 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2011.11.21 14:22:08 | 000,080,512 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe PRC - [2011.11.21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2011.11.15 21:51:22 | 000,947,056 | ---- | M] (Opera Software) -- C:\Users\Arthon\AppData\Local\Time and Date 1.32\Time and Date 1.32.exe PRC - [2011.10.24 17:20:38 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.06 18:14:34 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.05.30 15:48:16 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe PRC - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010.11.15 12:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010.10.06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010.10.06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe ========== Modules (No Company Name) ========== MOD - [2012.05.13 00:34:00 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll MOD - [2012.05.13 00:34:00 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll MOD - [2012.05.13 00:34:00 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll MOD - [2012.05.13 00:34:00 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll MOD - [2012.05.13 00:34:00 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll MOD - [2012.05.13 00:34:00 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll MOD - [2012.05.13 00:34:00 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll MOD - [2012.05.13 00:34:00 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll MOD - [2012.05.13 00:34:00 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll MOD - [2012.05.13 00:34:00 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll MOD - [2012.05.13 00:34:00 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll MOD - [2012.05.13 00:34:00 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll MOD - [2012.05.13 00:34:00 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll MOD - [2012.02.06 19:32:30 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll MOD - [2011.11.15 20:41:45 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2012.01.11 17:34:44 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth® SRV:64bit: - [2012.01.09 05:19:34 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011.12.08 10:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) Intel® SRV:64bit: - [2011.12.08 10:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011.12.08 10:43:48 | 000,618,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel® SRV:64bit: - [2011.12.08 10:43:44 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel® SRV:64bit: - [2010.11.30 00:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel® SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.11.21 14:22:08 | 000,080,512 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2011.11.21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.06 18:14:45 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2011.09.06 18:14:43 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2011.03.13 19:59:18 | 000,138,400 | ---- | M] (Atheros) [Disabled | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.03.13 19:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2011.03.02 06:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.15 19:31:56 | 000,463,240 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Telenor Norway\Telenorhjelpen\Service.exe -- (TelenorhjelpenSvc) SRV - [2010.12.17 14:02:22 | 000,358,808 | ---- | M] (Telenor Norway) [Disabled | Stopped] -- C:\Program Files (x86)\Telenor Norway\ESUS_TNO\ESUS_TNO.exe -- (ESUSClient_TNO) SRV - [2010.10.06 06:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010.10.06 06:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010.03.18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2005.09.30 21:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.03.01 03:00:15 | 000,398,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB) DRV:64bit: - [2012.01.30 14:32:16 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.01.10 10:44:58 | 000,219,648 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3) DRV:64bit: - [2012.01.10 10:44:58 | 000,065,024 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3) DRV:64bit: - [2012.01.09 05:13:12 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.01.09 05:13:12 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.10.14 18:21:08 | 000,069,488 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fspad_win764.sys -- (fspad_win764) DRV:64bit: - [2011.10.07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.04.21 20:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.13 19:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.03.13 19:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.03.13 19:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.03.13 19:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.03.13 19:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.03.13 19:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.03.13 19:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.30 00:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2010.09.23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.08.03 12:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV:64bit: - [2010.03.19 12:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2012.01.30 14:32:16 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger) DRV - [2011.09.07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: [email protected]:0.9 FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..extensions.enabledItems: [email protected]:1.1 FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0 FF - prefs.js..extensions.enabledItems: [email protected]:1.5 FF - prefs.js..extensions.enabledItems: [email protected]:0.1 FF - prefs.js..extensions.enabledItems: [email protected]:0.1.2008d FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Arthon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Arthon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{8D03DB51-DA47-46a9-8F14-53ABE84263F5}: C:\Program Files (x86)\Telenor Norway\Telenorhjelpen\BHO\Firefox [2011.11.20 01:06:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.23 01:35:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.03 03:53:28 | 000,000,000 | ---D | M] [2012.01.09 04:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arthon\AppData\Roaming\Mozilla\Extensions [2012.01.09 04:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arthon\AppData\Roaming\Mozilla\Extensions\[email protected] [2012.05.03 03:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.05.03 03:53:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2011.11.22 01:49:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} [2012.05.13 18:24:08 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected] [2012.05.13 18:24:08 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected] [2011.12.26 04:51:07 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected] [2012.05.13 18:24:08 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected] [2011.12.26 04:51:07 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected] [2011.12.26 04:51:07 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected] [2011.12.26 04:51:07 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected] [2011.11.05 08:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.05 05:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.05 05:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Arthon\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Arthon\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Arthon\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Arthon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Users\Arthon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Arthon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.0_0\ CHR - Extension: YouTube = C:\Users\Arthon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Arthon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: Google Search = C:\Users\Arthon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: YouTube Unblocker = C:\Users\Arthon\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl\0.1.3_0\ CHR - Extension: Gmail = C:\Users\Arthon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Telenorhjelpen) - {2EF1BAF9-1988-42a1-82BC-5CB6197AED28} - C:\Program Files (x86)\Telenor Norway\Telenorhjelpen\BHO\IEBHO.dll (Telenor) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [fspuip] C:\Program Files\FSP\FspUip.exe (Sentelic Corporation) O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" File not found O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows ® Win 7 DDK provider) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Arthon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Opera.lnk = C:\Program Files (x86)\Opera\opera.exe (Opera Software) O4 - Startup: C:\Users\Arthon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Time and Date 1.32.lnk = C:\Users\Arthon\AppData\Local\Time and Date 1.32\Time and Date 1.32.exe (Opera Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.67.15.198 193.213.112.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB51DEA5-63E6-4DB6-B6A7-65295039554C}: DhcpNameServer = 130.67.15.198 193.213.112.4 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.24 19:59:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Arthon\Desktop\OTL.exe [2012.05.24 18:44:35 | 000,000,000 | ---D | C] -- C:\Users\Arthon\AppData\Roaming\Malwarebytes [2012.05.24 18:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.24 18:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.24 18:44:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.24 18:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.23 23:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.23 23:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.23 23:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.05.22 22:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.05.15 14:12:10 | 000,000,000 | -H-D | C] -- C:\Users\Arthon\AppData\Roaming\258E1EA0 [2012.05.10 00:46:36 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.10 00:46:35 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.10 00:46:33 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.10 00:46:33 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.07 17:32:13 | 000,000,000 | ---D | C] -- C:\Users\Arthon\AppData\Local\fontconfig [2012.05.07 17:32:11 | 000,000,000 | ---D | C] -- C:\Users\Arthon\AppData\Local\gegl-0.2 [2012.05.03 19:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.05.03 19:58:38 | 006,074,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.05.03 19:58:38 | 003,089,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.05.03 19:58:38 | 002,561,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.05.03 19:58:38 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.05.03 19:58:38 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.05.03 19:57:15 | 025,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.05.03 19:57:15 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.05.03 19:57:15 | 009,717,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.05.03 19:57:15 | 007,713,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.05.03 19:57:15 | 001,466,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvir3dgenco6420140.dll [2012.05.03 19:57:15 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll [2012.05.03 19:57:15 | 000,398,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvstusb.sys [2012.05.03 19:57:15 | 000,188,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2012.05.03 19:57:15 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.05.03 19:57:15 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.05.03 19:57:15 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2012.05.03 19:57:14 | 017,642,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.05.03 19:57:14 | 015,009,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.05.03 19:57:14 | 008,008,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.05.03 19:57:14 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.05.03 19:57:14 | 002,872,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.05.03 19:57:14 | 002,672,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.05.03 19:57:14 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.05.03 19:57:14 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.05.03 19:57:14 | 001,737,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.05.03 19:57:14 | 001,466,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll [2012.05.03 19:57:13 | 025,222,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.05.03 19:57:13 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.05.03 19:57:13 | 002,660,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.05.03 19:57:13 | 002,301,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.05.03 03:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.05.03 03:53:28 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.05.03 03:53:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.05.03 03:53:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe ========== Files - Modified Within 30 Days ========== [2012.05.24 20:00:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2037389331-1515433980-3455159876-1000UA.job [2012.05.24 19:59:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Arthon\Desktop\OTL.exe [2012.05.24 19:56:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.24 19:15:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.24 19:15:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.24 19:12:17 | 000,746,126 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.24 19:12:17 | 000,638,396 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.24 19:12:17 | 000,111,722 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.24 19:08:11 | 000,000,376 | ---- | M] () -- C:\Users\Arthon\AppData\Roaming\sp_data.sys [2012.05.24 19:08:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.24 19:07:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.24 19:07:43 | 3880,640,510 | -HS- | M] () -- C:\hiberfil.sys [2012.05.24 18:44:29 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.05.24 05:14:44 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2037389331-1515433980-3455159876-1000Core.job [2012.05.24 05:02:32 | 000,002,370 | ---- | M] () -- C:\Users\Arthon\Desktop\Google Chrome.lnk [2012.05.13 21:30:04 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Intel_C_BTPR132400HB160DGN.job [2012.05.13 18:24:10 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\Celtx.lnk [2012.05.10 03:10:28 | 000,272,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.08 01:48:49 | 000,004,298 | ---- | M] () -- C:\Users\Arthon\AppData\Local\recently-used.xbel [2012.05.03 20:05:06 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini [2012.05.03 20:02:00 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.03 03:53:21 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.05.03 03:53:21 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.05.01 03:00:35 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.05.01 03:00:32 | 000,760,276 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2012.05.24 18:44:29 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.05.08 01:48:49 | 000,004,298 | ---- | C] () -- C:\Users\Arthon\AppData\Local\recently-used.xbel [2012.05.03 19:57:14 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012.03.29 19:43:34 | 000,000,376 | ---- | C] () -- C:\Users\Arthon\AppData\Roaming\sp_data.sys [2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.12.19 03:17:13 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.11.22 17:18:46 | 000,007,619 | ---- | C] () -- C:\Users\Arthon\AppData\Local\Resmon.ResmonCfg [2011.11.16 02:02:04 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2011.11.15 20:50:53 | 000,760,276 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.15 18:43:17 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe [2011.09.06 18:14:46 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini [2011.09.06 18:14:46 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini [2011.09.06 18:14:46 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini [2011.09.06 18:14:45 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.09.06 18:14:45 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.09.06 18:09:07 | 000,154,240 | ---- | C] () -- C:\Windows\AsPatch10430001.exe [2011.09.06 18:04:28 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.04.01 00:58:03 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 368 bytes -> C:\Users\Arthon\Documents\boot:$WIMMOUNTDATA < End of report > Lenke til kommentar
Dr.Geek Skrevet 24. mai 2012 Del Skrevet 24. mai 2012 (endret) Ja, det er veldig bra. OTL FIX: Avslutt alle aktive programer og deaktiver alle Antivirus Guards. åpne OTL.exe som Administrator. (høyreklick) Kopier og lim in følgende text in i den hvite textboksen til OTL. :OTL O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 [2012.05.13 21:30:04 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Intel_C_BTPR132400HB160DGN.job [2012.05.24 19:08:11 | 000,000,376 | ---- | M] () -- C:\Users\Arthon\AppData\Roaming\sp_data.sys @Alternate Data Stream - 368 bytes -&--#62; C:\Users\Arthon\Documents\boot:$WIMMOUNTDATA :Files C:\Users\Arthon\AppData\Roaming\diyEq.exe :Commands [purity] [emptytemp] Klick deretter: FIX PC vil restarte og det kommer opp et log. Post det. 2. Scan med Combofix: http://www.bleepingc...to-use-combofix (Post log i Spoiler) Endret 24. mai 2012 av TheGenius Lenke til kommentar
arthon Skrevet 24. mai 2012 Forfatter Del Skrevet 24. mai 2012 (endret) Hei! Setter pris på at du er så rask med responsene. Beklager at jeg ikke er like rask til å følge opp, blir for lett distrahert av andre ting å glemmer tiden. All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. C:\Windows\Tasks\Intel_C_BTPR132400HB160DGN.job moved successfully. C:\Users\Arthon\AppData\Roaming\sp_data.sys moved successfully. Unable to delete ADS Alternate Data Stream - 368 bytes -&--#62; C:\Users\Arthon\Documents\boot:$WIMMOUNTDATA . File rity] not found. File ptytemp] not found. OTL by OldTimer - Version 3.2.43.1 log created on 05242012_233525 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Kikket litt mer på den loggen. Ble nysgjerrig på hva dette er; Unable to delete ADS Alternate Data Stream - 368 bytes -&--#62; C:\Users\Arthon\Documents\boot:$WIMMOUNTDATA . Endret 24. mai 2012 av arthon Lenke til kommentar
Dr.Geek Skrevet 25. mai 2012 Del Skrevet 25. mai 2012 OTL fix ble litt feil. Du glemte "commands". Gjør en full Temp files cleanup med CCleaner. Etterpå kjør Combofix som beskrevet og post log. Link i mitt siste posting. Her litt info om http://malware.wikia.com/wiki/Alternate_data_stream Det funker sånn at en prosess blir "hengt på" en annen file, og denne tilleggsprosessen er ikke synlig. Sånne "hidden prosesses/files" fjerner vi alltid i de AV-Hjelpe Forum. Lenke til kommentar
arthon Skrevet 25. mai 2012 Forfatter Del Skrevet 25. mai 2012 (endret) Jeg forstår ikke helt hva du mener med at jeg glemte "commands"? Sikter du til "commands" i teksten som skal copy/past inn i OT? Har ihvertfall gjort dette en gang til, men kan ikke se at Log filen ble noe anderledes. All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. File C:\Windows\tasks\Intel_C_BTPR132400HB160DGN.job not found. C:\Users\Arthon\AppData\Roaming\sp_data.sys moved successfully. Unable to delete ADS Alternate Data Stream - 368 bytes -&--#62; C:\Users\Arthon\Documents\boot:$WIMMOUNTDATA . File rity] not found. File ptytemp] not found. OTL by OldTimer - Version 3.2.43.1 log created on 05252012_133211 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Ser at jeg kanskje har oversett at jeg skulle bruke Combofix? Tester det nå og poster i ny post. Endret 25. mai 2012 av arthon Lenke til kommentar
arthon Skrevet 25. mai 2012 Forfatter Del Skrevet 25. mai 2012 Combofix log; ComboFix 12-05-25.02 - Arthon 25.05.2012 13:51:12.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.15857.13834 [GMT 2:00] Running from: c:\users\Arthon\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\programdata\Roaming c:\windows\AsPatch10430001.exe c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 ))))))))))))))))))))))))))))))) . . 2012-05-25 11:54 . 2012-05-25 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-25 11:33 . 2012-05-25 11:33 352 ----a-w- c:\users\Arthon\AppData\Roaming\sp_data.sys 2012-05-24 23:01 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E219FBDB-F58E-4F27-97DE-BB763A37B9EF}\mpengine.dll 2012-05-24 21:35 . 2012-05-24 21:35 -------- d-----w- C:\_OTL 2012-05-24 16:44 . 2012-05-24 16:44 -------- d-----w- c:\users\Arthon\AppData\Roaming\Malwarebytes 2012-05-24 16:44 . 2012-05-24 16:44 -------- d-----w- c:\programdata\Malwarebytes 2012-05-24 16:44 . 2012-05-24 16:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-24 16:44 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-23 21:47 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-23 21:34 . 2012-05-23 21:34 -------- d-----w- c:\program files\Microsoft Silverlight 2012-05-23 21:34 . 2012-05-23 21:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-05-22 20:07 . 2012-05-22 20:07 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-05-15 12:12 . 2012-05-16 11:09 -------- d--h--w- c:\users\Arthon\AppData\Roaming\258E1EA0 2012-05-09 22:46 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-09 22:46 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-09 22:46 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-09 22:46 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-09 22:46 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-09 22:46 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-09 22:46 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-09 22:45 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-09 22:45 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-09 22:45 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-09 22:45 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-09 22:45 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-09 22:45 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-07 15:32 . 2012-05-07 15:32 -------- d-----w- c:\users\Arthon\AppData\Local\fontconfig 2012-05-07 15:32 . 2012-05-07 15:32 -------- d-----w- c:\users\Arthon\AppData\Local\gegl-0.2 2012-05-03 17:58 . 2012-05-23 21:21 -------- d-----w- c:\users\UpdatusUser 2012-05-03 17:58 . 2012-02-29 21:00 3089728 ----a-w- c:\windows\system32\nvsvc64.dll 2012-05-03 17:58 . 2012-02-29 21:00 6074176 ----a-w- c:\windows\system32\nvcpl.dll 2012-05-03 17:58 . 2012-02-29 20:59 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-05-03 17:58 . 2012-02-29 20:59 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-05-03 17:58 . 2012-02-29 20:59 2561856 ----a-w- c:\windows\system32\nvsvcr.dll 2012-05-03 17:58 . 2012-02-29 20:59 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-05-03 01:53 . 2012-05-03 01:53 -------- d-----w- c:\program files (x86)\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-29 10:30 . 2011-11-15 16:43 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr 2012-03-20 18:44 . 2011-04-27 15:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-03-20 18:44 . 2011-04-18 13:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-03-05 11:03 . 2012-03-05 11:03 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin 2012-03-01 06:46 . 2012-04-12 01:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:38 . 2012-04-12 01:00 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:33 . 2012-04-12 01:00 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:28 . 2012-04-12 01:00 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:37 . 2012-04-12 01:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:33 . 2012-04-12 01:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:29 . 2012-04-12 01:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-29 11:26 . 2012-02-29 11:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2012-02-28 06:56 . 2012-04-12 01:02 2311168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 06:49 . 2012-04-12 01:02 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 06:48 . 2012-04-12 01:02 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 06:42 . 2012-04-12 01:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 01:18 . 2012-04-12 01:02 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-02-28 01:11 . 2012-04-12 01:02 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11 . 2012-04-12 01:02 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 01:03 . 2012-04-12 01:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2EF1BAF9-1988-42a1-82BC-5CB6197AED28}] 2010-12-17 09:54 97688 ----a-w- c:\program files (x86)\Telenor Norway\Telenorhjelpen\BHO\IEBHO.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\users\Arthon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\users\Arthon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\users\Arthon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\users\Arthon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-09-06 3058304] "FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2012-01-15 48128] "ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-06 102568] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Arthon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Opera.lnk - c:\program files (x86)\Opera\opera.exe [2011-11-15 949104] Time and Date 1.32.lnk - c:\users\Arthon\AppData\Local\Time and Date 1.32\Time and Date 1.32.exe [2011-11-15 947056] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-09-06 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-09-06 79360] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-08 273168] R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Arthon\AppData\Roaming\NVIDIA\HWAccess.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400] R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R4 ESUSClient_TNO;Telenor Norway Software Update Service;c:\program files (x86)\Telenor Norway\ESUS_TNO\ESUS_TNO.exe [2010-12-17 358808] R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 135664] R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 135664] R4 TelenorhjelpenSvc;Telenorhjelpen Service;c:\program files (x86)\Telenor Norway\Telenorhjelpen\Service.exe [2011-02-15 463240] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-11 135952] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-08 594704] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-01-30 17152] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x] S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Contents of the 'Scheduled Tasks' folder . 2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 22:45] . 2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 22:45] . 2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2037389331-1515433980-3455159876-1000Core.job - c:\users\Arthon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 21:44] . 2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2037389331-1515433980-3455159876-1000UA.job - c:\users\Arthon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 21:44] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 97792 ----a-w- c:\users\Arthon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 97792 ----a-w- c:\users\Arthon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 97792 ----a-w- c:\users\Arthon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 97792 ----a-w- c:\users\Arthon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-07 11788392] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 130.67.15.198 193.213.112.4 FF - ProfilePath - c:\users\Arthon\AppData\Roaming\Mozilla\Firefox\Profiles\dsjr5kgz.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-Trend Micro Client Framework - c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe HKLM-Run-fspuip - c:\program files (x86)\FSP\fspuip.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-05-25 13:57:12 ComboFix-quarantined-files.txt 2012-05-25 11:57 . Pre-Run: 67 423 981 568 bytes free Post-Run: 67 014 983 680 bytes free . - - End Of File - - 86EB91C892CAEA2DE62A0B8DFAE829A9 Lenke til kommentar
Dr.Geek Skrevet 25. mai 2012 Del Skrevet 25. mai 2012 (endret) Dette ser greit ut, ser ikke noe Malware i loggen. La oss sjekke at filen YHefo er borte: Last ned SystemLook: http://jpshortstuff....SystemLook.html (Øverst under Links) Åpne Systemlog som Administrator og kopier inn følgende text: :reg [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]yHefo :filefind diyEq.exe Klick på "LOOK". Det åpnes et notepad txt når den er ferdig. Post det. Endret 25. mai 2012 av TheGenius Lenke til kommentar
arthon Skrevet 25. mai 2012 Forfatter Del Skrevet 25. mai 2012 (endret) Takk! System Look log: SystemLook 30.07.11 by jpshortstuff Log created at 16:09 on 25/05/2012 by Arthon Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]yHefo] (Unable to open key - key not found) [:filefind] Hive unrecognized. [diyEq.exe] Hive unrecognized. -= EOF =- Anti virus software aktivt. Burde de vært deaktivert? Endret 25. mai 2012 av arthon Lenke til kommentar
Dr.Geek Skrevet 25. mai 2012 Del Skrevet 25. mai 2012 Takk! System Look log: SystemLook 30.07.11 by jpshortstuff Log created at 16:09 on 25/05/2012 by Arthon Administrator - Elevation successful ========== reg ========== [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]yHefo] (Unable to open key - key not found) [:filefind] Hive unrecognized. [diyEq.exe] Hive unrecognized. -= EOF =- Anti virus software aktivt. Burde de vært deaktivert? Gjør systemlook engang til med dette scriptet: :filefind diyEq.exe Nei, Antivirus trenger ikke å være av. Lenke til kommentar
arthon Skrevet 25. mai 2012 Forfatter Del Skrevet 25. mai 2012 SystemLook log; SystemLook 30.07.11 by jpshortstuff Log created at 16:24 on 25/05/2012 by Arthon Administrator - Elevation successful ========== filefind ========== Searching for " diyEq.exe" No files found. -= EOF =- Lenke til kommentar
Dr.Geek Skrevet 25. mai 2012 Del Skrevet 25. mai 2012 Ok. Bra. Hvordan funker PCen? Lenke til kommentar
arthon Skrevet 25. mai 2012 Forfatter Del Skrevet 25. mai 2012 (endret) Pc'n funker bra, men det har den forsåvidt gjort hele tiden. Unntagen den nVidia driver updaten som hadde litt problemer med Windows (som resulterte i at jeg fant yHefo) men det er et vanlig problem jeg har hatt ved GPU driver update. Utenom det så ble det litt problem etter første OT fix, men det var mest at alle oppsettene mine ble deleted. Jeg er fremdeles litt nysgjerrig på: Unable to delete ADS Alternate Data Stream - 368 bytes -&--#62; C:\Users\Arthon\Documents\boot:$WIMMOUNTDATA er for noe? Er det bare en standard pålogging til Internett eller er det noe skjult som ligger å kommuniserer ut? Setter veldig pris på hjelpen du har gitt. Kan tenke meg hvor mange PC'r som har denne slags virus liggende på maskinen selv om folk har kjørt diverse viruscan med forskjellig software. Hadde det lyst noen "varselamper" hvis vi ikke hadde visst at vi skulle lete etter diyEq.exe ? Endret 25. mai 2012 av arthon Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå