Jump to content

L00N3R

Malware Hunters
  • Posts

    921
  • Joined

Posts posted by L00N3R

  1. Malwarebytes
    www.malwarebytes.com
    
    -Log Details-
    Protection Event Date: 04/08/2020
    Protection Event Time: 22:21
    Log File: 1dc9255a-d690-11ea-a546-74d4351f2542.json
    
    -Software Information-
    Version: 4.1.2.73
    Components Version: 1.0.990
    Update Package Version: 1.0.27937
    Licence: Trial
    
    -System Information-
    OS: Windows 10 (Build 19041.388)
    CPU: x64
    File System: NTFS
    User: System
    
    -Blocked Website Details-
    Malicious Website: 1
    , C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0
    
    -Website Data-
    Category: Phishing
    Domain: utzcertified.org
    IP Address: 95.170.87.53
    Port: 443
    Type: Outbound
    File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    
    
    
    (end)

    Hi! 

    Guessing that this is a false positive?  https://www.virustotal.com/gui/url/cf94a6eb1c7c2072d95432ae2c1c03779e367e5cf0208a7217f909beda087f4a/detection

    Cheers!

     

     

  2. Yes, finally a user interface that looks modern, professional and clean! :D

    I feel it really shows how you are listening to your community.

     

    I like the flat Windows 8 look - I don't like Win 8 itself but its design is whats modern now.

     

    I don't get all the fuzz about the smiley face. It doesn't look too silly to me, Avast previously used a smiley in their UI I remember. Also, it kind of fits with the Malwarebytes home page, with mascots including a smiling figure and a terminator robot. 

     

    To me, Malwarebytes finally has that "professional" feel again :)

  3. Eset log (Very short though, but it was the right location):

    ESETSmartInstaller@High as CAB hook log:

    OnlineScanner64.ocx - registred OK

    OnlineScanner.ocx - registred OK

    Security check:

    Results of screen317's Security Check version 0.99.7

    Windows 7 (UAC is enabled)

    Internet Explorer 8

    ``````````````````````````````

    Antivirus/Firewall Check:

    ESET Online Scanner v3

    WMI entry may not exist for antivirus; attempting automatic update.

    ```````````````````````````````

    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware

    Java 6 Update 29

    Out of date Java installed!

    Adobe Reader X (10.1.1) - Norsk

    ````````````````````````````````

    Process Check:

    objlist.exe by Laurent

    Windows Defender MSMpEng.exe

    Microsoft Security Essentials msseces.exe

    Microsoft Security Client Antimalware MsMpEng.exe

    Microsoft Security Client Antimalware NisSrv.exe

    ``````````End of Log````````````

  4. ComboFix 11-10-17.02 - USERNAME 18.10.2011 9:01.2.2 - x64

    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.969 [GMT 2:00]

    Kjører fra: d:\USERNAME\Desktop\ComboFix.exe

    AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-09-18 til 2011-10-18 )))))))))))))))))))))))))))))))))

    .

    .

    2011-10-18 07:06 . 2011-10-18 07:06 -------- d-----w- c:\users\Default\AppData\Local\temp

    2011-10-18 06:56 . 2011-10-18 06:56 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\offreg.dll

    2011-10-18 06:56 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\mpengine.dll

    2011-10-14 12:03 . 2011-10-14 12:03 -------- d-----w- c:\users\USERNAME\AppData\Roaming\LolClient

    2011-10-13 13:19 . 2011-10-13 13:18 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8037D578-0C93-4413-83F2-22330A210D39}\gapaengine.dll

    2011-10-13 13:02 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys

    2011-10-13 13:01 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll

    2011-10-13 13:01 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax

    2011-10-13 13:01 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll

    2011-10-13 13:01 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax

    2011-10-13 13:00 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll

    2011-10-13 13:00 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll

    2011-10-13 13:00 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll

    2011-10-13 13:00 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

    2011-10-13 08:45 . 2011-10-13 08:45 -------- d-----w- c:\program files (x86)\iFinger

    2011-10-11 20:23 . 2008-07-31 08:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll

    2011-10-11 20:23 . 2008-07-31 08:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll

    2011-10-11 20:23 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

    2011-10-11 20:23 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

    2011-10-11 20:23 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

    2011-10-11 20:19 . 2011-10-11 20:19 -------- d-----w- C:\Riot Games

    2011-10-11 08:07 . 2011-10-18 07:06 -------- d-----w- c:\users\USERNAME\AppData\Local\PMB Files

    2011-10-11 08:07 . 2011-10-14 11:55 -------- d-----w- c:\programdata\PMB Files

    2011-10-11 08:07 . 2011-10-11 08:07 -------- d-----w- c:\program files (x86)\Pando Networks

    2011-10-08 18:51 . 2011-10-08 18:51 -------- d-----w- c:\program files (x86)\SystemRequirementsLab

    2011-10-08 18:51 . 2011-10-08 18:51 -------- d-----w- c:\users\USERNAME\SystemRequirementsLab

    2011-10-08 15:45 . 2011-10-08 15:45 -------- d-----w- c:\program files\CCleaner

    2011-10-07 17:16 . 2011-10-07 17:16 -------- d-----w- c:\users\USERNAME\AppData\Roaming\GameRanger

    2011-10-07 16:44 . 2011-10-07 16:44 -------- d-----w- c:\program files (x86)\Elaborate Bytes

    2011-10-01 19:49 . 2011-10-17 15:39 -------- d-----w- c:\users\USERNAME\AppData\Local\Spotify

    2011-10-01 19:49 . 2011-10-17 15:43 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Spotify

    2011-09-30 08:43 . 2011-09-30 08:43 -------- d-----w- c:\users\USERNAME\AppData\Local\Apple Computer

    2011-09-30 08:43 . 2011-09-30 08:43 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Apple Computer

    2011-09-30 08:42 . 2011-09-30 08:42 -------- d-----w- c:\program files (x86)\Safari

    2011-09-30 08:42 . 2011-09-30 08:42 -------- d-----w- c:\programdata\Apple Computer

    2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\program files (x86)\Common Files\Apple

    2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\users\USERNAME\AppData\Local\Apple

    2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\program files (x86)\Apple Software Update

    2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\programdata\Apple

    2011-09-28 09:50 . 2011-09-28 10:21 -------- d-----w- c:\users\USERNAME\AppData\Roaming\.purple

    2011-09-28 09:50 . 2011-09-28 09:50 -------- d-----w- c:\program files (x86)\Pidgin

    2011-09-28 09:47 . 2011-09-28 09:48 -------- d-----w- c:\program files (x86)\Windows Live

    2011-09-28 09:45 . 2011-09-28 09:45 -------- d-----w- c:\users\USERNAME\AppData\Local\Windows Live

    2011-09-28 09:45 . 2011-09-28 09:45 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

    2011-09-28 07:05 . 2011-09-30 16:13 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

    2011-09-25 14:27 . 2011-09-25 14:27 -------- d-----w- c:\programdata\Hewlett-Packard

    2011-09-25 14:27 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll

    2011-09-25 10:55 . 2011-09-25 10:55 -------- d-----w- c:\program files (x86)\NoVirusThanks

    2011-09-21 10:59 . 2011-10-07 12:20 -------- d-----w- c:\program files (x86)\Google

    2011-09-21 10:14 . 2011-09-21 10:15 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Mount&Blade Warband

    2011-09-21 10:08 . 2011-09-21 10:08 -------- d-----w- c:\program files (x86)\VirusTotalUploader2

    2011-09-21 09:58 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll

    2011-09-21 09:58 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

    2011-09-21 09:56 . 2011-09-21 10:01 -------- d-----w- c:\program files (x86)\Mount&Blade Warband

    2011-09-19 06:59 . 2010-02-25 15:51 29696 ----a-w- c:\windows\system32\drivers\tap0901.sys

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-10-13 08:12 . 2011-06-24 09:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2011-09-28 09:46 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

    2011-09-17 10:21 . 2011-09-03 20:42 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

    2011-09-14 13:58 . 2011-08-23 10:46 274616 ----a-w- c:\windows\system32\drivers\keyscrambler.sys

    2011-09-13 00:26 . 2011-06-28 13:12 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2011-09-03 20:42 . 2011-09-03 20:42 53248 ----a-r- c:\users\USERNAME\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

    2011-08-25 10:17 . 2011-08-25 10:17 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

    2011-08-25 10:17 . 2011-08-25 10:17 161792 ----a-w- c:\windows\SysWow64\msls31.dll

    2011-08-25 10:17 . 2011-08-25 10:17 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

    2011-08-25 10:17 . 2011-08-25 10:17 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

    2011-08-25 10:17 . 2011-08-25 10:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

    2011-08-25 10:17 . 2011-08-25 10:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

    2011-08-25 10:17 . 2011-08-25 10:17 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

    2011-08-25 10:17 . 2011-08-25 10:17 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

    2011-08-25 10:17 . 2011-08-25 10:17 367104 ----a-w- c:\windows\SysWow64\html.iec

    2011-08-25 10:17 . 2011-08-25 10:17 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

    2011-08-25 10:17 . 2011-08-25 10:17 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

    2011-08-25 10:17 . 2011-08-25 10:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

    2011-08-25 10:17 . 2011-08-25 10:17 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

    2011-08-25 10:17 . 2011-08-25 10:17 152064 ----a-w- c:\windows\SysWow64\wextract.exe

    2011-08-25 10:17 . 2011-08-25 10:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

    2011-08-25 10:17 . 2011-08-25 10:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

    2011-08-25 10:17 . 2011-08-25 10:17 11776 ----a-w- c:\windows\SysWow64\mshta.exe

    2011-08-25 10:17 . 2011-08-25 10:17 101888 ----a-w- c:\windows\SysWow64\admparse.dll

    2011-08-25 10:17 . 2011-08-25 10:17 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

    2011-08-25 10:17 . 2011-08-25 10:17 222208 ----a-w- c:\windows\system32\msls31.dll

    2011-08-25 10:17 . 2011-08-25 10:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe

    2011-08-25 10:17 . 2011-08-25 10:17 12288 ----a-w- c:\windows\system32\mshta.exe

    2011-08-25 10:17 . 2011-08-25 10:17 114176 ----a-w- c:\windows\system32\admparse.dll

    2011-08-25 10:17 . 2011-08-25 10:17 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

    2011-08-25 10:17 . 2011-08-25 10:17 49664 ----a-w- c:\windows\system32\imgutil.dll

    2011-08-25 10:17 . 2011-08-25 10:17 48640 ----a-w- c:\windows\system32\mshtmler.dll

    2011-08-25 10:17 . 2011-08-25 10:17 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

    2011-08-25 10:17 . 2011-08-25 10:17 111616 ----a-w- c:\windows\system32\iesysprep.dll

    2011-08-25 10:17 . 2011-08-25 10:17 85504 ----a-w- c:\windows\system32\iesetup.dll

    2011-08-25 10:17 . 2011-08-25 10:17 76800 ----a-w- c:\windows\system32\tdc.ocx

    2011-08-25 10:17 . 2011-08-25 10:17 448512 ----a-w- c:\windows\system32\html.iec

    2011-08-25 10:17 . 2011-08-25 10:17 30720 ----a-w- c:\windows\system32\licmgr10.dll

    2011-08-25 10:17 . 2011-08-25 10:17 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

    2011-08-25 10:17 . 2011-08-25 10:17 603648 ----a-w- c:\windows\system32\vbscript.dll

    2011-08-25 10:17 . 2011-08-25 10:17 165888 ----a-w- c:\windows\system32\iexpress.exe

    2011-08-25 10:17 . 2011-08-25 10:17 160256 ----a-w- c:\windows\system32\wextract.exe

    2011-08-15 12:32 . 2011-09-14 10:04 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

    2011-08-15 12:32 . 2011-09-14 10:04 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

    2011-08-15 12:32 . 2011-08-15 12:32 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

    2011-08-15 12:32 . 2011-08-15 12:32 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

    2011-08-15 12:32 . 2011-08-15 12:32 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

    2011-07-26 17:49 . 2011-07-26 17:49 37888 ----a-w- c:\windows\system32\drivers\taphss.sys

    .

    .

    ((((((((((((((((((((((((((((( SnapShot@2011-10-09_12.49.24 )))))))))))))))))))))))))))))))))))))))))

    .

    - 2011-08-25 10:17 . 2011-08-25 10:17 72704 c:\windows\SysWOW64\mshtmled.dll

    + 2011-10-14 13:01 . 2011-09-01 02:23 72704 c:\windows\SysWOW64\mshtmled.dll

    - 2011-08-25 10:17 . 2011-08-25 10:17 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

    + 2011-10-14 13:01 . 2011-09-01 02:26 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll

    + 2011-10-14 13:01 . 2011-09-01 02:26 65024 c:\windows\SysWOW64\jsproxy.dll

    - 2011-08-25 10:17 . 2011-08-25 10:17 65024 c:\windows\SysWOW64\jsproxy.dll

    + 2011-06-23 17:10 . 2011-10-15 13:08 30546 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

    + 2009-07-14 05:10 . 2011-10-18 06:44 37000 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

    - 2009-07-14 09:17 . 2011-10-09 08:29 75124 c:\windows\system32\perfc014.dat

    + 2009-07-14 09:17 . 2011-10-18 06:46 75124 c:\windows\system32\perfc014.dat

    + 2011-10-14 13:01 . 2011-09-01 05:12 96256 c:\windows\system32\mshtmled.dll

    - 2011-08-25 10:17 . 2011-08-25 10:17 96256 c:\windows\system32\mshtmled.dll

    + 2011-10-14 13:01 . 2011-09-01 05:15 86528 c:\windows\system32\migration\WininetPlugin.dll

    - 2011-08-25 10:17 . 2011-08-25 10:17 86528 c:\windows\system32\migration\WininetPlugin.dll

    - 2011-08-25 10:17 . 2011-08-25 10:17 85504 c:\windows\system32\jsproxy.dll

    + 2011-10-14 13:01 . 2011-09-01 05:15 85504 c:\windows\system32\jsproxy.dll

    - 2011-07-21 14:01 . 2011-10-08 15:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2011-07-21 14:01 . 2011-10-16 13:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2011-07-21 14:01 . 2011-10-16 13:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2011-07-21 14:01 . 2011-10-08 15:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    - 2009-07-14 04:54 . 2011-10-08 15:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-07-14 04:54 . 2011-10-16 13:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2009-07-14 04:46 . 2011-10-18 06:49 88816 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

    + 2011-07-21 10:43 . 2011-07-21 10:43 27648 c:\windows\Installer\1367eb9.msp

    - 2011-06-23 16:57 . 2011-09-26 18:21 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe

    + 2011-10-13 08:45 . 2011-10-13 08:45 19790 c:\windows\Installer\{87A7E808-D6BE-40E6-97FD-AAAC0F39A886}\iFinger.exe

    + 2011-08-23 10:44 . 2011-10-18 06:44 6684 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-573178753-3869741976-1425505419-177982_UserData.bin

    + 2011-10-18 06:41 . 2011-10-18 06:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    - 2011-10-09 08:24 . 2011-10-09 08:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    + 2011-10-18 06:41 . 2011-10-18 06:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    - 2011-10-09 08:24 . 2011-10-09 08:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    - 2011-08-25 10:17 . 2011-08-25 10:17 231936 c:\windows\SysWOW64\url.dll

    + 2011-10-14 13:01 . 2011-09-01 02:27 231936 c:\windows\SysWOW64\url.dll

    + 2011-10-13 08:12 . 2011-10-13 08:12 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe

    + 2011-10-13 08:12 . 2011-10-13 08:12 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe

    + 2011-10-13 08:12 . 2011-10-13 08:12 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.dll

    - 2011-08-25 10:17 . 2011-08-25 10:17 716800 c:\windows\SysWOW64\jscript.dll

    + 2011-10-14 13:01 . 2011-09-01 02:24 716800 c:\windows\SysWOW64\jscript.dll

    - 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL

    + 2011-10-10 13:02 . 2011-07-27 04:27 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL

    - 2011-08-25 10:17 . 2011-08-25 10:17 176640 c:\windows\SysWOW64\ieui.dll

    + 2011-10-14 13:01 . 2011-09-01 02:21 176640 c:\windows\SysWOW64\ieui.dll

    + 2011-06-27 07:55 . 2011-10-12 17:34 315668 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

    + 2011-06-23 23:28 . 2011-10-17 15:28 254866 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

    - 2011-08-25 10:17 . 2011-08-25 10:17 237056 c:\windows\system32\url.dll

    + 2011-10-14 13:01 . 2011-09-01 05:16 237056 c:\windows\system32\url.dll

    + 2009-07-14 09:17 . 2011-10-18 06:46 450310 c:\windows\system32\perfh014.dat

    - 2009-07-14 09:17 . 2011-10-09 08:29 450310 c:\windows\system32\perfh014.dat

    + 2009-07-14 02:36 . 2011-10-18 06:46 609290 c:\windows\system32\perfh009.dat

    - 2009-07-14 02:36 . 2011-10-09 08:29 609290 c:\windows\system32\perfh009.dat

    + 2009-07-14 02:36 . 2011-10-18 06:46 104568 c:\windows\system32\perfc009.dat

    - 2009-07-14 02:36 . 2011-10-09 08:29 104568 c:\windows\system32\perfc009.dat

    - 2011-08-25 10:17 . 2011-08-25 10:17 818176 c:\windows\system32\jscript.dll

    + 2011-10-14 13:01 . 2011-09-01 05:14 818176 c:\windows\system32\jscript.dll

    + 2011-10-10 13:02 . 2011-07-27 05:33 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL

    - 2009-07-13 23:40 . 2009-07-14 01:41 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL

    - 2011-08-25 10:17 . 2011-08-25 10:17 248320 c:\windows\system32\ieui.dll

    + 2011-10-14 13:01 . 2011-09-01 05:08 248320 c:\windows\system32\ieui.dll

    + 2009-07-14 04:45 . 2011-10-13 14:47 376024 c:\windows\system32\FNTCACHE.DAT

    + 2009-07-14 05:01 . 2011-10-17 17:13 385756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

    - 2009-07-14 05:01 . 2011-10-08 22:44 385756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

    + 2011-08-21 21:19 . 2011-08-21 21:19 133120 c:\windows\Installer\96e82c.msp

    + 2011-06-19 21:33 . 2011-06-19 21:33 407552 c:\windows\Installer\1367eb1.msp

    + 2011-10-14 12:08 . 2011-10-14 12:08 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe

    - 2011-10-07 12:01 . 2011-10-07 12:01 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe

    + 2011-10-13 13:01 . 2011-08-17 05:28 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll

    - 2011-06-27 09:34 . 2010-11-20 13:44 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll

    + 2011-10-13 14:47 . 2011-10-13 14:47 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3563d3f83c115eae9c5387cc7b0d1b7d\Microsoft.MediaCenter.Interop.ni.dll

    + 2011-10-13 13:01 . 2011-08-17 05:28 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll

    - 2011-06-27 09:34 . 2010-11-20 13:44 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll

    + 2011-10-14 13:01 . 2011-09-01 02:28 1126912 c:\windows\SysWOW64\wininet.dll

    - 2011-08-25 10:17 . 2011-08-25 10:17 1126912 c:\windows\SysWOW64\wininet.dll

    + 2011-10-14 13:01 . 2011-09-01 02:28 1102848 c:\windows\SysWOW64\urlmon.dll

    - 2011-08-25 10:17 . 2011-08-25 10:17 1102848 c:\windows\SysWOW64\urlmon.dll

    + 2011-06-24 09:33 . 2011-10-13 08:12 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

    + 2011-10-14 13:01 . 2011-09-01 02:35 1798144 c:\windows\SysWOW64\jscript9.dll

    + 2011-10-14 13:01 . 2011-09-01 02:23 1791488 c:\windows\SysWOW64\iertutil.dll

    - 2011-08-25 10:17 . 2011-08-25 10:17 1791488 c:\windows\SysWOW64\iertutil.dll

    + 2011-10-14 13:01 . 2011-09-01 02:33 9704960 c:\windows\SysWOW64\ieframe.dll

    - 2011-08-25 10:17 . 2011-08-25 10:17 1389056 c:\windows\system32\wininet.dll

    + 2011-10-14 13:01 . 2011-09-01 05:17 1389056 c:\windows\system32\wininet.dll

    - 2011-08-25 10:17 . 2011-08-25 10:17 1344512 c:\windows\system32\urlmon.dll

    + 2011-10-14 13:01 . 2011-09-01 05:18 1344512 c:\windows\system32\urlmon.dll

    + 2011-10-14 13:01 . 2011-09-01 05:24 2309120 c:\windows\system32\jscript9.dll

    + 2011-10-14 13:01 . 2011-09-01 05:12 2143744 c:\windows\system32\iertutil.dll

    + 2009-07-14 04:45 . 2011-10-15 12:56 6834469 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

    - 2009-07-14 04:45 . 2011-10-07 15:35 6834469 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

    + 2011-08-25 13:59 . 2011-10-17 09:16 5958756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-573178753-3869741976-1425505419-177982-4096.dat

    + 2011-07-21 10:34 . 2011-07-21 10:34 3456000 c:\windows\Installer\96e860.msp

    + 2011-07-21 10:45 . 2011-07-21 10:45 3809792 c:\windows\Installer\96e846.msp

    + 2011-08-21 21:18 . 2011-08-21 21:18 1585152 c:\windows\Installer\96e825.msp

    + 2011-07-21 10:51 . 2011-07-21 10:51 9623040 c:\windows\Installer\1367e7b.msp

    + 2011-07-21 10:41 . 2011-07-21 10:41 8413696 c:\windows\Installer\1367e61.msp

    + 2011-06-23 16:57 . 2011-10-13 13:02 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.9D6CC272.FB07.4CCF.BA62.C793BD18F37A.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.9D6CC272.FB07.4CCF.BA62.C793BD18F37A.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.58599A6F.C47E.4F6A.9B74.130813500B46.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.58599A6F.C47E.4F6A.9B74.130813500B46.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.0ABA67DE.B9F7.4720.83BA.38B0FED98479.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.0ABA67DE.B9F7.4720.83BA.38B0FED98479.exe

    - 2011-06-23 16:57 . 2011-09-26 18:21 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe

    + 2011-06-23 16:57 . 2011-10-13 13:02 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe

    + 2011-10-15 14:30 . 2011-10-15 14:30 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\006437adec3104e688788eea08c535fd\Microsoft.MediaCenter.Shell.ni.dll

    + 2011-10-14 13:01 . 2011-09-01 02:36 12275200 c:\windows\SysWOW64\mshtml.dll

    + 2009-07-14 02:34 . 2011-10-15 12:53 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

    - 2009-07-14 02:34 . 2011-08-30 14:38 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

    + 2011-10-14 13:01 . 2011-09-01 05:34 17781760 c:\windows\system32\mshtml.dll

    + 2011-06-24 09:13 . 2011-10-10 13:02 49062856 c:\windows\system32\MRT.exe

    - 2011-08-25 10:17 . 2011-08-25 10:17 10886144 c:\windows\system32\ieframe.dll

    + 2011-10-14 13:00 . 2011-09-01 05:24 10886144 c:\windows\system32\ieframe.dll

    + 2011-08-23 10:22 . 2011-10-17 09:16 33435484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-573178753-3869741976-1425505419-177982-8192.dat

    + 2011-10-14 12:07 . 2011-10-14 12:07 18452480 c:\windows\Installer\494f48b.msi

    + 2011-07-21 10:36 . 2011-07-21 10:36 66808320 c:\windows\Installer\1367e97.msp

    + 2010-03-12 22:05 . 2010-03-12 22:05 11121528 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OARTCONV.DLL

    + 2010-03-13 13:08 . 2010-03-13 13:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OART.DLL

    + 2011-10-15 14:31 . 2011-10-15 14:31 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\5e125ecb8c921809c2d3ba09e5c77c9e\ehshell.ni.dll

    + 2011-10-13 08:44 . 2011-10-13 08:44 123099648 c:\windows\Installer\463d45.msi

    .

    -- Snapshot resatt til dagens dato --

    .

    (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "F.lux"="c:\users\USERNAME\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-08 1242448]

    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-11 3077528]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

    "QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-13 318520]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    "DefaultLogonDomain"= Akershus-FK

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux1"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-573178753-3869741976-1425505419-177982\Scripts\Logon\0\0]

    "Script"=\\akershus-fk.no\NETLOGON\Undervisning\LOGON00-Rettigheter bærbare til elever IV.bat

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176]

    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

    R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176]

    R3 IntcDAud;Intel® Skjermlyd;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]

    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

    R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [x]

    R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]

    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]

    R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]

    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

    S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-05-13 317496]

    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

    S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]

    S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

    .

    .

    Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

    .

    2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 10:59]

    .

    2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 10:59]

    .

    2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573178753-3869741976-1425505419-177982Core.job

    - c:\users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 10:25]

    .

    2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573178753-3869741976-1425505419-177982UA.job

    - c:\users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 10:25]

    .

    .

    --------- x86-64 -----------

    .

    .

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

    c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [bU]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]

    .

    ------- Tilleggsskanning -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://portalen.akershus-fk.no

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = <local>

    IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

    IE: Se&nd til OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

    TCP: DhcpNameServer = 148.83.249.50 148.83.249.51

    DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB

    FF - ProfilePath - c:\users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\

    FF - prefs.js: browser.startup.homepage - hxxps://www.itslearning.com/index.aspx?CustomerId=124&Username=sigsve

    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=

    .

    - - - - TOMME PEKERE FJERNET - - - -

    .

    Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe

    .

    .

    .

    --------------------- LÅSTE REGISTERNØKLER ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

    @Denied: (A) (Everyone)

    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

    @Denied: (A) (Everyone)

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

    "Key"="ActionsPane3"

    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Tidspunkt ferdig: 2011-10-18 09:09:00

    ComboFix-quarantined-files.txt 2011-10-18 07:09

    ComboFix2.txt 2011-10-09 12:51

    .

    Pre-Run: 9 049 726 976 byte ledig

    Post-Run: 8 876 912 640 byte ledig

    .

    - - End Of File - - 2F7359DD68A1CA280B3AA89F0A4FC05A

    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

    Run by USERNAME at 9:09:58 on 2011-10-18

    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.794 [GMT 2:00]

    .

    AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\Hpservice.exe

    C:\Program Files\Sandboxie\SbieSvc.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

    C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\svchost.exe -k bthsvcs

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files (x86)\WizMouse\WizMouse.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Logitech\SetPointP\SetPoint.exe

    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    C:\Program Files (x86)\Steam\Steam.exe

    C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files (x86)\Common Files\Steam\SteamService.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\notepad.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\SysWOW64\cscript.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://portalen.akershus-fk.no

    uInternet Settings,ProxyOverride = <local>

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

    BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    uRun: [F.lux] "C:\Users\USERNAME\Local Settings\Apps\F.lux\flux.exe" /noshow

    uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    mPolicies-system: DefaultLogonDomain = Akershus-FK

    IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    IE: Se&nd til OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB

    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    TCP: DhcpNameServer = 148.83.249.50 148.83.249.51

    TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73} : DhcpNameServer = 148.83.249.50 148.83.249.51

    TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B402759664960274A6563747 : DhcpNameServer = 148.83.249.50 148.83.249.51

    TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\35C65647E65627E6564747 : DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\84A656D6D656 : DhcpNameServer = 192.168.0.1

    TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\D4E294E255E2C4 : DhcpNameServer = 192.168.0.1

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

    {2B9F5787-88A5-4945-90E7-C4B18563BC5E}

    {9030D464-4C02-4ABF-8ECC-5164760863C6}

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}

    {DBC80044-A445-435b-BC74-9C25C1C588A9}

    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\

    FF - prefs.js: browser.startup.homepage - hxxps://www.itslearning.com/index.aspx?CustomerId=124&Username=sigsve

    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

    R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

    R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-5-13 317496]

    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

    R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]

    R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

    R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-8-27 156288]

    S2 gupdate;Google-oppdatering-tjenesten (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]

    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

    S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]

    S3 IntcDAud;Intel® Skjermlyd;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

    S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]

    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]

    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

    S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;C:\Windows\system32\DRIVERS\Rtenic64.sys --> C:\Windows\system32\DRIVERS\Rtenic64.sys [?]

    S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

    S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]

    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

    S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

    S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

    .

    =============== Created Last 30 ================

    .

    2011-10-18 06:56:11 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\offreg.dll

    2011-10-18 06:56:09 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\mpengine.dll

    2011-10-14 12:03:53 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\LolClient

    2011-10-13 13:19:12 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8037D578-0C93-4413-83F2-22330A210D39}\gapaengine.dll

    2011-10-13 13:02:14 3138048 ----a-w- C:\Windows\System32\win32k.sys

    2011-10-13 13:01:22 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

    2011-10-13 13:01:22 613888 ----a-w- C:\Windows\System32\psisdecd.dll

    2011-10-13 13:01:22 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

    2011-10-13 13:01:22 108032 ----a-w- C:\Windows\System32\psisrndr.ax

    2011-10-13 13:00:30 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

    2011-10-13 13:00:29 861696 ----a-w- C:\Windows\System32\oleaut32.dll

    2011-10-13 13:00:29 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

    2011-10-13 13:00:29 331776 ----a-w- C:\Windows\System32\oleacc.dll

    2011-10-13 08:45:26 -------- d-----w- C:\Program Files (x86)\iFinger

    2011-10-11 20:23:51 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll

    2011-10-11 20:23:51 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll

    2011-10-11 20:23:51 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

    2011-10-11 20:23:51 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

    2011-10-11 20:23:50 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

    2011-10-11 20:19:20 -------- d-----w- C:\Riot Games

    2011-10-11 08:07:25 -------- d-----w- C:\Users\USERNAME\AppData\Local\PMB Files

    2011-10-11 08:07:23 -------- d-----w- C:\ProgramData\PMB Files

    2011-10-11 08:07:09 -------- d-----w- C:\Program Files (x86)\Pando Networks

    2011-10-09 12:42:38 98816 ----a-w- C:\Windows\sed.exe

    2011-10-09 12:42:38 518144 ----a-w- C:\Windows\SWREG.exe

    2011-10-09 12:42:38 256000 ----a-w- C:\Windows\PEV.exe

    2011-10-09 12:42:38 208896 ----a-w- C:\Windows\MBR.exe

    2011-10-08 18:51:56 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

    2011-10-08 18:51:48 -------- d-----w- C:\Users\USERNAME\SystemRequirementsLab

    2011-10-08 15:45:34 -------- d-----w- C:\Program Files\CCleaner

    2011-10-07 17:16:31 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\GameRanger

    2011-10-07 16:44:09 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

    2011-10-01 19:49:53 -------- d-----w- C:\Users\USERNAME\AppData\Local\Spotify

    2011-10-01 19:49:38 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Spotify

    2011-09-30 08:43:08 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple Computer

    2011-09-30 08:41:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple

    2011-09-28 09:50:59 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.purple

    2011-09-28 09:50:37 -------- d-----w- C:\Program Files (x86)\Pidgin

    2011-09-28 09:45:58 -------- d-----w- C:\Users\USERNAME\AppData\Local\Windows Live

    2011-09-28 09:45:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

    2011-09-28 07:05:25 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

    2011-09-25 14:27:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll

    2011-09-25 10:55:31 -------- d-----w- C:\Program Files (x86)\NoVirusThanks

    2011-09-21 10:14:42 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Mount&Blade Warband

    2011-09-21 10:08:40 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2

    2011-09-21 09:58:51 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll

    2011-09-21 09:58:46 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll

    2011-09-21 09:56:52 -------- d-----w- C:\Program Files (x86)\Mount&Blade Warband

    2011-09-19 06:59:13 29696 ----a-w- C:\Windows\System32\drivers\tap0901.sys

    .

    ==================== Find3M ====================

    .

    2011-10-13 08:12:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2011-09-17 10:21:24 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

    2011-09-14 13:58:46 274616 ----a-w- C:\Windows\System32\drivers\keyscrambler.sys

    2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll

    2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll

    2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

    2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2011-08-15 12:32:10 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

    2011-08-15 12:32:10 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys

    2011-08-15 12:32:10 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

    2011-08-15 12:32:10 128816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

    2011-08-15 12:32:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll

    2011-07-26 17:49:12 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys

    .

    ============= FINISH: 9:10:18,68 ===============

  5. Combofix

    ComboFix 11-10-09.01 - USERNAME 09.10.2011 14:44:08.1.2 - x64

    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.1178 [GMT 2:00]

    Kjører fra: d:\USERNAME\Desktop\ComboFix.exe

    AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Opprettet nytt gjenopprettingspunkt

    .

    .

    ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-09-09 til 2011-10-09 )))))))))))))))))))))))))))))))))

    .

    .

    2011-10-09 12:49 . 2011-10-09 12:49 -------- d-----w- c:\users\Default\AppData\Local\temp

    2011-10-09 08:24 . 2011-10-09 08:24 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03E8C3E5-B15D-4312-8657-1ABEA5AC69B4}\offreg.dll

    2011-10-08 18:51 . 2011-10-08 18:51 -------- d-----w- c:\program files (x86)\SystemRequirementsLab

    2011-10-08 18:51 . 2011-10-08 18:51 -------- d-----w- c:\users\USERNAME\SystemRequirementsLab

    2011-10-08 15:45 . 2011-10-08 15:45 -------- d-----w- c:\program files\CCleaner

    2011-10-08 15:38 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03E8C3E5-B15D-4312-8657-1ABEA5AC69B4}\mpengine.dll

    2011-10-07 17:16 . 2011-10-07 17:16 -------- d-----w- c:\users\USERNAME\AppData\Roaming\GameRanger

    2011-10-07 16:44 . 2011-10-07 16:44 -------- d-----w- c:\program files (x86)\Elaborate Bytes

    2011-10-01 19:49 . 2011-10-08 15:28 -------- d-----w- c:\users\USERNAME\AppData\Local\Spotify

    2011-10-01 19:49 . 2011-10-08 18:26 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Spotify

    2011-09-30 08:43 . 2011-09-30 08:43 -------- d-----w- c:\users\USERNAME\AppData\Local\Apple Computer

    2011-09-30 08:43 . 2011-09-30 08:43 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Apple Computer

    2011-09-30 08:42 . 2011-09-30 08:42 -------- d-----w- c:\program files (x86)\Safari

    2011-09-30 08:42 . 2011-09-30 08:42 -------- d-----w- c:\programdata\Apple Computer

    2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\program files (x86)\Common Files\Apple

    2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\users\USERNAME\AppData\Local\Apple

    2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\program files (x86)\Apple Software Update

    2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\programdata\Apple

    2011-09-28 09:50 . 2011-09-28 10:21 -------- d-----w- c:\users\USERNAME\AppData\Roaming\.purple

    2011-09-28 09:50 . 2011-09-28 09:50 -------- d-----w- c:\program files (x86)\Pidgin

    2011-09-28 09:47 . 2011-09-28 09:48 -------- d-----w- c:\program files (x86)\Windows Live

    2011-09-28 09:45 . 2011-09-28 09:45 -------- d-----w- c:\users\USERNAME\AppData\Local\Windows Live

    2011-09-28 09:45 . 2011-09-28 09:45 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

    2011-09-28 07:05 . 2011-09-30 16:13 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

    2011-09-25 14:27 . 2011-09-25 14:27 -------- d-----w- c:\programdata\Hewlett-Packard

    2011-09-25 14:27 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll

    2011-09-25 10:55 . 2011-09-25 10:55 -------- d-----w- c:\program files (x86)\NoVirusThanks

    2011-09-21 10:59 . 2011-10-07 12:20 -------- d-----w- c:\program files (x86)\Google

    2011-09-21 10:14 . 2011-09-21 10:15 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Mount&Blade Warband

    2011-09-21 10:08 . 2011-09-21 10:08 -------- d-----w- c:\program files (x86)\VirusTotalUploader2

    2011-09-21 09:58 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll

    2011-09-21 09:58 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll

    2011-09-21 09:56 . 2011-09-21 10:01 -------- d-----w- c:\program files (x86)\Mount&Blade Warband

    2011-09-19 06:59 . 2010-02-25 15:51 29696 ----a-w- c:\windows\system32\drivers\tap0901.sys

    2011-09-17 11:52 . 2011-09-17 15:16 -------- d-----w- c:\users\USERNAME\AppData\Roaming\vlc

    2011-09-16 07:35 . 2011-09-16 07:35 -------- d-----w- c:\program files (x86)\uTorrent

    2011-09-16 07:33 . 2011-10-09 09:19 -------- d-----w- c:\users\USERNAME\AppData\Roaming\uTorrent

    2011-09-16 07:33 . 2011-09-16 07:33 -------- d-----w- c:\users\USERNAME\AppData\Local\uTorrent

    2011-09-16 07:18 . 2011-09-19 06:45 -------- d-----w- c:\program files (x86)\proXPN

    2011-09-15 07:26 . 2011-09-15 07:30 -------- d-----w- c:\users\USERNAME\AppData\Local\VMware

    2011-09-15 07:26 . 2011-10-07 15:28 -------- d-----w- c:\users\USERNAME\AppData\Roaming\VMware

    2011-09-15 07:21 . 2011-10-07 15:31 -------- d-----w- c:\programdata\VMware

    2011-09-14 13:44 . 2011-09-17 11:52 -------- d-----w- c:\users\USERNAME\AppData\Roaming\.minecraft

    2011-09-14 10:13 . 2011-09-15 07:18 -------- d-----w- c:\users\USERNAME\VirtualBox VMs

    2011-09-14 10:04 . 2011-09-15 07:21 -------- d-----w- c:\users\USERNAME\.VirtualBox

    2011-09-14 10:04 . 2011-08-15 12:32 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

    2011-09-14 10:04 . 2011-09-14 10:04 -------- dc----w- c:\windows\system32\DRVSTORE

    2011-09-14 10:04 . 2011-08-15 12:32 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

    2011-09-14 10:03 . 2011-09-14 10:03 -------- d-----w- c:\program files\Oracle

    2011-09-13 11:20 . 2011-10-01 21:02 -------- d-----w- c:\program files (x86)\TunnelBear

    2011-09-12 14:43 . 2011-09-12 14:43 -------- d-----w- c:\programdata\Logitech

    2011-09-12 06:59 . 2011-09-12 06:59 -------- d-----w- c:\users\USERNAME\AppData\Local\Opera

    2011-09-12 06:59 . 2011-09-12 06:59 -------- d-----w- c:\program files (x86)\Opera

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-09-28 09:46 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

    2011-09-22 09:52 . 2011-06-24 09:33 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2011-09-17 10:21 . 2011-09-03 20:42 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

    2011-09-13 00:26 . 2011-06-28 13:12 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2011-09-03 20:42 . 2011-09-03 20:42 53248 ----a-r- c:\users\USERNAME\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

    2011-08-25 10:17 . 2011-08-25 10:17 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

    2011-08-25 10:17 . 2011-08-25 10:17 161792 ----a-w- c:\windows\SysWow64\msls31.dll

    2011-08-25 10:17 . 2011-08-25 10:17 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

    2011-08-25 10:17 . 2011-08-25 10:17 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

    2011-08-25 10:17 . 2011-08-25 10:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

    2011-08-25 10:17 . 2011-08-25 10:17 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

    2011-08-25 10:17 . 2011-08-25 10:17 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

    2011-08-25 10:17 . 2011-08-25 10:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

    2011-08-25 10:17 . 2011-08-25 10:17 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

    2011-08-25 10:17 . 2011-08-25 10:17 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

    2011-08-25 10:17 . 2011-08-25 10:17 367104 ----a-w- c:\windows\SysWow64\html.iec

    2011-08-25 10:17 . 2011-08-25 10:17 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

    2011-08-25 10:17 . 2011-08-25 10:17 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

    2011-08-25 10:17 . 2011-08-25 10:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

    2011-08-25 10:17 . 2011-08-25 10:17 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

    2011-08-25 10:17 . 2011-08-25 10:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

    2011-08-25 10:17 . 2011-08-25 10:17 152064 ----a-w- c:\windows\SysWow64\wextract.exe

    2011-08-25 10:17 . 2011-08-25 10:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

    2011-08-25 10:17 . 2011-08-25 10:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

    2011-08-25 10:17 . 2011-08-25 10:17 11776 ----a-w- c:\windows\SysWow64\mshta.exe

    2011-08-25 10:17 . 2011-08-25 10:17 101888 ----a-w- c:\windows\SysWow64\admparse.dll

    2011-08-25 10:17 . 2011-08-25 10:17 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

    2011-08-25 10:17 . 2011-08-25 10:17 222208 ----a-w- c:\windows\system32\msls31.dll

    2011-08-25 10:17 . 2011-08-25 10:17 1389056 ----a-w- c:\windows\system32\wininet.dll

    2011-08-25 10:17 . 2011-08-25 10:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2011-08-25 10:17 . 2011-08-25 10:17 2303488 ----a-w- c:\windows\system32\jscript9.dll

    2011-08-25 10:17 . 2011-08-25 10:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe

    2011-08-25 10:17 . 2011-08-25 10:17 12288 ----a-w- c:\windows\system32\mshta.exe

    2011-08-25 10:17 . 2011-08-25 10:17 114176 ----a-w- c:\windows\system32\admparse.dll

    2011-08-25 10:17 . 2011-08-25 10:17 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

    2011-08-25 10:17 . 2011-08-25 10:17 49664 ----a-w- c:\windows\system32\imgutil.dll

    2011-08-25 10:17 . 2011-08-25 10:17 48640 ----a-w- c:\windows\system32\mshtmler.dll

    2011-08-25 10:17 . 2011-08-25 10:17 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

    2011-08-25 10:17 . 2011-08-25 10:17 111616 ----a-w- c:\windows\system32\iesysprep.dll

    2011-08-25 10:17 . 2011-08-25 10:17 85504 ----a-w- c:\windows\system32\iesetup.dll

    2011-08-25 10:17 . 2011-08-25 10:17 76800 ----a-w- c:\windows\system32\tdc.ocx

    2011-08-25 10:17 . 2011-08-25 10:17 448512 ----a-w- c:\windows\system32\html.iec

    2011-08-25 10:17 . 2011-08-25 10:17 30720 ----a-w- c:\windows\system32\licmgr10.dll

    2011-08-25 10:17 . 2011-08-25 10:17 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

    2011-08-25 10:17 . 2011-08-25 10:17 603648 ----a-w- c:\windows\system32\vbscript.dll

    2011-08-25 10:17 . 2011-08-25 10:17 165888 ----a-w- c:\windows\system32\iexpress.exe

    2011-08-25 10:17 . 2011-08-25 10:17 160256 ----a-w- c:\windows\system32\wextract.exe

    2011-08-15 12:32 . 2011-08-15 12:32 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

    2011-08-15 12:32 . 2011-08-15 12:32 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

    2011-08-15 12:32 . 2011-08-15 12:32 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

    2011-07-26 17:49 . 2011-07-26 17:49 37888 ----a-w- c:\windows\system32\drivers\taphss.sys

    2011-07-16 05:41 . 2011-08-30 13:17 362496 ----a-w- c:\windows\system32\wow64win.dll

    2011-07-16 05:41 . 2011-08-30 13:17 243200 ----a-w- c:\windows\system32\wow64.dll

    2011-07-16 05:41 . 2011-08-30 13:17 13312 ----a-w- c:\windows\system32\wow64cpu.dll

    2011-07-16 05:39 . 2011-08-30 13:17 16384 ----a-w- c:\windows\system32\ntvdm64.dll

    2011-07-16 05:37 . 2011-08-30 13:17 421888 ----a-w- c:\windows\system32\KernelBase.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

    2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

    2011-07-16 04:29 . 2011-08-30 13:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

    2011-07-16 04:26 . 2011-08-30 13:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll

    2011-07-16 04:25 . 2011-08-30 13:17 25600 ----a-w- c:\windows\SysWow64\setup16.exe

    2011-07-16 04:24 . 2011-08-30 13:17 5120 ----a-w- c:\windows\SysWow64\wow32.dll

    2011-07-16 04:24 . 2011-08-30 13:17 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll

    2011-07-16 04:15 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

    2011-07-16 04:15 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

    2011-07-16 04:15 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

    2011-07-16 04:15 . 2011-08-30 13:17 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

    2011-07-16 04:15 . 2011-08-30 13:17 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

    2011-07-16 04:15 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

    2011-07-16 04:15 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

    2011-07-16 04:15 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

    2011-07-16 04:15 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

    2011-07-16 04:15 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

    2011-07-16 04:15 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

    .

    .

    (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "F.lux"="c:\users\USERNAME\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-08 1242448]

    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-07 641400]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

    "QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-13 318520]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    "DefaultLogonDomain"= Akershus-FK

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux1"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-573178753-3869741976-1425505419-177982\Scripts\Logon\0\0]

    "Script"=\\akershus-fk.no\NETLOGON\Undervisning\LOGON00-Rettigheter bærbare til elever IV.bat

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176]

    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

    R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176]

    R3 IntcDAud;Intel® Skjermlyd;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]

    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]

    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

    R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [x]

    R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]

    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]

    R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]

    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

    S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-05-13 317496]

    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

    S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]

    S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

    .

    .

    Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

    .

    2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 10:59]

    .

    2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 10:59]

    .

    2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573178753-3869741976-1425505419-177982Core.job

    - c:\users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 10:25]

    .

    2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573178753-3869741976-1425505419-177982UA.job

    - c:\users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 10:25]

    .

    .

    --------- x86-64 -----------

    .

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    "LoadAppInit_DLLs"=0x0

    .

    ------- Tilleggsskanning -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://portalen.akershus-fk.no

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = <local>

    IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

    IE: Se&nd til OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

    TCP: DhcpNameServer = 192.168.1.1

    DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB

    FF - ProfilePath - c:\users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\

    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=

    .

    - - - - TOMME PEKERE FJERNET - - - -

    .

    BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

    .

    .

    .

    --------------------- LÅSTE REGISTERNØKLER ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.10"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker4"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

    @Denied: (A) (Everyone)

    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

    @Denied: (A) (Everyone)

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

    "Key"="ActionsPane3"

    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Tidspunkt ferdig: 2011-10-09 14:51:40

    ComboFix-quarantined-files.txt 2011-10-09 12:51

    .

    Pre-Run: 22 571 888 640 byte ledig

    Post-Run: 22 435 618 816 byte ledig

    .

    - - End Of File - - 0FDE212BE88272498C9038D4BAE401E1

    DDS

    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

    Run by USERNAME at 14:54:08 on 2011-10-09

    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.1014 [GMT 2:00]

    .

    AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\Hpservice.exe

    C:\Program Files\Sandboxie\SbieSvc.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

    C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\system32\svchost.exe -k bthsvcs

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Logitech\SetPointP\SetPoint.exe

    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe

    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\SysWOW64\cscript.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://portalen.akershus-fk.no

    uInternet Settings,ProxyOverride = <local>

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

    BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    uRun: [F.lux] "C:\Users\USERNAME\Local Settings\Apps\F.lux\flux.exe" /noshow

    uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    mPolicies-system: DefaultLogonDomain = Akershus-FK

    IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    IE: Se&nd til OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB

    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    TCP: DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73} : DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B40275966496 : DhcpNameServer = 148.83.249.50 148.83.249.51

    TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B402759664960274A6563747 : DhcpNameServer = 148.83.249.50 148.83.249.51

    TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\84A656D6D656 : DhcpNameServer = 192.168.0.1

    TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\D4E294E255E2C4 : DhcpNameServer = 192.168.0.1

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

    {2B9F5787-88A5-4945-90E7-C4B18563BC5E}

    {9030D464-4C02-4ABF-8ECC-5164760863C6}

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}

    {DBC80044-A445-435b-BC74-9C25C1C588A9}

    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\

    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

    R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

    R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-5-13 317496]

    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

    R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

    R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]

    R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

    R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-8-27 156288]

    S2 gupdate;Google-oppdatering-tjenesten (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]

    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

    S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]

    S3 IntcDAud;Intel® Skjermlyd;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

    S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]

    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]

    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

    S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;C:\Windows\system32\DRIVERS\Rtenic64.sys --> C:\Windows\system32\DRIVERS\Rtenic64.sys [?]

    S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

    S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]

    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

    S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

    S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

    .

    =============== Created Last 30 ================

    .

    2011-10-09 12:42:38 98816 ----a-w- C:\Windows\sed.exe

    2011-10-09 12:42:38 518144 ----a-w- C:\Windows\SWREG.exe

    2011-10-09 12:42:38 256000 ----a-w- C:\Windows\PEV.exe

    2011-10-09 12:42:38 208896 ----a-w- C:\Windows\MBR.exe

    2011-10-09 08:24:56 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03E8C3E5-B15D-4312-8657-1ABEA5AC69B4}\offreg.dll

    2011-10-08 18:51:56 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

    2011-10-08 18:51:48 -------- d-----w- C:\Users\USERNAME\SystemRequirementsLab

    2011-10-08 15:45:34 -------- d-----w- C:\Program Files\CCleaner

    2011-10-08 15:38:40 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03E8C3E5-B15D-4312-8657-1ABEA5AC69B4}\mpengine.dll

    2011-10-07 17:16:31 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\GameRanger

    2011-10-07 16:44:09 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

    2011-10-01 19:49:53 -------- d-----w- C:\Users\USERNAME\AppData\Local\Spotify

    2011-10-01 19:49:38 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Spotify

    2011-09-30 08:43:08 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple Computer

    2011-09-30 08:41:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple

    2011-09-28 09:50:59 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.purple

    2011-09-28 09:50:37 -------- d-----w- C:\Program Files (x86)\Pidgin

    2011-09-28 09:45:58 -------- d-----w- C:\Users\USERNAME\AppData\Local\Windows Live

    2011-09-28 09:45:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

    2011-09-28 07:05:25 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

    2011-09-25 14:27:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll

    2011-09-25 10:55:31 -------- d-----w- C:\Program Files (x86)\NoVirusThanks

    2011-09-21 10:14:42 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Mount&Blade Warband

    2011-09-21 10:08:40 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2

    2011-09-21 09:58:51 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll

    2011-09-21 09:58:46 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll

    2011-09-21 09:56:52 -------- d-----w- C:\Program Files (x86)\Mount&Blade Warband

    2011-09-19 06:59:13 29696 ----a-w- C:\Windows\System32\drivers\tap0901.sys

    2011-09-16 07:35:19 -------- d-----w- C:\Program Files (x86)\uTorrent

    2011-09-16 07:33:40 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\uTorrent

    2011-09-16 07:33:40 -------- d-----w- C:\Users\USERNAME\AppData\Local\uTorrent

    2011-09-16 07:18:38 -------- d-----w- C:\Program Files (x86)\proXPN

    2011-09-15 07:26:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\VMware

    2011-09-14 13:44:14 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.minecraft

    2011-09-14 10:13:11 -------- d-----w- C:\Users\USERNAME\VirtualBox VMs

    2011-09-14 10:04:58 -------- d-----w- C:\Users\USERNAME\.VirtualBox

    2011-09-14 10:04:07 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

    2011-09-14 10:04:00 128816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

    2011-09-14 10:03:53 -------- d-----w- C:\Program Files\Oracle

    2011-09-13 11:20:49 -------- d-----w- C:\Program Files (x86)\TunnelBear

    2011-09-12 06:59:06 -------- d-----w- C:\Users\USERNAME\AppData\Local\Opera

    .

    ==================== Find3M ====================

    .

    2011-09-22 09:52:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2011-09-17 10:21:24 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

    2011-08-15 12:32:10 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys

    2011-08-15 12:32:10 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

    2011-08-15 12:32:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll

    2011-07-26 17:49:12 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys

    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

    .

    ============= FINISH: 14:54:28,74 ===============

  6. Malwarebytes' Anti-Malware 1.51.2.1300

    www.malwarebytes.org

    Databaseversjon: 7879

    Windows 6.1.7601 Service Pack 1

    Internet Explorer 9.0.8112.16421

    05.10.2011 19:47:01

    mbam-log-2011-10-05 (19-47-01).txt

    Skanntype: Hurtigsøk

    Objekter skannet: 176789

    Tid tilbakelagt: 2 minutt(er), 42 sekund(er)

    Minneprosesser infisert: 0

    Minnemoduler infisert: 0

    Registernøkler infisert: 0

    Registerverdier infisert: 0

    Registerfiler infisert: 0

    Mapper infisert: 0

    Filer infisert 0

    Minneprosesser infisert:

    (Ingen skadelige objekter funnet)

    Minnemoduler infisert:

    (Ingen skadelige objekter funnet)

    Registernøkler infisert:

    (Ingen skadelige objekter funnet)

    Registerverdier infisert:

    (Ingen skadelige objekter funnet)

    Registerfiler infisert:

    (Ingen skadelige objekter funnet)

    Mapper infisert:

    (Ingen skadelige objekter funnet)

    Filer infisert

    (Ingen skadelige objekter funnet)

    .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

    Run by USERNAME at 19:48:48 on 2011-10-05

    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.829 [GMT 2:00]

    .

    AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

    SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\Hpservice.exe

    C:\Program Files\Sandboxie\SbieSvc.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

    C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe

    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

    C:\Windows\SysWOW64\vmnat.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

    C:\Windows\SysWOW64\vmnetdhcp.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

    C:\Windows\system32\svchost.exe -k bthsvcs

    C:\Windows\system32\wbem\unsecapp.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Windows\system32\taskhost.exe

    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Users\USERNAME\Local Settings\Apps\F.lux\flux.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe

    C:\Program Files (x86)\VMware\VMware Player\hqtray.exe

    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

    C:\Program Files (x86)\Skype\Phone\Skype.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\System32\rundll32.exe

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    C:\Windows\system32\scrnsave.scr

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\SysWOW64\cscript.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uWindow Title = Windows Internet Explorer provided by Akershus Fylkeskommune

    uStart Page = hxxp://portalen.akershus-fk.no

    uDefault_Page_URL = hxxp://portalen.akershus-fk.no

    uInternet Settings,ProxyOverride = <local>

    mWinlogon: Userinit=userinit.exe,

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

    BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    uRun: [Google Update] "C:\Users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe" /c

    uRun: [F.lux] "C:\Users\USERNAME\Local Settings\Apps\F.lux\flux.exe" /noshow

    uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start

    mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    mPolicies-system: DefaultLogonDomain = Akershus-FK

    IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    IE: Se&nd til OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll

    DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB

    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    TCP: DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73} : DhcpNameServer = 192.168.1.1

    TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B40275966496 : DhcpNameServer = 148.83.249.50 148.83.249.51

    TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B402759664960274A6563747 : DhcpNameServer = 148.83.249.50 148.83.249.51

    TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\D4E294E255E2C4 : DhcpNameServer = 192.168.0.1

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

    {2B9F5787-88A5-4945-90E7-C4B18563BC5E}

    {9030D464-4C02-4ABF-8ECC-5164760863C6}

    {B4F3A835-0E21-4959-BA22-42B3008E02FF}

    {DBC80044-A445-435b-BC74-9C25C1C588A9}

    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start

    mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\

    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=

    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    FF - plugin: C:\Users\USERNAME\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

    R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

    R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-5-13 317496]

    R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

    R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]

    R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]

    R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

    R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-8-27 156288]

    S2 gupdate;Google-oppdatering-tjenesten (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]

    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

    S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]

    S3 IntcDAud;Intel® Skjermlyd;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

    S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]

    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]

    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]

    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

    S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;C:\Windows\system32\DRIVERS\Rtenic64.sys --> C:\Windows\system32\DRIVERS\Rtenic64.sys [?]

    S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

    S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]

    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

    S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

    S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

    .

    =============== Created Last 30 ================

    .

    2011-10-05 16:33:31 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{446AB021-1DF4-4553-A28A-9D90891ABC2D}\offreg.dll

    2011-10-05 16:33:22 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{446AB021-1DF4-4553-A28A-9D90891ABC2D}\mpengine.dll

    2011-10-01 19:49:53 -------- d-----w- C:\Users\USERNAME\AppData\Local\Spotify

    2011-10-01 19:49:38 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Spotify

    2011-09-30 08:43:08 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple Computer

    2011-09-30 08:41:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple

    2011-09-28 09:50:59 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.purple

    2011-09-28 09:50:37 -------- d-----w- C:\Program Files (x86)\Pidgin

    2011-09-28 09:45:58 -------- d-----w- C:\Users\USERNAME\AppData\Local\Windows Live

    2011-09-28 09:45:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

    2011-09-28 07:05:25 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

    2011-09-25 14:27:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll

    2011-09-25 10:55:31 -------- d-----w- C:\Program Files (x86)\NoVirusThanks

    2011-09-21 10:14:42 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Mount&Blade Warband

    2011-09-21 10:08:40 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2

    2011-09-21 09:58:51 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll

    2011-09-21 09:58:46 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll

    2011-09-21 09:56:52 -------- d-----w- C:\Program Files (x86)\Mount&Blade Warband

    2011-09-19 06:59:13 29696 ----a-w- C:\Windows\System32\drivers\tap0901.sys

    2011-09-16 07:35:19 -------- d-----w- C:\Program Files (x86)\uTorrent

    2011-09-16 07:33:40 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\uTorrent

    2011-09-16 07:33:40 -------- d-----w- C:\Users\USERNAME\AppData\Local\uTorrent

    2011-09-16 07:18:38 -------- d-----w- C:\Program Files (x86)\proXPN

    2011-09-15 07:26:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\VMware

    2011-09-15 07:23:21 81008 ----a-w- C:\Windows\System32\drivers\vmci.sys

    2011-09-15 07:23:18 68720 ----a-w- C:\Windows\System32\drivers\vmx86.sys

    2011-09-15 07:22:46 334448 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe

    2011-09-15 07:22:41 404080 ----a-w- C:\Windows\SysWow64\vmnat.exe

    2011-09-15 07:22:41 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys

    2011-09-15 07:22:35 968816 ----a-w- C:\Windows\System32\vnetlib64.dll

    2011-09-15 07:22:13 31856 ----a-w- C:\Windows\System32\drivers\VMkbd.sys

    2011-09-15 07:22:11 38512 ----a-w- C:\Windows\System32\drivers\hcmon.sys

    2011-09-15 07:21:48 -------- d-----w- C:\Program Files (x86)\Common Files\VMware

    2011-09-15 07:21:25 -------- d-----w- C:\Program Files (x86)\VMware

    2011-09-14 13:44:14 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.minecraft

    2011-09-14 10:13:11 -------- d-----w- C:\Users\USERNAME\VirtualBox VMs

    2011-09-14 10:04:58 -------- d-----w- C:\Users\USERNAME\.VirtualBox

    2011-09-14 10:04:07 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

    2011-09-14 10:04:00 128816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

    2011-09-14 10:03:53 -------- d-----w- C:\Program Files\Oracle

    2011-09-13 11:20:49 -------- d-----w- C:\Program Files (x86)\TunnelBear

    2011-09-12 06:59:06 -------- d-----w- C:\Users\USERNAME\AppData\Local\Opera

    2011-09-08 12:13:11 -------- d-----w- C:\Users\USERNAME\AppData\Local\Diagnostics

    2011-09-08 07:00:24 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2DB06253-C2D9-4C12-BD94-E077B637C2F6}\gapaengine.dll

    2011-09-07 10:14:55 -------- d-----w- C:\Program Files\Paint.NET

    2011-09-07 10:14:40 -------- d-----w- C:\Users\USERNAME\AppData\Local\Paint.NET

    2011-09-07 10:00:29 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

    2011-09-07 10:00:25 -------- d-----w- C:\Program Files (x86)\Steam

    2011-09-06 09:51:36 -------- d-----r- C:\Program Files (x86)\Skype

    2011-09-06 07:47:38 -------- d-----w- C:\Users\USERNAME\AppData\Local\DOSBox

    2011-09-06 07:47:26 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74

    .

    ==================== Find3M ====================

    .

    2011-09-22 09:52:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2011-09-17 10:21:24 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

    2011-08-15 12:32:10 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys

    2011-08-15 12:32:10 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

    2011-08-15 12:32:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll

    2011-07-26 17:49:12 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys

    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

    2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll

    2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

    2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

    .

    ============= FINISH: 19:49:45,26 ===============

    Thanks :)

  7. I got myself infected with some malware by accident (friend of mine ran it). The malware file was from here:

    hxxp://hotelcrystalpark.com/firefox_1/download_firefox_6.0.1.php

    I scanned with MBAM and it detected Trojan.Fakealert then scanned with MSE and it found the following:

    Trojan:DOS/Alureon.C

    Items:

    boot:\Device\Harddisk0\DR0

    boot:\Device\Harddisk0\DR0\(MBR)

    PWS:Win32/Zbot

    Items:

    containerfile:C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\14.0.835.186\Installer\chrome.7z

    file:C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\14.0.835.186\Installer\chrome.7z->Chrome-bin/chrome.exe

    file:C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\chrome.exe

    file:C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\old_chrome.exe

    regkey:HKCU@S-1-5-21-573178753-3869741976-1425505419-177982\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Google Chrome

    uninstall:HKCU@S-1-5-21-573178753-3869741976-1425505419-177982\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Google Chrome

    TrojanDownload:Win32/Karagany.C

    Items:

    file:C:\Users\USERNAME\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0021f8

    file:C:\Users\USERNAME\AppData\Local\Opera\Opera\cache\g_0016\opr0026Z.tmp

    Removed everything that was detected of course. I have no symptoms now, I just wanted to make sure I'm not infected anymore.

    Feel free to take your time with this topic, and thanks a lot for your time.

  8. ...The real problem here however is that the web installer is pushing the Babylon toolbar. Users who do not pay attention to the download process will install the Babylon Toolbar, make Babylon their default search engine and homepage of their browsers.

    Read More

    ...Now, things have taken a turn for the worse: Cnet has begun wrapping downloads in a proprietary installer.

    Wrapping installers is a terrible practice. For one thing, it can be a violation of a program’s distribution terms — but Download.com has no doubt ensured that its TOS states that if you let them mirror your files you’re giving them free reign. It’s also a serious slap in the face to users, who wind up not with a clean, genuine version of the installer they tried to download but a modified beast that shoves toolbars, home page, and default search engines changes down their throats.

    Read More

  9. Hewlett-Packard Co. (HPQ) is planning a sweeping overhaul of its businesses, agreeing to buy Autonomy Corp. for $10.3 billion and weighing a breakup that would unravel the much-debated Compaq Computer Corp. purchase.

    Autonomy shareholders will receive $42.11 a share, Palo Alto, California-based Hewlett-Packard said in a statement. That represents a 64 percent premium over Autonomy’s closing share price yesterday. Hewlett-Packard also said it’s considering spinning off its PC division and that it will discontinue products that run WebOS software. Hewlett-Packard shares dropped after the company issued forecasts that missed estimates.

    Read More

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.