-
Posts
921 -
Joined
Content Type
Events
Profiles
Forums
Posts posted by L00N3R
-
-
Might have been mentioned, but Gdata has a false positive on the setup file. Just to clarify I did not upload it, I just searched for the hash.
-
Just adding in - it also happens when you right click a grammatical error and select "Manage language"
-
Yes, finally a user interface that looks modern, professional and clean!
I feel it really shows how you are listening to your community.
I like the flat Windows 8 look - I don't like Win 8 itself but its design is whats modern now.
I don't get all the fuzz about the smiley face. It doesn't look too silly to me, Avast previously used a smiley in their UI I remember. Also, it kind of fits with the Malwarebytes home page, with mascots including a smiling figure and a terminator robot.
To me, Malwarebytes finally has that "professional" feel again
-
-
109.163.230.69 / wtso.net is blocked by MBAM.
Is this a false positive? It's clean by Virustotal.
-
Thanks a lot
-
Any update on this?
-
Could you make an exception for this website?
Thanks
-
No, it's the uninstaller for Dropbox folder sync
-
False positive
-
Everything is running fine now.
Thanks for the help
-
Eset log (Very short though, but it was the right location):
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Security check:
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java 6 Update 29
Out of date Java installed!
Adobe Reader X (10.1.1) - Norsk
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
-
ComboFix 11-10-17.02 - USERNAME 18.10.2011 9:01.2.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.969 [GMT 2:00]
Kjører fra: d:\USERNAME\Desktop\ComboFix.exe
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2011-09-18 til 2011-10-18 )))))))))))))))))))))))))))))))))
.
.
2011-10-18 07:06 . 2011-10-18 07:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-18 06:56 . 2011-10-18 06:56 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\offreg.dll
2011-10-18 06:56 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\mpengine.dll
2011-10-14 12:03 . 2011-10-14 12:03 -------- d-----w- c:\users\USERNAME\AppData\Roaming\LolClient
2011-10-13 13:19 . 2011-10-13 13:18 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8037D578-0C93-4413-83F2-22330A210D39}\gapaengine.dll
2011-10-13 13:02 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 13:01 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 13:01 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 13:01 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 13:01 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 13:00 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 13:00 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 13:00 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 13:00 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-13 08:45 . 2011-10-13 08:45 -------- d-----w- c:\program files (x86)\iFinger
2011-10-11 20:23 . 2008-07-31 08:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2011-10-11 20:23 . 2008-07-31 08:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2011-10-11 20:23 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-10-11 20:23 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-10-11 20:23 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-10-11 20:19 . 2011-10-11 20:19 -------- d-----w- C:\Riot Games
2011-10-11 08:07 . 2011-10-18 07:06 -------- d-----w- c:\users\USERNAME\AppData\Local\PMB Files
2011-10-11 08:07 . 2011-10-14 11:55 -------- d-----w- c:\programdata\PMB Files
2011-10-11 08:07 . 2011-10-11 08:07 -------- d-----w- c:\program files (x86)\Pando Networks
2011-10-08 18:51 . 2011-10-08 18:51 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-10-08 18:51 . 2011-10-08 18:51 -------- d-----w- c:\users\USERNAME\SystemRequirementsLab
2011-10-08 15:45 . 2011-10-08 15:45 -------- d-----w- c:\program files\CCleaner
2011-10-07 17:16 . 2011-10-07 17:16 -------- d-----w- c:\users\USERNAME\AppData\Roaming\GameRanger
2011-10-07 16:44 . 2011-10-07 16:44 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2011-10-01 19:49 . 2011-10-17 15:39 -------- d-----w- c:\users\USERNAME\AppData\Local\Spotify
2011-10-01 19:49 . 2011-10-17 15:43 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Spotify
2011-09-30 08:43 . 2011-09-30 08:43 -------- d-----w- c:\users\USERNAME\AppData\Local\Apple Computer
2011-09-30 08:43 . 2011-09-30 08:43 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Apple Computer
2011-09-30 08:42 . 2011-09-30 08:42 -------- d-----w- c:\program files (x86)\Safari
2011-09-30 08:42 . 2011-09-30 08:42 -------- d-----w- c:\programdata\Apple Computer
2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\users\USERNAME\AppData\Local\Apple
2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\programdata\Apple
2011-09-28 09:50 . 2011-09-28 10:21 -------- d-----w- c:\users\USERNAME\AppData\Roaming\.purple
2011-09-28 09:50 . 2011-09-28 09:50 -------- d-----w- c:\program files (x86)\Pidgin
2011-09-28 09:47 . 2011-09-28 09:48 -------- d-----w- c:\program files (x86)\Windows Live
2011-09-28 09:45 . 2011-09-28 09:45 -------- d-----w- c:\users\USERNAME\AppData\Local\Windows Live
2011-09-28 09:45 . 2011-09-28 09:45 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-09-28 07:05 . 2011-09-30 16:13 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-25 14:27 . 2011-09-25 14:27 -------- d-----w- c:\programdata\Hewlett-Packard
2011-09-25 14:27 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-09-25 10:55 . 2011-09-25 10:55 -------- d-----w- c:\program files (x86)\NoVirusThanks
2011-09-21 10:59 . 2011-10-07 12:20 -------- d-----w- c:\program files (x86)\Google
2011-09-21 10:14 . 2011-09-21 10:15 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Mount&Blade Warband
2011-09-21 10:08 . 2011-09-21 10:08 -------- d-----w- c:\program files (x86)\VirusTotalUploader2
2011-09-21 09:58 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-09-21 09:58 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2011-09-21 09:56 . 2011-09-21 10:01 -------- d-----w- c:\program files (x86)\Mount&Blade Warband
2011-09-19 06:59 . 2010-02-25 15:51 29696 ----a-w- c:\windows\system32\drivers\tap0901.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-13 08:12 . 2011-06-24 09:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-28 09:46 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-17 10:21 . 2011-09-03 20:42 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-09-14 13:58 . 2011-08-23 10:46 274616 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-09-13 00:26 . 2011-06-28 13:12 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-03 20:42 . 2011-09-03 20:42 53248 ----a-r- c:\users\USERNAME\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-08-25 10:17 . 2011-08-25 10:17 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-25 10:17 . 2011-08-25 10:17 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-25 10:17 . 2011-08-25 10:17 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-25 10:17 . 2011-08-25 10:17 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-25 10:17 . 2011-08-25 10:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-25 10:17 . 2011-08-25 10:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-25 10:17 . 2011-08-25 10:17 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-25 10:17 . 2011-08-25 10:17 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-25 10:17 . 2011-08-25 10:17 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-25 10:17 . 2011-08-25 10:17 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-25 10:17 . 2011-08-25 10:17 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-25 10:17 . 2011-08-25 10:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-25 10:17 . 2011-08-25 10:17 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-25 10:17 . 2011-08-25 10:17 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-25 10:17 . 2011-08-25 10:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-25 10:17 . 2011-08-25 10:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-25 10:17 . 2011-08-25 10:17 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-25 10:17 . 2011-08-25 10:17 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-25 10:17 . 2011-08-25 10:17 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-25 10:17 . 2011-08-25 10:17 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-25 10:17 . 2011-08-25 10:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-25 10:17 . 2011-08-25 10:17 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-25 10:17 . 2011-08-25 10:17 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-25 10:17 . 2011-08-25 10:17 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-25 10:17 . 2011-08-25 10:17 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-25 10:17 . 2011-08-25 10:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-25 10:17 . 2011-08-25 10:17 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-25 10:17 . 2011-08-25 10:17 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-25 10:17 . 2011-08-25 10:17 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-25 10:17 . 2011-08-25 10:17 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-25 10:17 . 2011-08-25 10:17 448512 ----a-w- c:\windows\system32\html.iec
2011-08-25 10:17 . 2011-08-25 10:17 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-25 10:17 . 2011-08-25 10:17 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-25 10:17 . 2011-08-25 10:17 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-25 10:17 . 2011-08-25 10:17 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-25 10:17 . 2011-08-25 10:17 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-15 12:32 . 2011-09-14 10:04 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-08-15 12:32 . 2011-09-14 10:04 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-08-15 12:32 . 2011-08-15 12:32 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-08-15 12:32 . 2011-08-15 12:32 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-15 12:32 . 2011-08-15 12:32 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-07-26 17:49 . 2011-07-26 17:49 37888 ----a-w- c:\windows\system32\drivers\taphss.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-09_12.49.24 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-08-25 10:17 . 2011-08-25 10:17 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-10-14 13:01 . 2011-09-01 02:23 72704 c:\windows\SysWOW64\mshtmled.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-10-14 13:01 . 2011-09-01 02:26 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-10-14 13:01 . 2011-09-01 02:26 65024 c:\windows\SysWOW64\jsproxy.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-06-23 17:10 . 2011-10-15 13:08 30546 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-18 06:44 37000 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 09:17 . 2011-10-09 08:29 75124 c:\windows\system32\perfc014.dat
+ 2009-07-14 09:17 . 2011-10-18 06:46 75124 c:\windows\system32\perfc014.dat
+ 2011-10-14 13:01 . 2011-09-01 05:12 96256 c:\windows\system32\mshtmled.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 96256 c:\windows\system32\mshtmled.dll
+ 2011-10-14 13:01 . 2011-09-01 05:15 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 85504 c:\windows\system32\jsproxy.dll
+ 2011-10-14 13:01 . 2011-09-01 05:15 85504 c:\windows\system32\jsproxy.dll
- 2011-07-21 14:01 . 2011-10-08 15:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-21 14:01 . 2011-10-16 13:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-21 14:01 . 2011-10-16 13:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-21 14:01 . 2011-10-08 15:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-08 15:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-16 13:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-10-18 06:49 88816 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-07-21 10:43 . 2011-07-21 10:43 27648 c:\windows\Installer\1367eb9.msp
- 2011-06-23 16:57 . 2011-09-26 18:21 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-10-13 08:45 . 2011-10-13 08:45 19790 c:\windows\Installer\{87A7E808-D6BE-40E6-97FD-AAAC0F39A886}\iFinger.exe
+ 2011-08-23 10:44 . 2011-10-18 06:44 6684 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-573178753-3869741976-1425505419-177982_UserData.bin
+ 2011-10-18 06:41 . 2011-10-18 06:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-09 08:24 . 2011-10-09 08:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-18 06:41 . 2011-10-18 06:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-09 08:24 . 2011-10-09 08:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-25 10:17 . 2011-08-25 10:17 231936 c:\windows\SysWOW64\url.dll
+ 2011-10-14 13:01 . 2011-09-01 02:27 231936 c:\windows\SysWOW64\url.dll
+ 2011-10-13 08:12 . 2011-10-13 08:12 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe
+ 2011-10-13 08:12 . 2011-10-13 08:12 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
+ 2011-10-13 08:12 . 2011-10-13 08:12 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-10-14 13:01 . 2011-09-01 02:24 716800 c:\windows\SysWOW64\jscript.dll
- 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
+ 2011-10-10 13:02 . 2011-07-27 04:27 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
- 2011-08-25 10:17 . 2011-08-25 10:17 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-10-14 13:01 . 2011-09-01 02:21 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-06-27 07:55 . 2011-10-12 17:34 315668 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-06-23 23:28 . 2011-10-17 15:28 254866 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-08-25 10:17 . 2011-08-25 10:17 237056 c:\windows\system32\url.dll
+ 2011-10-14 13:01 . 2011-09-01 05:16 237056 c:\windows\system32\url.dll
+ 2009-07-14 09:17 . 2011-10-18 06:46 450310 c:\windows\system32\perfh014.dat
- 2009-07-14 09:17 . 2011-10-09 08:29 450310 c:\windows\system32\perfh014.dat
+ 2009-07-14 02:36 . 2011-10-18 06:46 609290 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-09 08:29 609290 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-18 06:46 104568 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-10-09 08:29 104568 c:\windows\system32\perfc009.dat
- 2011-08-25 10:17 . 2011-08-25 10:17 818176 c:\windows\system32\jscript.dll
+ 2011-10-14 13:01 . 2011-09-01 05:14 818176 c:\windows\system32\jscript.dll
+ 2011-10-10 13:02 . 2011-07-27 05:33 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
- 2009-07-13 23:40 . 2009-07-14 01:41 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
- 2011-08-25 10:17 . 2011-08-25 10:17 248320 c:\windows\system32\ieui.dll
+ 2011-10-14 13:01 . 2011-09-01 05:08 248320 c:\windows\system32\ieui.dll
+ 2009-07-14 04:45 . 2011-10-13 14:47 376024 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:01 . 2011-10-17 17:13 385756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-08 22:44 385756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-21 21:19 . 2011-08-21 21:19 133120 c:\windows\Installer\96e82c.msp
+ 2011-06-19 21:33 . 2011-06-19 21:33 407552 c:\windows\Installer\1367eb1.msp
+ 2011-10-14 12:08 . 2011-10-14 12:08 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
- 2011-10-07 12:01 . 2011-10-07 12:01 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-10-13 13:01 . 2011-08-17 05:28 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll
- 2011-06-27 09:34 . 2010-11-20 13:44 315392 c:\windows\ehome\Microsoft.MediaCenter.Interop.dll
+ 2011-10-13 14:47 . 2011-10-13 14:47 522240 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3563d3f83c115eae9c5387cc7b0d1b7d\Microsoft.MediaCenter.Interop.ni.dll
+ 2011-10-13 13:01 . 2011-08-17 05:28 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
- 2011-06-27 09:34 . 2010-11-20 13:44 315392 c:\windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll
+ 2011-10-14 13:01 . 2011-09-01 02:28 1126912 c:\windows\SysWOW64\wininet.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 1126912 c:\windows\SysWOW64\wininet.dll
+ 2011-10-14 13:01 . 2011-09-01 02:28 1102848 c:\windows\SysWOW64\urlmon.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 1102848 c:\windows\SysWOW64\urlmon.dll
+ 2011-06-24 09:33 . 2011-10-13 08:12 8522400 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2011-10-14 13:01 . 2011-09-01 02:35 1798144 c:\windows\SysWOW64\jscript9.dll
+ 2011-10-14 13:01 . 2011-09-01 02:23 1791488 c:\windows\SysWOW64\iertutil.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 1791488 c:\windows\SysWOW64\iertutil.dll
+ 2011-10-14 13:01 . 2011-09-01 02:33 9704960 c:\windows\SysWOW64\ieframe.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 1389056 c:\windows\system32\wininet.dll
+ 2011-10-14 13:01 . 2011-09-01 05:17 1389056 c:\windows\system32\wininet.dll
- 2011-08-25 10:17 . 2011-08-25 10:17 1344512 c:\windows\system32\urlmon.dll
+ 2011-10-14 13:01 . 2011-09-01 05:18 1344512 c:\windows\system32\urlmon.dll
+ 2011-10-14 13:01 . 2011-09-01 05:24 2309120 c:\windows\system32\jscript9.dll
+ 2011-10-14 13:01 . 2011-09-01 05:12 2143744 c:\windows\system32\iertutil.dll
+ 2009-07-14 04:45 . 2011-10-15 12:56 6834469 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-10-07 15:35 6834469 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-08-25 13:59 . 2011-10-17 09:16 5958756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-573178753-3869741976-1425505419-177982-4096.dat
+ 2011-07-21 10:34 . 2011-07-21 10:34 3456000 c:\windows\Installer\96e860.msp
+ 2011-07-21 10:45 . 2011-07-21 10:45 3809792 c:\windows\Installer\96e846.msp
+ 2011-08-21 21:18 . 2011-08-21 21:18 1585152 c:\windows\Installer\96e825.msp
+ 2011-07-21 10:51 . 2011-07-21 10:51 9623040 c:\windows\Installer\1367e7b.msp
+ 2011-07-21 10:41 . 2011-07-21 10:41 8413696 c:\windows\Installer\1367e61.msp
+ 2011-06-23 16:57 . 2011-10-13 13:02 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.9D6CC272.FB07.4CCF.BA62.C793BD18F37A.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.9D6CC272.FB07.4CCF.BA62.C793BD18F37A.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.58599A6F.C47E.4F6A.9B74.130813500B46.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.58599A6F.C47E.4F6A.9B74.130813500B46.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.0ABA67DE.B9F7.4720.83BA.38B0FED98479.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\Icon.0ABA67DE.B9F7.4720.83BA.38B0FED98479.exe
- 2011-06-23 16:57 . 2011-09-26 18:21 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-06-23 16:57 . 2011-10-13 13:02 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-10-15 14:30 . 2011-10-15 14:30 1142784 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\006437adec3104e688788eea08c535fd\Microsoft.MediaCenter.Shell.ni.dll
+ 2011-10-14 13:01 . 2011-09-01 02:36 12275200 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2011-10-15 12:53 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-08-30 14:38 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-10-14 13:01 . 2011-09-01 05:34 17781760 c:\windows\system32\mshtml.dll
+ 2011-06-24 09:13 . 2011-10-10 13:02 49062856 c:\windows\system32\MRT.exe
- 2011-08-25 10:17 . 2011-08-25 10:17 10886144 c:\windows\system32\ieframe.dll
+ 2011-10-14 13:00 . 2011-09-01 05:24 10886144 c:\windows\system32\ieframe.dll
+ 2011-08-23 10:22 . 2011-10-17 09:16 33435484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-573178753-3869741976-1425505419-177982-8192.dat
+ 2011-10-14 12:07 . 2011-10-14 12:07 18452480 c:\windows\Installer\494f48b.msi
+ 2011-07-21 10:36 . 2011-07-21 10:36 66808320 c:\windows\Installer\1367e97.msp
+ 2010-03-12 22:05 . 2010-03-12 22:05 11121528 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OARTCONV.DLL
+ 2010-03-13 13:08 . 2010-03-13 13:08 20516712 c:\windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\OART.DLL
+ 2011-10-15 14:31 . 2011-10-15 14:31 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\5e125ecb8c921809c2d3ba09e5c77c9e\ehshell.ni.dll
+ 2011-10-13 08:44 . 2011-10-13 08:44 123099648 c:\windows\Installer\463d45.msi
.
-- Snapshot resatt til dagens dato --
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\USERNAME\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-08 1242448]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-11 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-13 318520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DefaultLogonDomain"= Akershus-FK
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-573178753-3869741976-1425505419-177982\Scripts\Logon\0\0]
"Script"=\\akershus-fk.no\NETLOGON\Undervisning\LOGON00-Rettigheter bærbare til elever IV.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176]
R3 IntcDAud;Intel® Skjermlyd;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-05-13 317496]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 10:59]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 10:59]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573178753-3869741976-1425505419-177982Core.job
- c:\users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 10:25]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573178753-3869741976-1425505419-177982UA.job
- c:\users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 10:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
.
------- Tilleggsskanning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://portalen.akershus-fk.no
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd til OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 148.83.249.50 148.83.249.51
DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB
FF - ProfilePath - c:\users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.itslearning.com/index.aspx?CustomerId=124&Username=sigsve
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=
.
- - - - TOMME PEKERE FJERNET - - - -
.
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
.
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tidspunkt ferdig: 2011-10-18 09:09:00
ComboFix-quarantined-files.txt 2011-10-18 07:09
ComboFix2.txt 2011-10-09 12:51
.
Pre-Run: 9 049 726 976 byte ledig
Post-Run: 8 876 912 640 byte ledig
.
- - End Of File - - 2F7359DD68A1CA280B3AA89F0A4FC05A
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by USERNAME at 9:09:58 on 2011-10-18
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.794 [GMT 2:00]
.
AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\WizMouse\WizMouse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://portalen.akershus-fk.no
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [F.lux] "C:\Users\USERNAME\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DefaultLogonDomain = Akershus-FK
IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd til OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 148.83.249.50 148.83.249.51
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73} : DhcpNameServer = 148.83.249.50 148.83.249.51
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B402759664960274A6563747 : DhcpNameServer = 148.83.249.50 148.83.249.51
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\35C65647E65627E6564747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\84A656D6D656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\D4E294E255E2C4 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2B9F5787-88A5-4945-90E7-C4B18563BC5E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.itslearning.com/index.aspx?CustomerId=124&Username=sigsve
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-5-13 317496]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-8-27 156288]
S2 gupdate;Google-oppdatering-tjenesten (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]
S3 IntcDAud;Intel® Skjermlyd;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;C:\Windows\system32\DRIVERS\Rtenic64.sys --> C:\Windows\system32\DRIVERS\Rtenic64.sys [?]
S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-18 06:56:11 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\offreg.dll
2011-10-18 06:56:09 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B29AA69-EA6A-4636-BC18-AF7C9D49411D}\mpengine.dll
2011-10-14 12:03:53 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\LolClient
2011-10-13 13:19:12 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8037D578-0C93-4413-83F2-22330A210D39}\gapaengine.dll
2011-10-13 13:02:14 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-13 13:01:22 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-13 13:01:22 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-13 13:01:22 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-13 13:01:22 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-13 13:00:30 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-13 13:00:29 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-13 13:00:29 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-13 13:00:29 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 08:45:26 -------- d-----w- C:\Program Files (x86)\iFinger
2011-10-11 20:23:51 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2011-10-11 20:23:51 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2011-10-11 20:23:51 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-10-11 20:23:51 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-10-11 20:23:50 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-10-11 20:19:20 -------- d-----w- C:\Riot Games
2011-10-11 08:07:25 -------- d-----w- C:\Users\USERNAME\AppData\Local\PMB Files
2011-10-11 08:07:23 -------- d-----w- C:\ProgramData\PMB Files
2011-10-11 08:07:09 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-10-09 12:42:38 98816 ----a-w- C:\Windows\sed.exe
2011-10-09 12:42:38 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-09 12:42:38 256000 ----a-w- C:\Windows\PEV.exe
2011-10-09 12:42:38 208896 ----a-w- C:\Windows\MBR.exe
2011-10-08 18:51:56 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-10-08 18:51:48 -------- d-----w- C:\Users\USERNAME\SystemRequirementsLab
2011-10-08 15:45:34 -------- d-----w- C:\Program Files\CCleaner
2011-10-07 17:16:31 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\GameRanger
2011-10-07 16:44:09 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2011-10-01 19:49:53 -------- d-----w- C:\Users\USERNAME\AppData\Local\Spotify
2011-10-01 19:49:38 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Spotify
2011-09-30 08:43:08 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple Computer
2011-09-30 08:41:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple
2011-09-28 09:50:59 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.purple
2011-09-28 09:50:37 -------- d-----w- C:\Program Files (x86)\Pidgin
2011-09-28 09:45:58 -------- d-----w- C:\Users\USERNAME\AppData\Local\Windows Live
2011-09-28 09:45:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-09-28 07:05:25 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-25 14:27:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-09-25 10:55:31 -------- d-----w- C:\Program Files (x86)\NoVirusThanks
2011-09-21 10:14:42 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Mount&Blade Warband
2011-09-21 10:08:40 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2
2011-09-21 09:58:51 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-09-21 09:58:46 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2011-09-21 09:56:52 -------- d-----w- C:\Program Files (x86)\Mount&Blade Warband
2011-09-19 06:59:13 29696 ----a-w- C:\Windows\System32\drivers\tap0901.sys
.
==================== Find3M ====================
.
2011-10-13 08:12:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-17 10:21:24 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-09-14 13:58:46 274616 ----a-w- C:\Windows\System32\drivers\keyscrambler.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-15 12:32:10 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-08-15 12:32:10 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-08-15 12:32:10 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-08-15 12:32:10 128816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-08-15 12:32:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2011-07-26 17:49:12 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys
.
============= FINISH: 9:10:18,68 ===============
-
µTorrent is uninstalled.
-
Combofix
ComboFix 11-10-09.01 - USERNAME 09.10.2011 14:44:08.1.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.1178 [GMT 2:00]
Kjører fra: d:\USERNAME\Desktop\ComboFix.exe
AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Opprettet nytt gjenopprettingspunkt
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2011-09-09 til 2011-10-09 )))))))))))))))))))))))))))))))))
.
.
2011-10-09 12:49 . 2011-10-09 12:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-09 08:24 . 2011-10-09 08:24 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03E8C3E5-B15D-4312-8657-1ABEA5AC69B4}\offreg.dll
2011-10-08 18:51 . 2011-10-08 18:51 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-10-08 18:51 . 2011-10-08 18:51 -------- d-----w- c:\users\USERNAME\SystemRequirementsLab
2011-10-08 15:45 . 2011-10-08 15:45 -------- d-----w- c:\program files\CCleaner
2011-10-08 15:38 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{03E8C3E5-B15D-4312-8657-1ABEA5AC69B4}\mpengine.dll
2011-10-07 17:16 . 2011-10-07 17:16 -------- d-----w- c:\users\USERNAME\AppData\Roaming\GameRanger
2011-10-07 16:44 . 2011-10-07 16:44 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2011-10-01 19:49 . 2011-10-08 15:28 -------- d-----w- c:\users\USERNAME\AppData\Local\Spotify
2011-10-01 19:49 . 2011-10-08 18:26 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Spotify
2011-09-30 08:43 . 2011-09-30 08:43 -------- d-----w- c:\users\USERNAME\AppData\Local\Apple Computer
2011-09-30 08:43 . 2011-09-30 08:43 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Apple Computer
2011-09-30 08:42 . 2011-09-30 08:42 -------- d-----w- c:\program files (x86)\Safari
2011-09-30 08:42 . 2011-09-30 08:42 -------- d-----w- c:\programdata\Apple Computer
2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\users\USERNAME\AppData\Local\Apple
2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-09-30 08:41 . 2011-09-30 08:41 -------- d-----w- c:\programdata\Apple
2011-09-28 09:50 . 2011-09-28 10:21 -------- d-----w- c:\users\USERNAME\AppData\Roaming\.purple
2011-09-28 09:50 . 2011-09-28 09:50 -------- d-----w- c:\program files (x86)\Pidgin
2011-09-28 09:47 . 2011-09-28 09:48 -------- d-----w- c:\program files (x86)\Windows Live
2011-09-28 09:45 . 2011-09-28 09:45 -------- d-----w- c:\users\USERNAME\AppData\Local\Windows Live
2011-09-28 09:45 . 2011-09-28 09:45 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-09-28 07:05 . 2011-09-30 16:13 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-25 14:27 . 2011-09-25 14:27 -------- d-----w- c:\programdata\Hewlett-Packard
2011-09-25 14:27 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-09-25 10:55 . 2011-09-25 10:55 -------- d-----w- c:\program files (x86)\NoVirusThanks
2011-09-21 10:59 . 2011-10-07 12:20 -------- d-----w- c:\program files (x86)\Google
2011-09-21 10:14 . 2011-09-21 10:15 -------- d-----w- c:\users\USERNAME\AppData\Roaming\Mount&Blade Warband
2011-09-21 10:08 . 2011-09-21 10:08 -------- d-----w- c:\program files (x86)\VirusTotalUploader2
2011-09-21 09:58 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-09-21 09:58 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2011-09-21 09:56 . 2011-09-21 10:01 -------- d-----w- c:\program files (x86)\Mount&Blade Warband
2011-09-19 06:59 . 2010-02-25 15:51 29696 ----a-w- c:\windows\system32\drivers\tap0901.sys
2011-09-17 11:52 . 2011-09-17 15:16 -------- d-----w- c:\users\USERNAME\AppData\Roaming\vlc
2011-09-16 07:35 . 2011-09-16 07:35 -------- d-----w- c:\program files (x86)\uTorrent
2011-09-16 07:33 . 2011-10-09 09:19 -------- d-----w- c:\users\USERNAME\AppData\Roaming\uTorrent
2011-09-16 07:33 . 2011-09-16 07:33 -------- d-----w- c:\users\USERNAME\AppData\Local\uTorrent
2011-09-16 07:18 . 2011-09-19 06:45 -------- d-----w- c:\program files (x86)\proXPN
2011-09-15 07:26 . 2011-09-15 07:30 -------- d-----w- c:\users\USERNAME\AppData\Local\VMware
2011-09-15 07:26 . 2011-10-07 15:28 -------- d-----w- c:\users\USERNAME\AppData\Roaming\VMware
2011-09-15 07:21 . 2011-10-07 15:31 -------- d-----w- c:\programdata\VMware
2011-09-14 13:44 . 2011-09-17 11:52 -------- d-----w- c:\users\USERNAME\AppData\Roaming\.minecraft
2011-09-14 10:13 . 2011-09-15 07:18 -------- d-----w- c:\users\USERNAME\VirtualBox VMs
2011-09-14 10:04 . 2011-09-15 07:21 -------- d-----w- c:\users\USERNAME\.VirtualBox
2011-09-14 10:04 . 2011-08-15 12:32 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-09-14 10:04 . 2011-09-14 10:04 -------- dc----w- c:\windows\system32\DRVSTORE
2011-09-14 10:04 . 2011-08-15 12:32 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-09-14 10:03 . 2011-09-14 10:03 -------- d-----w- c:\program files\Oracle
2011-09-13 11:20 . 2011-10-01 21:02 -------- d-----w- c:\program files (x86)\TunnelBear
2011-09-12 14:43 . 2011-09-12 14:43 -------- d-----w- c:\programdata\Logitech
2011-09-12 06:59 . 2011-09-12 06:59 -------- d-----w- c:\users\USERNAME\AppData\Local\Opera
2011-09-12 06:59 . 2011-09-12 06:59 -------- d-----w- c:\program files (x86)\Opera
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-28 09:46 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-22 09:52 . 2011-06-24 09:33 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-17 10:21 . 2011-09-03 20:42 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-09-13 00:26 . 2011-06-28 13:12 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-03 20:42 . 2011-09-03 20:42 53248 ----a-r- c:\users\USERNAME\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-08-25 10:17 . 2011-08-25 10:17 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-25 10:17 . 2011-08-25 10:17 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-25 10:17 . 2011-08-25 10:17 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-25 10:17 . 2011-08-25 10:17 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-25 10:17 . 2011-08-25 10:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-25 10:17 . 2011-08-25 10:17 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-08-25 10:17 . 2011-08-25 10:17 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-08-25 10:17 . 2011-08-25 10:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-25 10:17 . 2011-08-25 10:17 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-25 10:17 . 2011-08-25 10:17 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-25 10:17 . 2011-08-25 10:17 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-25 10:17 . 2011-08-25 10:17 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-25 10:17 . 2011-08-25 10:17 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-25 10:17 . 2011-08-25 10:17 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-25 10:17 . 2011-08-25 10:17 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-25 10:17 . 2011-08-25 10:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-25 10:17 . 2011-08-25 10:17 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-25 10:17 . 2011-08-25 10:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-25 10:17 . 2011-08-25 10:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-25 10:17 . 2011-08-25 10:17 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-25 10:17 . 2011-08-25 10:17 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-25 10:17 . 2011-08-25 10:17 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-25 10:17 . 2011-08-25 10:17 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-25 10:17 . 2011-08-25 10:17 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-08-25 10:17 . 2011-08-25 10:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-25 10:17 . 2011-08-25 10:17 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-08-25 10:17 . 2011-08-25 10:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-25 10:17 . 2011-08-25 10:17 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-25 10:17 . 2011-08-25 10:17 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-25 10:17 . 2011-08-25 10:17 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-25 10:17 . 2011-08-25 10:17 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-25 10:17 . 2011-08-25 10:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-25 10:17 . 2011-08-25 10:17 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-25 10:17 . 2011-08-25 10:17 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-25 10:17 . 2011-08-25 10:17 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-25 10:17 . 2011-08-25 10:17 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-25 10:17 . 2011-08-25 10:17 448512 ----a-w- c:\windows\system32\html.iec
2011-08-25 10:17 . 2011-08-25 10:17 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-25 10:17 . 2011-08-25 10:17 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-25 10:17 . 2011-08-25 10:17 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-25 10:17 . 2011-08-25 10:17 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-25 10:17 . 2011-08-25 10:17 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-15 12:32 . 2011-08-15 12:32 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-08-15 12:32 . 2011-08-15 12:32 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-15 12:32 . 2011-08-15 12:32 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-07-26 17:49 . 2011-07-26 17:49 37888 ----a-w- c:\windows\system32\drivers\taphss.sys
2011-07-16 05:41 . 2011-08-30 13:17 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-30 13:17 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-30 13:17 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-30 13:17 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-30 13:17 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-30 13:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-30 13:17 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-30 13:17 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:24 . 2011-08-30 13:17 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:24 . 2011-08-30 13:17 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:15 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-30 13:17 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-30 13:17 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-30 13:17 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-30 13:17 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-30 13:17 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\USERNAME\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-08 1242448]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-07 641400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-13 318520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DefaultLogonDomain"= Akershus-FK
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-573178753-3869741976-1425505419-177982\Scripts\Logon\0\0]
"Script"=\\akershus-fk.no\NETLOGON\Undervisning\LOGON00-Rettigheter bærbare til elever IV.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 136176]
R3 IntcDAud;Intel® Skjermlyd;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;c:\windows\system32\DRIVERS\Rtenic64.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-05-13 317496]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 10:59]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-21 10:59]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573178753-3869741976-1425505419-177982Core.job
- c:\users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 10:25]
.
2011-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-573178753-3869741976-1425505419-177982UA.job
- c:\users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-30 10:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Tilleggsskanning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://portalen.akershus-fk.no
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd til OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB
FF - ProfilePath - c:\users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=
.
- - - - TOMME PEKERE FJERNET - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tidspunkt ferdig: 2011-10-09 14:51:40
ComboFix-quarantined-files.txt 2011-10-09 12:51
.
Pre-Run: 22 571 888 640 byte ledig
Post-Run: 22 435 618 816 byte ledig
.
- - End Of File - - 0FDE212BE88272498C9038D4BAE401E1
DDS
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by USERNAME at 14:54:08 on 2011-10-09
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.1014 [GMT 2:00]
.
AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://portalen.akershus-fk.no
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [F.lux] "C:\Users\USERNAME\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DefaultLogonDomain = Akershus-FK
IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd til OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B40275966496 : DhcpNameServer = 148.83.249.50 148.83.249.51
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B402759664960274A6563747 : DhcpNameServer = 148.83.249.50 148.83.249.51
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\84A656D6D656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\D4E294E255E2C4 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2B9F5787-88A5-4945-90E7-C4B18563BC5E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-5-13 317496]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-8-27 156288]
S2 gupdate;Google-oppdatering-tjenesten (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]
S3 IntcDAud;Intel® Skjermlyd;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;C:\Windows\system32\DRIVERS\Rtenic64.sys --> C:\Windows\system32\DRIVERS\Rtenic64.sys [?]
S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-09 12:42:38 98816 ----a-w- C:\Windows\sed.exe
2011-10-09 12:42:38 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-09 12:42:38 256000 ----a-w- C:\Windows\PEV.exe
2011-10-09 12:42:38 208896 ----a-w- C:\Windows\MBR.exe
2011-10-09 08:24:56 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03E8C3E5-B15D-4312-8657-1ABEA5AC69B4}\offreg.dll
2011-10-08 18:51:56 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-10-08 18:51:48 -------- d-----w- C:\Users\USERNAME\SystemRequirementsLab
2011-10-08 15:45:34 -------- d-----w- C:\Program Files\CCleaner
2011-10-08 15:38:40 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03E8C3E5-B15D-4312-8657-1ABEA5AC69B4}\mpengine.dll
2011-10-07 17:16:31 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\GameRanger
2011-10-07 16:44:09 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2011-10-01 19:49:53 -------- d-----w- C:\Users\USERNAME\AppData\Local\Spotify
2011-10-01 19:49:38 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Spotify
2011-09-30 08:43:08 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple Computer
2011-09-30 08:41:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple
2011-09-28 09:50:59 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.purple
2011-09-28 09:50:37 -------- d-----w- C:\Program Files (x86)\Pidgin
2011-09-28 09:45:58 -------- d-----w- C:\Users\USERNAME\AppData\Local\Windows Live
2011-09-28 09:45:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-09-28 07:05:25 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-25 14:27:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-09-25 10:55:31 -------- d-----w- C:\Program Files (x86)\NoVirusThanks
2011-09-21 10:14:42 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Mount&Blade Warband
2011-09-21 10:08:40 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2
2011-09-21 09:58:51 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-09-21 09:58:46 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2011-09-21 09:56:52 -------- d-----w- C:\Program Files (x86)\Mount&Blade Warband
2011-09-19 06:59:13 29696 ----a-w- C:\Windows\System32\drivers\tap0901.sys
2011-09-16 07:35:19 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-09-16 07:33:40 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\uTorrent
2011-09-16 07:33:40 -------- d-----w- C:\Users\USERNAME\AppData\Local\uTorrent
2011-09-16 07:18:38 -------- d-----w- C:\Program Files (x86)\proXPN
2011-09-15 07:26:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\VMware
2011-09-14 13:44:14 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.minecraft
2011-09-14 10:13:11 -------- d-----w- C:\Users\USERNAME\VirtualBox VMs
2011-09-14 10:04:58 -------- d-----w- C:\Users\USERNAME\.VirtualBox
2011-09-14 10:04:07 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-09-14 10:04:00 128816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-09-14 10:03:53 -------- d-----w- C:\Program Files\Oracle
2011-09-13 11:20:49 -------- d-----w- C:\Program Files (x86)\TunnelBear
2011-09-12 06:59:06 -------- d-----w- C:\Users\USERNAME\AppData\Local\Opera
.
==================== Find3M ====================
.
2011-09-22 09:52:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-17 10:21:24 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-08-15 12:32:10 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-08-15 12:32:10 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-08-15 12:32:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2011-07-26 17:49:12 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 14:54:28,74 ===============
-
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Databaseversjon: 7879
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
05.10.2011 19:47:01
mbam-log-2011-10-05 (19-47-01).txt
Skanntype: Hurtigsøk
Objekter skannet: 176789
Tid tilbakelagt: 2 minutt(er), 42 sekund(er)
Minneprosesser infisert: 0
Minnemoduler infisert: 0
Registernøkler infisert: 0
Registerverdier infisert: 0
Registerfiler infisert: 0
Mapper infisert: 0
Filer infisert 0
Minneprosesser infisert:
(Ingen skadelige objekter funnet)
Minnemoduler infisert:
(Ingen skadelige objekter funnet)
Registernøkler infisert:
(Ingen skadelige objekter funnet)
Registerverdier infisert:
(Ingen skadelige objekter funnet)
Registerfiler infisert:
(Ingen skadelige objekter funnet)
Mapper infisert:
(Ingen skadelige objekter funnet)
Filer infisert
(Ingen skadelige objekter funnet)
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by USERNAME at 19:48:48 on 2011-10-05
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.47.1044.18.1982.829 [GMT 2:00]
.
AV: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection 2010 *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\USERNAME\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\scrnsave.scr
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by Akershus Fylkeskommune
uStart Page = hxxp://portalen.akershus-fk.no
uDefault_Page_URL = hxxp://portalen.akershus-fk.no
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: Påloggingshjelp for Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\USERNAME\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [F.lux] "C:\Users\USERNAME\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DefaultLogonDomain = Akershus-FK
IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd til OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
DPF: DirectEdit - hxxps://support.itslearning.com/browsertest/components/DirectEdit.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B40275966496 : DhcpNameServer = 148.83.249.50 148.83.249.51
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\14B6562737865737D264B402759664960274A6563747 : DhcpNameServer = 148.83.249.50 148.83.249.51
TCP: Interfaces\{F57E8DEF-B6C9-4922-A539-91F6FD186B73}\D4E294E255E2C4 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{2B9F5787-88A5-4945-90E7-C4B18563BC5E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\psm2bo5w.default\
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Users\USERNAME\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-5-13 317496]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-3-25 539248]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-8-27 156288]
S2 gupdate;Google-oppdatering-tjenesten (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-21 136176]
S3 IntcDAud;Intel® Skjermlyd;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;C:\Windows\system32\DRIVERS\Rtenic64.sys --> C:\Windows\system32\DRIVERS\Rtenic64.sys [?]
S3 StorSvc;Oppbevaringstjeneste;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys --> C:\Windows\system32\drivers\Synth3dVsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-05 16:33:31 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{446AB021-1DF4-4553-A28A-9D90891ABC2D}\offreg.dll
2011-10-05 16:33:22 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{446AB021-1DF4-4553-A28A-9D90891ABC2D}\mpengine.dll
2011-10-01 19:49:53 -------- d-----w- C:\Users\USERNAME\AppData\Local\Spotify
2011-10-01 19:49:38 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Spotify
2011-09-30 08:43:08 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple Computer
2011-09-30 08:41:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\Apple
2011-09-28 09:50:59 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.purple
2011-09-28 09:50:37 -------- d-----w- C:\Program Files (x86)\Pidgin
2011-09-28 09:45:58 -------- d-----w- C:\Users\USERNAME\AppData\Local\Windows Live
2011-09-28 09:45:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-09-28 07:05:25 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-09-25 14:27:28 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2011-09-25 10:55:31 -------- d-----w- C:\Program Files (x86)\NoVirusThanks
2011-09-21 10:14:42 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\Mount&Blade Warband
2011-09-21 10:08:40 -------- d-----w- C:\Program Files (x86)\VirusTotalUploader2
2011-09-21 09:58:51 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2011-09-21 09:58:46 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2011-09-21 09:56:52 -------- d-----w- C:\Program Files (x86)\Mount&Blade Warband
2011-09-19 06:59:13 29696 ----a-w- C:\Windows\System32\drivers\tap0901.sys
2011-09-16 07:35:19 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-09-16 07:33:40 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\uTorrent
2011-09-16 07:33:40 -------- d-----w- C:\Users\USERNAME\AppData\Local\uTorrent
2011-09-16 07:18:38 -------- d-----w- C:\Program Files (x86)\proXPN
2011-09-15 07:26:39 -------- d-----w- C:\Users\USERNAME\AppData\Local\VMware
2011-09-15 07:23:21 81008 ----a-w- C:\Windows\System32\drivers\vmci.sys
2011-09-15 07:23:18 68720 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2011-09-15 07:22:46 334448 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2011-09-15 07:22:41 404080 ----a-w- C:\Windows\SysWow64\vmnat.exe
2011-09-15 07:22:41 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2011-09-15 07:22:35 968816 ----a-w- C:\Windows\System32\vnetlib64.dll
2011-09-15 07:22:13 31856 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2011-09-15 07:22:11 38512 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2011-09-15 07:21:48 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2011-09-15 07:21:25 -------- d-----w- C:\Program Files (x86)\VMware
2011-09-14 13:44:14 -------- d-----w- C:\Users\USERNAME\AppData\Roaming\.minecraft
2011-09-14 10:13:11 -------- d-----w- C:\Users\USERNAME\VirtualBox VMs
2011-09-14 10:04:58 -------- d-----w- C:\Users\USERNAME\.VirtualBox
2011-09-14 10:04:07 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-09-14 10:04:00 128816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-09-14 10:03:53 -------- d-----w- C:\Program Files\Oracle
2011-09-13 11:20:49 -------- d-----w- C:\Program Files (x86)\TunnelBear
2011-09-12 06:59:06 -------- d-----w- C:\Users\USERNAME\AppData\Local\Opera
2011-09-08 12:13:11 -------- d-----w- C:\Users\USERNAME\AppData\Local\Diagnostics
2011-09-08 07:00:24 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2DB06253-C2D9-4C12-BD94-E077B637C2F6}\gapaengine.dll
2011-09-07 10:14:55 -------- d-----w- C:\Program Files\Paint.NET
2011-09-07 10:14:40 -------- d-----w- C:\Users\USERNAME\AppData\Local\Paint.NET
2011-09-07 10:00:29 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2011-09-07 10:00:25 -------- d-----w- C:\Program Files (x86)\Steam
2011-09-06 09:51:36 -------- d-----r- C:\Program Files (x86)\Skype
2011-09-06 07:47:38 -------- d-----w- C:\Users\USERNAME\AppData\Local\DOSBox
2011-09-06 07:47:26 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
.
==================== Find3M ====================
.
2011-09-22 09:52:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-17 10:21:24 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-08-15 12:32:10 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-08-15 12:32:10 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-08-15 12:32:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2011-07-26 17:49:12 37888 ----a-w- C:\Windows\System32\drivers\taphss.sys
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 19:49:45,26 ===============
Thanks
-
I was one of the 3.000 lucky
Maybe this is how Microsoft should kill off IE6
-
I got myself infected with some malware by accident (friend of mine ran it). The malware file was from here:
hxxp://hotelcrystalpark.com/firefox_1/download_firefox_6.0.1.php
I scanned with MBAM and it detected Trojan.Fakealert then scanned with MSE and it found the following:
Trojan:DOS/Alureon.C
Items:
boot:\Device\Harddisk0\DR0
boot:\Device\Harddisk0\DR0\(MBR)
PWS:Win32/Zbot
Items:
containerfile:C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\14.0.835.186\Installer\chrome.7z
file:C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\14.0.835.186\Installer\chrome.7z->Chrome-bin/chrome.exe
file:C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\chrome.exe
file:C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\old_chrome.exe
regkey:HKCU@S-1-5-21-573178753-3869741976-1425505419-177982\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Google Chrome
uninstall:HKCU@S-1-5-21-573178753-3869741976-1425505419-177982\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Google Chrome
TrojanDownload:Win32/Karagany.C
Items:
file:C:\Users\USERNAME\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0021f8
file:C:\Users\USERNAME\AppData\Local\Opera\Opera\cache\g_0016\opr0026Z.tmp
Removed everything that was detected of course. I have no symptoms now, I just wanted to make sure I'm not infected anymore.
Feel free to take your time with this topic, and thanks a lot for your time.
-
Hello
-
MBAM will not be wrapped in this, I confirmed this a few days ago. I am going to see about getting a public statement up to reassure our users.
That's good
I'll also be using filehippo from now on.
-
Update: Not every program is currently being wrapped — but they will be wrapped once a new version of a program is uploaded and distributed via Download.com.
As of the Extreme Tech article.
So when a new version of Mbam is released at Download.com it will be, unless Malwarebytes signs up for a premium subscription.
http://cnet-upload.custhelp.com/app/answers/detail/a_id/2064
-
...The real problem here however is that the web installer is pushing the Babylon toolbar. Users who do not pay attention to the download process will install the Babylon Toolbar, make Babylon their default search engine and homepage of their browsers....Now, things have taken a turn for the worse: Cnet has begun wrapping downloads in a proprietary installer.
Wrapping installers is a terrible practice. For one thing, it can be a violation of a program’s distribution terms — but Download.com has no doubt ensured that its TOS states that if you let them mirror your files you’re giving them free reign. It’s also a serious slap in the face to users, who wind up not with a clean, genuine version of the installer they tried to download but a modified beast that shoves toolbars, home page, and default search engines changes down their throats.
-
I heard spam levels are dropping though.
-
Hewlett-Packard Co. (HPQ) is planning a sweeping overhaul of its businesses, agreeing to buy Autonomy Corp. for $10.3 billion and weighing a breakup that would unravel the much-debated Compaq Computer Corp. purchase.
Autonomy shareholders will receive $42.11 a share, Palo Alto, California-based Hewlett-Packard said in a statement. That represents a 64 percent premium over Autonomy’s closing share price yesterday. Hewlett-Packard also said it’s considering spinning off its PC division and that it will discontinue products that run WebOS software. Hewlett-Packard shares dropped after the company issued forecasts that missed estimates.
utzcertified.org
in Website Blocking
Posted
Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 04/08/2020 Protection Event Time: 22:21 Log File: 1dc9255a-d690-11ea-a546-74d4351f2542.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.990 Update Package Version: 1.0.27937 Licence: Trial -System Information- OS: Windows 10 (Build 19041.388) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Phishing Domain: utzcertified.org IP Address: 95.170.87.53 Port: 443 Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)
Hi!
Guessing that this is a false positive? https://www.virustotal.com/gui/url/cf94a6eb1c7c2072d95432ae2c1c03779e367e5cf0208a7217f909beda087f4a/detection
Cheers!