Spywarefri Forum | Lukker ned lige efter jeg har logget på

1 af 2

Lukker ned lige efter jeg har logget på

[ Ignorer ] JFK
18.07.2012 16:11:09 Antal indlæg: 13	Hej, Det lader til, at jeg har fået samme problem, som Thosen49, dog er jeg stadig i tvivl omkring løsningen af problemet. Min computer lukker ned efter jeg lige har logget på, og der kommer også her en dialogboks frem, hvor der står: “Windows har funder et alvorligt problem og genstartes automatisk om et minut. Gem dit arbejde nu” Jeg har windows 7 - og 64 bit. Og jeg har allerede lavet en farbar recovery scan tool nedenfor, håber I kan være behjælpelige: Scan result of Farbar Recovery Scan Tool Version: 15-07-2012 Ran by SYSTEM at 18-07-2012 16:05:13 Running from H:\ Windows 7 Home Premium (X64) OS Language: Danish The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation) HKLM\...\Run: [MSC] “C:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey [1271168 2012-03-26] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe” [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe” [37296 2012-03-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe” [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] “D:\iTunes\iTunesHelper.exe” [x] Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\Parameters: [DhcpNameServer] 212.10.10.4 212.10.24.252 212.10.10.5 ==================== Services (Whitelisted) ====== 2 MsMpSvc; “C:\Program Files\Microsoft Security Client\MsMpEng.exe” [12600 2012-03-26] (Microsoft Corporation) 3 NisSrv; “C:\Program Files\Microsoft Security Client\NisSrv.exe” [291696 2012-03-26] (Microsoft Corporation) 2 vToolbarUpdater11.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [935480 2012-06-05] () ========================== Drivers (Whitelisted) ============= 3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [32256 2009-07-07] (http://libusb-win32.sourceforge.net) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-18 14:40 - 2012-07-18 14:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.43D2CADD91E5F7B2 2012-07-18 14:39 - 2012-07-18 14:40 - 04581501 ____R (Swearware) C:\Users\acer\Downloads\ComboFix(4).exe 2012-07-18 14:37 - 2012-07-18 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE7754A08E60CAA3 2012-07-18 14:36 - 2012-07-18 14:36 - 04581501 ____A (Swearware) C:\Users\acer\Downloads\ComboFix(3).exe 2012-07-18 14:33 - 2012-07-18 14:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.62D0ECAAE8E9AD17 2012-07-18 14:30 - 2012-07-18 14:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E49C580268C2058 2012-07-18 14:29 - 2012-07-18 14:29 - 04581501 ____A (Swearware) C:\Users\acer\Downloads\ComboFix(2).exe 2012-07-18 14:26 - 2012-07-18 14:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.298BF240F243E602 2012-07-18 14:22 - 2012-07-18 14:22 - 04581501 ____A (Swearware) C:\Users\acer\Downloads\ComboFix.exe 2012-07-18 14:22 - 2012-07-18 14:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FF192BD2FF7ACE56 2012-07-18 14:19 - 2012-07-18 14:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.70BC4822B9CE499D 2012-07-18 14:15 - 2012-07-18 14:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8C8C0634FE94FAB 2012-07-18 14:12 - 2012-07-18 14:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E5A98A3ECA9B123A 2012-07-18 14:09 - 2012-07-18 14:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DD86DBE3FB7A2E95 2012-07-18 14:05 - 2012-07-18 14:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9259C3D5A159192C 2012-07-18 14:02 - 2012-07-18 14:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F76A878F8B499051 2012-07-18 13:57 - 2012-07-18 13:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.378A9A77F622A390 2012-07-18 13:54 - 2012-07-18 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9269F1E955419B46 2012-07-18 13:50 - 2012-07-18 13:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C54107CB4E2D0137 2012-07-18 13:47 - 2012-07-18 14:40 - 00000000 ___SD C:\32788R22FWJFW 2012-07-18 13:47 - 2012-07-18 13:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.77FC8534ED7BD9D8 2012-07-18 13:47 - 2012-07-18 13:47 - 00000000 ____D C:\Windows\erdnt 2012-07-18 13:47 - 2012-07-18 13:47 - 00000000 ____D C:\Qoobox 2012-07-18 13:44 - 2012-07-18 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E62FE73948325E3E 2012-07-18 13:44 - 2012-07-18 13:41 - 04581501 ____R (Swearware) C:\Users\acer\Desktop\ComboFix.exe 2012-07-18 07:43 - 2012-07-18 07:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0ACFA960C448648C 2012-07-18 07:40 - 2012-07-18 07:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C783AB4F26538DF9 2012-07-18 07:36 - 2012-07-18 07:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E8A979791C1B741 2012-07-18 07:33 - 2012-07-18 07:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0EFA911E55EEEDF6 2012-07-18 07:29 - 2012-07-18 07:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A4F183292C0508F9 2012-07-18 07:25 - 2012-07-18 07:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9802838B2CAC6A1 2012-07-16 16:32 - 2012-07-16 16:32 - 00000000 ____D C:\FRST 2012-07-16 15:56 - 2012-07-16 15:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27E841921B95863D 2012-07-16 15:52 - 2012-07-16 15:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F2E4A3804778A2C9 2012-07-16 15:48 - 2012-07-16 15:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.01B1BF4A3DC6F449 2012-07-16 14:58 - 2012-07-16 14:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C8A31849ADCBA067 2012-07-15 18:45 - 2012-07-15 18:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B11F0FF636DB9E8 2012-07-15 18:41 - 2012-07-15 18:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BDCE1C881BF0921D 2012-07-15 18:37 - 2012-07-15 18:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9BFB9427F04CBDFE 2012-07-15 18:33 - 2012-07-15 18:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07112C6502A27372 2012-07-15 18:29 - 2012-07-15 18:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.15AC4D009DECF303 2012-07-15 18:24 - 2012-07-15 18:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4EF7D6D2C96AE080 2012-07-15 18:18 - 2012-07-15 18:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF54AAD0FCC7B93D 2012-07-15 18:14 - 2012-07-15 18:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F3B40E8493CDA7EE 2012-07-15 14:32 - 2012-07-15 14:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B3D6DE6A756A990B 2012-07-15 14:24 - 2012-07-15 14:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D28E6CE1A7B1573 2012-07-15 14:16 - 2012-07-15 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.223ECBC430C8E2B2 2012-07-15 14:12 - 2012-07-15 14:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E116B12B9BF53F93 2012-07-15 14:06 - 2012-07-15 14:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9E9E350263A1479E 2012-07-15 13:53 - 2012-07-15 13:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.762BF33417600E08 2012-07-15 13:53 - 2012-07-15 13:40 - 01436595 ____A (Farbar) C:\Users\acer\Desktop\FRST64.exe 2012-07-15 13:49 - 2012-07-15 13:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6AFA37D17DA3F6D7 2012-07-15 13:44 - 2012-07-15 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9D85EA22E6EB8C1 2012-07-11 14:30 - 2012-07-11 14:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.86D103BA368995CF 2012-07-11 14:26 - 2012-07-11 14:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C37C41A2AFCF489A 2012-07-11 14:23 - 2012-07-11 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DEC0F3B881DED418 2012-07-11 14:19 - 2012-07-11 14:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14F3D44A36B6C90F 2012-07-11 14:16 - 2012-07-11 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCAAB0B7863BB133 2012-07-11 14:12 - 2012-07-11 14:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D7D5486E532E276E 2012-07-11 14:08 - 2012-07-11 14:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C45D02C1E6A43FFD 2012-07-11 14:05 - 2012-07-11 14:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A528C77B145BCDD 2012-07-11 14:01 - 2012-07-11 14:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.057F20D1E19C8D57 2012-07-11 13:58 - 2012-07-11 13:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B2FE9DF54AA16C84 2012-07-11 13:54 - 2012-07-11 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6E9CA8C5B7C54177 2012-07-11 13:50 - 2012-07-11 13:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5C9BB2EC0498098 2012-07-11 13:46 - 2012-07-11 13:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E65B6066AC1D6948 2012-07-11 13:43 - 2012-07-11 13:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CA2D400D3094535B 2012-07-10 20:05 - 2012-07-10 20:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9FE56F43148CD7D 2012-07-10 20:01 - 2012-07-10 20:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D298A2CF1948F40F 2012-07-10 19:57 - 2012-07-10 19:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9E4D36F3F5E7C71 2012-07-10 19:53 - 2012-07-10 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6792AD168918E59 2012-07-10 19:49 - 2012-07-10 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.698A2E69B01F165D 2012-07-08 20:04 - 2012-07-08 20:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client 2012-07-08 20:03 - 2012-07-08 20:04 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-07-08 20:03 - 2012-07-08 20:03 - 12632960 ____A (Microsoft Corporation) C:\Users\acer\Downloads\mseinstall.exe 2012-07-08 19:54 - 2012-07-08 19:54 - 00000000 ____D C:\Users\acer\AppData\Local\Mozilla 2012-07-08 19:52 - 2012-07-08 19:52 - 00067872 ____A C:\Users\acer\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-08 19:52 - 2012-07-08 19:52 - 00005765 ____A C:\Windows\SysWOW64\commonpriv.log 2012-07-08 19:52 - 2012-07-08 19:52 - 00000000 ____D C:\Users\acer\AppData\Local\VirtualStore 2012-07-08 19:52 - 2012-07-08 19:52 - 00000000 ____A C:\Windows\SysWOW64\commonpriv.log.lock 2012-06-19 20:29 - 2011-09-20 16:26 - 00039580 ____A C:\Users\acer\Desktop\Værdiansættelse.xlsx ============ 3 Months Modified Files ======================== 2012-07-18 14:42 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-18 14:42 - 2009-07-14 05:51 - 00145408 ____A C:\Windows\setupact.log 2012-07-18 14:40 - 2012-07-18 14:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.43D2CADD91E5F7B2 2012-07-18 14:40 - 2012-07-18 14:39 - 04581501 ____R (Swearware) C:\Users\acer\Downloads\ComboFix(4).exe 2012-07-18 14:37 - 2012-07-18 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE7754A08E60CAA3 2012-07-18 14:36 - 2012-07-18 14:36 - 04581501 ____A (Swearware) C:\Users\acer\Downloads\ComboFix(3).exe 2012-07-18 14:33 - 2012-07-18 14:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.62D0ECAAE8E9AD17 2012-07-18 14:30 - 2012-07-18 14:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E49C580268C2058 2012-07-18 14:29 - 2012-07-18 14:29 - 04581501 ____A (Swearware) C:\Users\acer\Downloads\ComboFix(2).exe 2012-07-18 14:26 - 2012-07-18 14:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.298BF240F243E602 2012-07-18 14:22 - 2012-07-18 14:22 - 04581501 ____A (Swearware) C:\Users\acer\Downloads\ComboFix.exe 2012-07-18 14:22 - 2012-07-18 14:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FF192BD2FF7ACE56 2012-07-18 14:19 - 2012-07-18 14:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.70BC4822B9CE499D 2012-07-18 14:15 - 2012-07-18 14:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8C8C0634FE94FAB 2012-07-18 14:12 - 2012-07-18 14:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E5A98A3ECA9B123A 2012-07-18 14:09 - 2012-07-18 14:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DD86DBE3FB7A2E95 2012-07-18 14:05 - 2012-07-18 14:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9259C3D5A159192C 2012-07-18 14:02 - 2012-07-18 14:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F76A878F8B499051 2012-07-18 13:57 - 2012-07-18 13:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.378A9A77F622A390 2012-07-18 13:54 - 2012-07-18 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9269F1E955419B46 2012-07-18 13:50 - 2012-07-18 13:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C54107CB4E2D0137 2012-07-18 13:47 - 2012-07-18 13:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.77FC8534ED7BD9D8 2012-07-18 13:45 - 2009-07-14 08:34 - 00474348 ____A C:\Windows\System32\perfh006.dat 2012-07-18 13:45 - 2009-07-14 08:34 - 00082090 ____A C:\Windows\System32\perfc006.dat 2012-07-18 13:45 - 2009-07-14 06:13 - 01276860 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-18 13:44 - 2012-07-18 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E62FE73948325E3E 2012-07-18 13:41 - 2012-07-18 13:44 - 04581501 ____R (Swearware) C:\Users\acer\Desktop\ComboFix.exe 2012-07-18 07:43 - 2012-07-18 07:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0ACFA960C448648C 2012-07-18 07:40 - 2012-07-18 07:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C783AB4F26538DF9 2012-07-18 07:36 - 2012-07-18 07:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E8A979791C1B741 2012-07-18 07:33 - 2012-07-18 07:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0EFA911E55EEEDF6 2012-07-18 07:29 - 2012-07-18 07:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A4F183292C0508F9 2012-07-18 07:25 - 2012-07-18 07:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9802838B2CAC6A1 2012-07-16 15:56 - 2012-07-16 15:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.27E841921B95863D 2012-07-16 15:52 - 2012-07-16 15:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F2E4A3804778A2C9 2012-07-16 15:48 - 2012-07-16 15:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.01B1BF4A3DC6F449 2012-07-16 14:58 - 2012-07-16 14:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C8A31849ADCBA067 2012-07-15 18:45 - 2012-07-15 18:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B11F0FF636DB9E8 2012-07-15 18:41 - 2012-07-15 18:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BDCE1C881BF0921D 2012-07-15 18:37 - 2012-07-15 18:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9BFB9427F04CBDFE 2012-07-15 18:35 - 2009-07-14 06:08 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-15 18:33 - 2012-07-15 18:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07112C6502A27372 2012-07-15 18:29 - 2012-07-15 18:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.15AC4D009DECF303 2012-07-15 18:24 - 2012-07-15 18:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4EF7D6D2C96AE080 2012-07-15 18:18 - 2012-07-15 18:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF54AAD0FCC7B93D 2012-07-15 18:14 - 2012-07-15 18:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F3B40E8493CDA7EE 2012-07-15 14:32 - 2012-07-15 14:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B3D6DE6A756A990B 2012-07-15 14:24 - 2012-07-15 14:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D28E6CE1A7B1573 2012-07-15 14:16 - 2012-07-15 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.223ECBC430C8E2B2 2012-07-15 14:12 - 2012-07-15 14:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E116B12B9BF53F93 2012-07-15 14:06 - 2012-07-15 14:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9E9E350263A1479E 2012-07-15 13:53 - 2012-07-15 13:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.762BF33417600E08 2012-07-15 13:49 - 2012-07-15 13:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6AFA37D17DA3F6D7 2012-07-15 13:44 - 2012-07-15 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C9D85EA22E6EB8C1 2012-07-15 13:40 - 2012-07-15 13:53 - 01436595 ____A (Farbar) C:\Users\acer\Desktop\FRST64.exe 2012-07-11 14:30 - 2012-07-11 14:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.86D103BA368995CF 2012-07-11 14:26 - 2012-07-11 14:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C37C41A2AFCF489A 2012-07-11 14:23 - 2012-07-11 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DEC0F3B881DED418 2012-07-11 14:19 - 2012-07-11 14:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.14F3D44A36B6C90F 2012-07-11 14:16 - 2012-07-11 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CCAAB0B7863BB133 2012-07-11 14:12 - 2012-07-11 14:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D7D5486E532E276E 2012-07-11 14:08 - 2012-07-11 14:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C45D02C1E6A43FFD 2012-07-11 14:05 - 2012-07-11 14:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A528C77B145BCDD 2012-07-11 14:01 - 2012-07-11 14:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.057F20D1E19C8D57 2012-07-11 13:58 - 2012-07-11 13:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B2FE9DF54AA16C84 2012-07-11 13:54 - 2012-07-11 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6E9CA8C5B7C54177 2012-07-11 13:50 - 2012-07-11 13:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A5C9BB2EC0498098 2012-07-11 13:46 - 2012-07-11 13:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E65B6066AC1D6948 2012-07-11 13:43 - 2012-07-11 13:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CA2D400D3094535B 2012-07-10 20:05 - 2012-07-10 20:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9FE56F43148CD7D 2012-07-10 20:01 - 2012-07-10 20:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D298A2CF1948F40F 2012-07-10 20:00 - 2010-05-07 09:34 - 01855274 ____A C:\Windows\WindowsUpdate.log 2012-07-10 19:57 - 2012-07-10 19:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9E4D36F3F5E7C71 2012-07-10 19:53 - 2012-07-10 19:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6792AD168918E59 2012-07-10 19:49 - 2012-07-10 19:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.698A2E69B01F165D 2012-07-08 20:09 - 2009-07-14 05:45 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-08 20:09 - 2009-07-14 05:45 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-08 20:04 - 2011-01-25 20:46 - 01296860 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2012-07-08 20:04 - 2011-01-25 20:46 - 00001912 ____A C:\Windows\epplauncher.mif 2012-07-08 20:03 - 2012-07-08 20:03 - 12632960 ____A (Microsoft Corporation) C:\Users\acer\Downloads\mseinstall.exe 2012-07-08 19:57 - 2010-05-20 21:14 - 00054304 ____A C:\Windows\PFRO.log 2012-07-08 19:52 - 2012-07-08 19:52 - 00067872 ____A C:\Users\acer\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-08 19:52 - 2012-07-08 19:52 - 00005765 ____A C:\Windows\SysWOW64\commonpriv.log 2012-07-08 19:52 - 2012-07-08 19:52 - 00000000 ____A C:\Windows\SysWOW64\commonpriv.log.lock 2012-07-04 19:50 - 2010-08-06 08:54 - 00786943 ____A C:\Users\acer\danid.log 2012-06-18 15:32 - 2012-01-23 13:35 - 00002014 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-06-13 09:04 - 2009-07-14 05:45 - 00306640 ____A C:\Windows\System32\FNTCACHE.DAT 2012-06-13 07:55 - 2010-05-23 13:25 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-06-08 14:40 - 2011-06-21 17:20 - 00001013 ____A C:\Users\acer\Desktop\Dropbox.lnk 2012-06-06 21:13 - 2010-08-06 08:54 - 01059270 ____A C:\Users\acer\danid.log.1 2012-06-05 20:19 - 2012-06-05 20:19 - 03879712 ____A (AVG Technologies) C:\Users\acer\Downloads\avg_free_stb_all_2012_2178_cnet.exe 2012-06-05 19:57 - 2012-06-05 19:57 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-06-05 19:57 - 2011-06-07 21:04 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-06-04 14:02 - 2012-06-04 14:01 - 76761968 ____A (Apple Inc.) C:\Users\acer\Downloads\iTunes64Setup(2).exe 2012-06-04 10:51 - 2012-06-04 10:50 - 76761968 ____A (Apple Inc.) C:\Users\acer\Downloads\iTunes64Setup.exe 2012-06-04 10:07 - 2012-06-04 10:06 - 74982768 ____A (Apple Inc.) C:\Users\acer\Downloads\iTunesSetup(2).exe 2012-05-18 03:47 - 2012-06-13 07:45 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-05-18 03:16 - 2012-06-13 07:45 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-05-18 03:06 - 2012-06-13 07:45 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-05-18 02:59 - 2012-06-13 07:46 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-18 02:59 - 2012-06-13 07:46 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-05-18 02:58 - 2012-06-13 07:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-05-18 02:58 - 2012-06-13 07:45 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-05-18 02:56 - 2012-06-13 07:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-18 02:55 - 2012-06-13 07:46 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-05-18 02:55 - 2012-06-13 07:45 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-05-18 02:54 - 2012-06-13 07:46 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-05-18 02:51 - 2012-06-13 07:46 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-05-18 02:51 - 2012-06-13 07:46 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-05-18 02:47 - 2012-06-13 07:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-05-18 00:11 - 2012-06-13 07:45 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-05-17 23:48 - 2012-06-13 07:45 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-05-17 23:45 - 2012-06-13 07:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-05-17 23:36 - 2012-06-13 07:46 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-05-17 23:35 - 2012-06-13 07:46 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-05-17 23:35 - 2012-06-13 07:45 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-05-17 23:33 - 2012-06-13 07:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-05-17 23:31 - 2012-06-13 07:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-05-17 23:29 - 2012-06-13 07:46 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-05-17 23:29 - 2012-06-13 07:45 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-05-17 23:27 - 2012-06-13 07:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-05-17 23:25 - 2012-06-13 07:46 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-05-17 23:24 - 2012-06-13 07:46 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-05-17 23:20 - 2012-06-13 07:46 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-05-15 02:32 - 2012-06-12 19:52 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-05-04 12:06 - 2012-06-12 19:52 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 11:03 - 2012-06-12 19:52 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 11:03 - 2012-06-12 19:52 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-01 06:40 - 2012-06-12 19:52 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-28 04:55 - 2012-06-12 19:52 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-26 06:41 - 2012-06-12 19:52 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-26 06:41 - 2012-06-12 19:52 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-26 06:34 - 2012-06-12 19:52 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-04-24 06:37 - 2012-06-12 19:51 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-24 06:37 - 2012-06-12 19:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-24 06:37 - 2012-06-12 19:51 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-24 05:36 - 2012-06-12 19:51 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-04-24 05:36 - 2012-06-12 19:51 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-04-24 05:36 - 2012-06-12 19:51 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll ZeroAccess: C:\Windows\Installer\{eef30b76-5c69-6924-8fc8-5f1985968b27} C:\Windows\Installer\{eef30b76-5c69-6924-8fc8-5f1985968b27}\L C:\Windows\Installer\{eef30b76-5c69-6924-8fc8-5f1985968b27}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: “%1” %* => OK ========================= Memory info ====================== Percentage of memory in use: 14% Total physical RAM: 4027.79 MB Available physical RAM: 3430.78 MB Total Pagefile: 4025.94 MB Available Pagefile: 3422.54 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:100.48 GB) (Free:51.94 GB) NTFS 2 Drive e: () (Fixed) (Total:355.41 GB) (Free:350.99 GB) NTFS 3 Drive f: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:2.03 GB) FAT32 5 Drive h: () (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 7 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Disk ### Status Str. Ledig Dyn GPT ——————————- ———- ———- —- —- Disk 0 Online 465 GB 0 B Disk 1 Online 1912 MB 0 B Partitions of Disk 0: =============== Partition ### Type Str. Forskydning ——————- ———————————- —————- Partition 1 Genoprettelse 9 GB 1024 KB Partition 2 Prim‘r 100 MB 9 GB Partition 3 Prim‘r 100 GB 9 GB Partition 4 Prim‘r 355 GB 110 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Skjult: Ja Aktiv : Nej Forskydning i byte: 1048576 Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 4 F PQSERVICE FAT32 Partition 9 GB I orden Skjult ================================================================================== Disk: 0 Partition 2 Type : 07 Skjult: Nej Aktiv : Ja Forskydning i byte: 10486808576 Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 1 Y NTFS Partition 100 MB I orden ================================================================================== Disk: 0 Partition 3 Type : 07 Skjult: Nej Aktiv : Nej Forskydning i byte: 10591666176 Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 2 C NTFS Partition 100 GB I orden ================================================================================== Disk: 0 Partition 4 Type : 07 Skjult: Nej Aktiv : Nej Forskydning i byte: 118484893696 Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 3 E NTFS Partition 355 GB I orden ================================================================================== Partitions of Disk 1: =============== Partition ### Type Str. Forskydning ——————- ———————————- —————- Partition 1 Prim‘r 1911 MB 32 KB ================================================================================== Disk: 1 Partition 1 Type : 0C Skjult: Nej Aktiv : Ja Forskydning i byte: 32768 Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 5 H FAT32 Flytbar 1911 MB I orden ================================================================================== ========================================================== Last Boot: 2012-06-20 16:27 ======================= End Of Log ==========================
[ Ignorer ] [ # 1 ] Peder TeamSpywarefri
18.07.2012 18:27:39 Redaktør Team Spywarefri Antal indlæg: 14028	Velkommen til Spywarefri. Start PCen som da du lavede FRST.txt. Start FRST. Skriv nedenstående i boksen efter “Search:”. services.exe Klik på Search File(s) knappen, og kopier loggen (Search.txt) herind. Signatur Kaffen er drukket Kassen er lukket Støtten gør mere nytte Hos de små og forknytte Børns Vilkår
[ Ignorer ] [ # 2 ] JFK
18.07.2012 20:03:14 Antal indlæg: 13	Her er resultatet: Farbar Recovery Scan Tool Version: 15-07-2012 Ran by SYSTEM at 2012-07-18 18:58:10 Running from H:\ ================== Search: “services.exe” =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
[ Ignorer ] [ # 3 ] Peder TeamSpywarefri
19.07.2012 09:19:17 Redaktør Team Spywarefri Antal indlæg: 14028	Der er vedhæftet en fil til dette indlæg Fixlist.txt. Klik med højre-musetast på ”Fixlist.txt” > Gem destination som > Gem den på din USB nøgle. Monter nøglen i den syge PC. Start PCen op med Kommando prompt. (Som før) Ved Kommando prompten starter du FRST64 (Farbar Recovery Scan Tool) og klikker på FIX (og venter til den er færdig) Den laver Fixlog.txt, som du skal kopiere herind i dit næste indlæg. Luk Farbar Recovery Scan Tool, og genstart PCen. >> Prøv så om du kan udføre dette. Hent “Malwarebytes’ Anti-Malware” Her Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav “Fuld system skan” under fanebladet “skanner” Bagefter klik på “vis resultater”, tryk på “ Fjern det valgte” gem loggen og send den herind. NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer. Vedhæftede filer Fixlist.txt (Filstørrelse: 1 - Downloads: 34) Signatur Kaffen er drukket Kassen er lukket Støtten gør mere nytte Hos de små og forknytte Børns Vilkår
[ Ignorer ] [ # 4 ] JFK
19.07.2012 11:49:14 Antal indlæg: 13	Hej igen, Her er log fra fixlist Farbar Recovery Scan Tool Version: 15-07-2012 Ran by SYSTEM at 2012-07-18 18:58:10 Running from H:\ ================== Search: “services.exe” =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
[ Ignorer ] [ # 5 ] JFK
19.07.2012 11:50:34 Antal indlæg: 13	Hov, jeg prøver lige igen Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-07-2012 Ran by SYSTEM at 2012-07-19 10:31:09 Run:2 Running from H:\ ============================================== C:\Windows\Installer\{eef30b76-5c69-6924-8fc8-5f1985968b27} moved successfully. c:\windows\system32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to c:\windows\system32\services.exe ==== End of Fixlog ====
[ Ignorer ] [ # 6 ] JFK
19.07.2012 11:51:41 Antal indlæg: 13	Og her er fra malwarebytes. Malwarebytes Anti-Malware (Prøveversion) 1.62.0.1300 http://www.malwarebytes.org Database version: v2012.07.19.06 Windows 7 Service Pack 1 x64 FAT32 Internet Explorer 9.0.8112.16421 acer :: ACER-PC [administrator] Beskyttelse: Slået til 19-07-2012 10:37:06 mbam-log-2012-07-19 (10-37-06).txt Skanningstype: Fuldstændig skanning (C:\\|D:\\|) Skanningsmuligheder valgt: Hukommelse \| Opstart \| Registreringsdatabasen \| Filsystem \| Heuristics/Ekstra \| Heuristics/Shuriken \| PUP \| PUM Skanningsmuligheder som er deaktiverede: P2P Objekter skannet: 303052 Tid gået: 47 minut(ter), 37 sekund(er) Hukommelses Processorer Inficeret: 0 (Ingen skadelige objekter blev fundet) Hukommelses Moduler Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabasenøgler Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabaseværdier Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabasedata Objekter Inficeret: 0 (Ingen skadelige objekter blev fundet) Inficerede Mapper: 0 (Ingen skadelige objekter blev fundet) Inficerede Filer: 1 C:\Qoobox\Quarantine\C\Windows\Installer\{eef30b76-5c69-6924-8fc8-5f1985968b27}\U\800000cb.@.vir (Rootkit.0Access) -> Sat i karantæne og slettet succesfuldt. (færdig)
[ Ignorer ] [ # 7 ] Peder TeamSpywarefri
19.07.2012 12:16:19 Redaktør Team Spywarefri Antal indlæg: 14028	Slet den Combofix du har liggende. Hent combofix og gem den på skrivebordet. Her Vigtigt-> Deaktiver dit antivirus/antispyware program. Da det/de kan ”forstyrre” og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse. Kør så combofix.exe, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt Indholdet af denne fil må du gerne lægge herind. Den kan også findes her - > C:\ combofix txt Får du noget der ligner denne fejl. Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning Så genstart, en gang mere, det burde løse det. Vær tålmodig, der kan gå op til 30 min inden logfilen åbner. Signatur Kaffen er drukket Kassen er lukket Støtten gør mere nytte Hos de små og forknytte Børns Vilkår
[ Ignorer ] [ # 8 ] JFK
19.07.2012 19:30:49 Antal indlæg: 13	Hej igen, Tusind tak for hjælpen indtil nu. Her er resultatet af combofix’en: ComboFix 12-07-19.02 - acer 19-07-2012 18:42:26.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.4028.3189 [GMT 2:00] Kører fra: c:\users\acer\Desktop\ComboFix.exe SP: Windows Defender Enabled/Outdated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\Installer\{eef30b76-5c69-6924-8fc8-5f1985968b27}\@ c:\windows\Installer\{eef30b76-5c69-6924-8fc8-5f1985968b27}\U\00000001.@ c:\windows\Installer\{eef30b76-5c69-6924-8fc8-5f1985968b27}\U\800000cb.@ . . ((((((((((((((((((((((((((((( Filer skabt fra 2012-06-19 til 2012-07-19 ))))))))))))))))))))))))))))))))))) . . 2012-07-19 16:49 . 2012-07-19 16:49 ———— d——-w- c:\users\Default\AppData\Local\temp 2012-07-19 08:39 . 2012-06-02 22:19 57880 ——a-w- c:\windows\system32\wuauclt.exe 2012-07-19 08:39 . 2012-06-02 22:19 44056 ——a-w- c:\windows\system32\wups2.dll 2012-07-19 08:39 . 2012-06-02 22:15 2622464 ——a-w- c:\windows\system32\wucltux.dll 2012-07-19 08:39 . 2012-06-02 22:19 2428952 ——a-w- c:\windows\system32\wuaueng.dll 2012-07-19 08:38 . 2012-06-02 22:19 38424 ——a-w- c:\windows\system32\wups.dll 2012-07-19 08:38 . 2012-06-02 22:19 701976 ——a-w- c:\windows\system32\wuapi.dll 2012-07-19 08:38 . 2012-06-02 22:15 99840 ——a-w- c:\windows\system32\wudriver.dll 2012-07-19 08:37 . 2012-06-02 13:19 186752 ——a-w- c:\windows\system32\wuwebv.dll 2012-07-19 08:37 . 2012-06-02 13:15 36864 ——a-w- c:\windows\system32\wuapp.exe 2012-07-19 08:35 . 2012-07-19 08:35 ———— d——-w- c:\users\acer\AppData\Roaming\Malwarebytes 2012-07-19 08:35 . 2012-07-19 08:35 ———— d——-w- c:\programdata\Malwarebytes 2012-07-19 08:35 . 2012-07-03 11:46 24904 ——a-w- c:\windows\system32\drivers\mbam.sys 2012-07-18 18:09 . 2012-07-18 18:09 328704 ——a-w- c:\windows\system32\services.exe.EAC17F310DD4EAB1 2012-07-18 13:40 . 2012-07-18 13:40 328704 ——a-w- c:\windows\system32\services.exe.43D2CADD91E5F7B2 2012-07-18 13:37 . 2012-07-18 13:37 328704 ——a-w- c:\windows\system32\services.exe.AE7754A08E60CAA3 2012-07-18 13:33 . 2012-07-18 13:33 328704 ——a-w- c:\windows\system32\services.exe.62D0ECAAE8E9AD17 2012-07-18 13:30 . 2012-07-18 13:30 328704 ——a-w- c:\windows\system32\services.exe.1E49C580268C2058 2012-07-18 13:26 . 2012-07-18 13:26 328704 ——a-w- c:\windows\system32\services.exe.298BF240F243E602 2012-07-18 13:22 . 2012-07-18 13:22 328704 ——a-w- c:\windows\system32\services.exe.FF192BD2FF7ACE56 2012-07-18 13:19 . 2012-07-18 13:19 328704 ——a-w- c:\windows\system32\services.exe.70BC4822B9CE499D 2012-07-18 13:15 . 2012-07-18 13:15 328704 ——a-w- c:\windows\system32\services.exe.F8C8C0634FE94FAB 2012-07-18 13:12 . 2012-07-18 13:12 328704 ——a-w- c:\windows\system32\services.exe.E5A98A3ECA9B123A 2012-07-18 13:09 . 2012-07-18 13:09 328704 ——a-w- c:\windows\system32\services.exe.DD86DBE3FB7A2E95 2012-07-18 13:05 . 2012-07-18 13:05 328704 ——a-w- c:\windows\system32\services.exe.9259C3D5A159192C 2012-07-18 13:02 . 2012-07-18 13:02 328704 ——a-w- c:\windows\system32\services.exe.F76A878F8B499051 2012-07-18 12:57 . 2012-07-18 12:57 328704 ——a-w- c:\windows\system32\services.exe.378A9A77F622A390 2012-07-18 12:54 . 2012-07-18 12:54 328704 ——a-w- c:\windows\system32\services.exe.9269F1E955419B46 2012-07-18 12:50 . 2012-07-18 12:50 328704 ——a-w- c:\windows\system32\services.exe.C54107CB4E2D0137 2012-07-18 12:47 . 2012-07-18 12:47 328704 ——a-w- c:\windows\system32\services.exe.77FC8534ED7BD9D8 2012-07-18 12:44 . 2012-07-18 12:44 328704 ——a-w- c:\windows\system32\services.exe.E62FE73948325E3E 2012-07-18 06:43 . 2012-07-18 06:43 328704 ——a-w- c:\windows\system32\services.exe.0ACFA960C448648C 2012-07-18 06:40 . 2012-07-18 06:40 328704 ——a-w- c:\windows\system32\services.exe.C783AB4F26538DF9 2012-07-18 06:36 . 2012-07-18 06:36 328704 ——a-w- c:\windows\system32\services.exe.0E8A979791C1B741 2012-07-18 06:33 . 2012-07-18 06:33 328704 ——a-w- c:\windows\system32\services.exe.0EFA911E55EEEDF6 2012-07-18 06:29 . 2012-07-18 06:29 328704 ——a-w- c:\windows\system32\services.exe.A4F183292C0508F9 2012-07-18 06:25 . 2012-07-18 06:25 328704 ——a-w- c:\windows\system32\services.exe.C9802838B2CAC6A1 2012-07-16 15:32 . 2012-07-16 15:32 ———— d——-w- C:\FRST 2012-07-16 14:56 . 2012-07-16 14:56 328704 ——a-w- c:\windows\system32\services.exe.27E841921B95863D 2012-07-16 14:52 . 2012-07-16 14:52 328704 ——a-w- c:\windows\system32\services.exe.F2E4A3804778A2C9 2012-07-16 14:48 . 2012-07-16 14:48 328704 ——a-w- c:\windows\system32\services.exe.01B1BF4A3DC6F449 2012-07-16 13:58 . 2012-07-16 13:58 328704 ——a-w- c:\windows\system32\services.exe.C8A31849ADCBA067 2012-07-15 17:45 . 2012-07-15 17:45 328704 ——a-w- c:\windows\system32\services.exe.3B11F0FF636DB9E8 2012-07-15 17:41 . 2012-07-15 17:41 328704 ——a-w- c:\windows\system32\services.exe.BDCE1C881BF0921D 2012-07-15 17:37 . 2012-07-15 17:37 328704 ——a-w- c:\windows\system32\services.exe.9BFB9427F04CBDFE 2012-07-15 17:33 . 2012-07-15 17:33 328704 ——a-w- c:\windows\system32\services.exe.07112C6502A27372 2012-07-15 17:29 . 2012-07-15 17:29 328704 ——a-w- c:\windows\system32\services.exe.15AC4D009DECF303 2012-07-15 17:24 . 2012-07-15 17:24 328704 ——a-w- c:\windows\system32\services.exe.4EF7D6D2C96AE080 2012-07-15 17:18 . 2012-07-15 17:18 328704 ——a-w- c:\windows\system32\services.exe.CF54AAD0FCC7B93D 2012-07-15 17:14 . 2012-07-15 17:14 328704 ——a-w- c:\windows\system32\services.exe.F3B40E8493CDA7EE 2012-07-15 13:32 . 2012-07-15 13:32 328704 ——a-w- c:\windows\system32\services.exe.B3D6DE6A756A990B 2012-07-15 13:24 . 2012-07-15 13:24 328704 ——a-w- c:\windows\system32\services.exe.0D28E6CE1A7B1573 2012-07-15 13:16 . 2012-07-15 13:16 328704 ——a-w- c:\windows\system32\services.exe.223ECBC430C8E2B2 2012-07-15 13:12 . 2012-07-15 13:12 328704 ——a-w- c:\windows\system32\services.exe.E116B12B9BF53F93 2012-07-15 13:06 . 2012-07-15 13:06 328704 ——a-w- c:\windows\system32\services.exe.9E9E350263A1479E 2012-07-15 12:53 . 2012-07-15 12:53 328704 ——a-w- c:\windows\system32\services.exe.762BF33417600E08 2012-07-15 12:49 . 2012-07-15 12:49 328704 ——a-w- c:\windows\system32\services.exe.6AFA37D17DA3F6D7 2012-07-15 12:44 . 2012-07-15 12:44 328704 ——a-w- c:\windows\system32\services.exe.C9D85EA22E6EB8C1 2012-07-11 13:30 . 2012-07-11 13:30 328704 ——a-w- c:\windows\system32\services.exe.86D103BA368995CF 2012-07-11 13:26 . 2012-07-11 13:26 328704 ——a-w- c:\windows\system32\services.exe.C37C41A2AFCF489A 2012-07-11 13:23 . 2012-07-11 13:23 328704 ——a-w- c:\windows\system32\services.exe.DEC0F3B881DED418 2012-07-11 13:19 . 2012-07-11 13:19 328704 ——a-w- c:\windows\system32\services.exe.14F3D44A36B6C90F 2012-07-11 13:16 . 2012-07-11 13:16 328704 ——a-w- c:\windows\system32\services.exe.CCAAB0B7863BB133 2012-07-11 13:12 . 2012-07-11 13:12 328704 ——a-w- c:\windows\system32\services.exe.D7D5486E532E276E 2012-07-11 13:08 . 2012-07-11 13:08 328704 ——a-w- c:\windows\system32\services.exe.C45D02C1E6A43FFD 2012-07-11 13:05 . 2012-07-11 13:05 328704 ——a-w- c:\windows\system32\services.exe.5A528C77B145BCDD 2012-07-11 13:01 . 2012-07-11 13:01 328704 ——a-w- c:\windows\system32\services.exe.057F20D1E19C8D57 2012-07-11 12:58 . 2012-07-11 12:58 328704 ——a-w- c:\windows\system32\services.exe.B2FE9DF54AA16C84 2012-07-11 12:54 . 2012-07-11 12:54 328704 ——a-w- c:\windows\system32\services.exe.6E9CA8C5B7C54177 2012-07-11 12:50 . 2012-07-11 12:50 328704 ——a-w- c:\windows\system32\services.exe.A5C9BB2EC0498098 2012-07-11 12:46 . 2012-07-11 12:46 328704 ——a-w- c:\windows\system32\services.exe.E65B6066AC1D6948 2012-07-11 12:43 . 2012-07-11 12:43 328704 ——a-w- c:\windows\system32\services.exe.CA2D400D3094535B 2012-07-10 19:05 . 2012-07-10 19:05 328704 ——a-w- c:\windows\system32\services.exe.A9FE56F43148CD7D 2012-07-10 19:01 . 2012-07-10 19:01 328704 ——a-w- c:\windows\system32\services.exe.D298A2CF1948F40F 2012-07-10 18:57 . 2012-07-10 18:57 328704 ——a-w- c:\windows\system32\services.exe.A9E4D36F3F5E7C71 2012-07-10 18:53 . 2012-07-10 18:53 328704 ——a-w- c:\windows\system32\services.exe.A6792AD168918E59 2012-07-10 18:49 . 2012-07-10 18:49 328704 ——a-w- c:\windows\system32\services.exe.698A2E69B01F165D 2012-07-08 18:54 . 2012-07-08 18:54 ———— d——-w- c:\users\acer\AppData\Local\Mozilla 2012-07-08 18:52 . 2012-07-08 18:52 ———— d——-w- c:\users\acer\AppData\Local\VirtualStore . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-13 06:55 . 2010-05-23 12:25 58957832 ——a-w- c:\windows\system32\MRT.exe 2012-06-05 18:57 . 2012-06-05 18:57 419488 ——a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-05 18:57 . 2011-06-07 20:04 70304 ——a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-18 02:47 . 2012-06-13 06:45 17807360 ——a-w- c:\windows\system32\mshtml.dll 2012-05-18 02:16 . 2012-06-13 06:45 10924032 ——a-w- c:\windows\system32\ieframe.dll 2012-05-18 02:06 . 2012-06-13 06:45 2311680 ——a-w- c:\windows\system32\jscript9.dll 2012-05-18 01:59 . 2012-06-13 06:46 1346048 ——a-w- c:\windows\system32\urlmon.dll 2012-05-18 01:59 . 2012-06-13 06:46 1392128 ——a-w- c:\windows\system32\wininet.dll 2012-05-18 01:58 . 2012-06-13 06:45 1494528 ——a-w- c:\windows\system32\inetcpl.cpl 2012-05-18 01:58 . 2012-06-13 06:46 237056 ——a-w- c:\windows\system32\url.dll 2012-05-18 01:56 . 2012-06-13 06:45 85504 ——a-w- c:\windows\system32\jsproxy.dll 2012-05-18 01:55 . 2012-06-13 06:46 173056 ——a-w- c:\windows\system32\ieUnatt.exe 2012-05-18 01:55 . 2012-06-13 06:45 818688 ——a-w- c:\windows\system32\jscript.dll 2012-05-18 01:54 . 2012-06-13 06:46 2144768 ——a-w- c:\windows\system32\iertutil.dll 2012-05-18 01:51 . 2012-06-13 06:46 96768 ——a-w- c:\windows\system32\mshtmled.dll 2012-05-18 01:51 . 2012-06-13 06:46 2382848 ——a-w- c:\windows\system32\mshtml.tlb 2012-05-18 01:47 . 2012-06-13 06:46 248320 ——a-w- c:\windows\system32\ieui.dll 2012-05-17 22:45 . 2012-06-13 06:45 1800192 ——a-w- c:\windows\SysWow64\jscript9.dll 2012-05-17 22:35 . 2012-06-13 06:46 1129472 ——a-w- c:\windows\SysWow64\wininet.dll 2012-05-17 22:35 . 2012-06-13 06:45 1427968 ——a-w- c:\windows\SysWow64\inetcpl.cpl 2012-05-17 22:29 . 2012-06-13 06:46 142848 ——a-w- c:\windows\SysWow64\ieUnatt.exe 2012-05-17 22:24 . 2012-06-13 06:46 2382848 ——a-w- c:\windows\SysWow64\mshtml.tlb 2012-05-15 01:32 . 2012-06-12 18:52 3146752 ——a-w- c:\windows\system32\win32k.sys 2012-05-04 11:06 . 2012-06-12 18:52 5559664 ——a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-12 18:52 3968368 ——a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-12 18:52 3913072 ——a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-12 18:52 209920 ——a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-12 18:52 210944 ——a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-12 18:52 77312 ——a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-12 18:52 149504 ——a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-12 18:52 9216 ——a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-12 18:51 184320 ——a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-12 18:51 140288 ——a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-12 18:51 1462272 ——a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-12 18:51 1158656 ——a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-12 18:51 140288 ——a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-12 18:51 103936 ——a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @=”{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\users\acer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @=”{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\users\acer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @=”{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ——a-w- c:\users\acer\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2011-06-09 254696] “Adobe Reader Speed Launcher”=“c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2012-03-27 37296] “Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2012-01-02 843712] “APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe” [2012-02-20 59240] “iTunesHelper”=“d:\itunes\iTunesHelper.exe” [2012-03-27 421736] “Malwarebytes’ Anti-Malware”=“c:\users\acer\Desktop\Malwarebytes’ Anti-Malware\mbamgui.exe” [2012-07-03 462920] . c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\acer\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”= 5 (0x5) “ConsentPromptBehaviorUser”= 3 (0x3) “EnableUIADesktopToggle”= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @=“Service” . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\DRIVERS\libusb0.sys [2009-07-07 32256] R3 netw5v64;Kortdriver til Intel(R) trådløs WiFi 5000 Series-forbindelse til Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264] S2 MBAMService;MBAMService;c:\users\acer\Desktop\Malwarebytes’ Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-05 935480] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 NETw5s64;Intel(R) Wireless WiFi Link adapter driver til Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . . ————- X64 Entries—————- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @=”{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ——a-w- c:\users\acer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @=”{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ——a-w- c:\users\acer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @=”{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ——a-w- c:\users\acer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @=”{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}” [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ——a-w- c:\users\acer\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “IgfxTray”=“c:\windows\system32\igfxtray.exe” [2010-08-25 161304] “HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2010-08-25 386584] “Persistence”=“c:\windows\system32\igfxpers.exe” [2010-08-25 415256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “LoadAppInit_DLLs”=0x1 . ———- Yderligere scanning———- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.dk/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = .local IE: E&ksporter; til Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: danskebank.dk Trusted Zone: danskebank.dk\www Trusted Zone: danskebank.dk\www-2 Trusted Zone: microsoft.com\drmlicense.one Trusted Zone: oestjydskbank.dk Trusted Zone: oestjydskbank.dk\www TCP: DhcpNameServer = 212.10.10.4 212.10.24.252 212.10.10.5 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll FF - ProfilePath - c:\users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\6ooalpuy.default\ FF - prefs.js: browser.startup.homepage - http://www.google.dk FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={d0b4519f-ef8e-49cf-8c3d-0b68240f31e7}&mid=7a90c8f1e15e47d0944fd1565041dc79-1b296a0f2eafcd196f7edd317868a06e0e385aa3&ds=AVG&v=11.1.0.7&lang=da&pr=fr&d=2012-06-05 21:26:07&sap=ku&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} . - - - - TOMME GENVEJE FJERNET - - - - . BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll SafeBoot-BsScanner WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) “BlindDial”=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) “BlindDial”=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ————————————Andre kørende processer———————————— . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . ************************************************************************* . Gennemført tid: 2012-07-19 18:57:13 - maskinen blev genstartet ComboFix-quarantined-files.txt 2012-07-19 16:57 . Pre-Kørsel: 55.581.024.256 byte ledig Post-Kørsel: 55.341.760.512 byte ledig . - - End Of File - - 538D4645B80173A1E4F3EC6C6BE5A7F4
[ Ignorer ] [ # 9 ] Peder TeamSpywarefri
20.07.2012 11:09:21 Redaktør Team Spywarefri Antal indlæg: 14028	Hent http://jpshortstuff.247fixes.com/SystemLook_x64.exe Dobbeltklik på SystemLook_x64.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind: :folderfind {eef30b76-5c69-6924-8fc8-5f1985968b27} @ U L :regfind {eef30b76-5c69-6924-8fc8-5f1985968b27} :filefind \n .n \@ .@ Klik på knappen Look. Programmet vil nu lede på din computer. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log’en kan også findes på dit Skrivebord med navnet: SystemLook.txt. >> Download OTL fra dette link, gem den på skrivebordet. http://oldtimer.geekstogo.com/OTL.com PS.: Vista/Win7 - HøjreMusseTast - “Kør som Administrator.” på de programfiler. Kør OTL > Kopier teksten med fed skrift ind under ”Custom Scans/Fixes” Nede til højre, sætter du fluben ved, “LOP Check” og “Purity Check”, marker Scan All Users, Klik på “Run Scan”. Din computer vil nu blive scannet og efter et stykke tid vil 2 logs åbne sig. netsvcs %SYSTEMDRIVE%\.exe /md5start explorer.exe winlogon.exe Userinit.exe svchost.exe atapi.sys services.exe /md5stop Der åbnes 2 notesblok vinduer OTL.txt* og Extras.Txt kopier teksten fra dem herind. Signatur Kaffen er drukket Kassen er lukket Støtten gør mere nytte Hos de små og forknytte Børns Vilkår
[ Ignorer ] [ # 10 ] JFK
20.07.2012 13:16:28 Antal indlæg: 13	Her er reultatet af systemlock: SystemLook 30.07.11 by jpshortstuff Log created at 12:48 on 20/07/2012 by acer Administrator - Elevation successful ========== folderfind ========== Searching for “{eef30b76-5c69-6924-8fc8-5f1985968b27}” C:\FRST\Quarantine\{eef30b76-5c69-6924-8fc8-5f1985968b27} d——— [14:40 11/01/2012] C:\Qoobox\Quarantine\C\Windows\Installer\{eef30b76-5c69-6924-8fc8-5f1985968b27} d——— [12:47 18/07/2012] Searching for “@” No folders found. Searching for “U” C:\FRST\Quarantine\{eef30b76-5c69-6924-8fc8-5f1985968b27}\U d——— [14:40 11/01/2012] C:\Qoobox\Quarantine\C\Windows\Installer\{eef30b76-5c69-6924-8fc8-5f1985968b27}\U d——— [12:47 18/07/2012] Searching for “L” C:\FRST\Quarantine\{eef30b76-5c69-6924-8fc8-5f1985968b27}\L d——— [14:40 11/01/2012] C:\Users\acer\AppData\LocalLow\Microsoft\Silverlight\is\k0xw1tmh.rr1\xf5lzl02.2cq\1\l d——— [18:35 25/07/2010] C:\Users\acer\AppData\Roaming\Dropbox\l d——— [16:18 21/06/2011] C:\Users\acer\AppData\Roaming\Dropbox\installer\l d——— [16:17 21/06/2011] C:\Users\acer\AppData\Roaming\Dropbox\shellext\l d——— [16:18 21/06/2011] ========== regfind ========== Searching for “{eef30b76-5c69-6924-8fc8-5f1985968b27}” No data found. ========== filefind ========== Searching for “\n” No files found. Searching for “.n” No files found. Searching for “\@” No files found. Searching for “.@” No files found. -= EOF =-
[ Ignorer ] [ # 11 ] JFK
20.07.2012 13:19:04 Antal indlæg: 13	Og OTL: OTL logfile created on: 20-07-2012 12:56:22 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\acer\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 3,93 Gb Total Physical Memory \| 2,63 Gb Available Physical Memory \| 66,94% Memory free 7,87 Gb Paging File \| 6,58 Gb Available in Paging File \| 83,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 100,48 Gb Total Space \| 51,63 Gb Free Space \| 51,38% Space Free \| Partition Type: NTFS Drive D: \| 355,41 Gb Total Space \| 350,99 Gb Free Space \| 98,76% Space Free \| Partition Type: NTFS Drive F: \| 1,86 Gb Total Space \| 1,85 Gb Free Space \| 99,08% Space Free \| Partition Type: FAT32 Computer Name: ACER-PC \| User Name: acer \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-07-20 12:41:28 \| 000,596,480 \|——\| M] (OldTimer Tools)—C:\Users\acer\Desktop\OTL.com PRC - [2012-07-03 13:46:44 \| 000,655,944 \|——\| M] (Malwarebytes Corporation)—C:\Users\acer\Desktop\Malwarebytes’ Anti-Malware\mbamservice.exe PRC - [2012-07-03 13:46:44 \| 000,462,920 \|——\| M] (Malwarebytes Corporation)—C:\Users\acer\Desktop\Malwarebytes’ Anti-Malware\mbamgui.exe PRC - [2012-06-05 21:26:04 \| 000,935,480 \|——\| M] ()—C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe PRC - [2012-05-24 20:39:22 \| 027,112,840 \|——\| M] (Dropbox, Inc.)—C:\Users\acer\AppData\Roaming\Dropbox\bin\Dropbox.exe ========== Modules (No Company Name) ========== MOD - [2012-02-20 21:29:04 \| 000,087,912 \|——\| M] ()—C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012-02-20 21:28:42 \| 001,242,472 \|——\| M] ()—C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [On_Demand \| Stopped]—C:\Program Files\Microsoft Security Client\NisSrv.exe—(NisSrv) SRV:64bit: - File not found [Auto \| Stopped]—C:\Program Files\Microsoft Security Client\MsMpEng.exe—(MsMpSvc) SRV:64bit: - [2009-08-18 02:36:20 \| 000,203,264 \|——\| M] (AMD) [Auto \| Running]—C:\Windows\SysNative\atiesrxx.exe—(AMD External Events Utility) SRV - [2012-07-03 13:46:44 \| 000,655,944 \|——\| M] (Malwarebytes Corporation) [Auto \| Running]—C:\Users\acer\Desktop\Malwarebytes’ Anti-Malware\mbamservice.exe—(MBAMService) SRV - [2012-06-05 21:26:04 \| 000,935,480 \|——\| M] () [Auto \| Running]—C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe—(vToolbarUpdater11.1.0) SRV - [2010-03-18 13:16:28 \| 000,130,384 \|——\| M] (Microsoft Corporation) [Auto \| Stopped]—C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe—(clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 \| 000,066,384 \|——\| M] (Microsoft Corporation) [Disabled \| Stopped]—C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe—(clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-07-03 13:46:44 \| 000,024,904 \|——\| M] (Malwarebytes Corporation) [File_System \| On_Demand \| Running]—C:\Windows\SysNative\drivers\mbam.sys—(MBAMProtector) DRV:64bit: - [2012-03-01 08:46:16 \| 000,023,408 \|——\| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown]—C:\Windows\SysNative\drivers\fs_rec.sys—(Fs_Rec) DRV:64bit: - [2012-02-15 11:01:50 \| 000,052,736 \|——\| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\usbaapl64.sys—(USBAAPL64) DRV:64bit: - [2011-03-11 08:41:12 \| 000,107,904 \|——\| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\amdsata.sys—(amdsata) DRV:64bit: - [2011-03-11 08:41:12 \| 000,027,008 \|——\| M] (Advanced Micro Devices) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\amdxata.sys—(amdxata) DRV:64bit: - [2010-11-20 15:33:35 \| 000,078,720 \|——\| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\HpSAMD.sys—(HpSAMD) DRV:64bit: - [2010-11-20 13:07:05 \| 000,059,392 \|——\| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\TsUsbFlt.sys—(TsUsbFlt) DRV:64bit: - [2010-08-25 20:36:04 \| 010,611,552 \|——\| M] (Intel Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\igdkmd64.sys—(igfx) DRV:64bit: - [2009-09-15 19:40:42 \| 006,952,960 \|——\| M] (Intel Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\NETw5s64.sys—(NETw5s64) Intel(R) DRV:64bit: - [2009-08-18 03:48:48 \| 006,037,504 \|——\| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\atikmdag.sys—(atikmdag) DRV:64bit: - [2009-07-14 03:52:20 \| 000,194,128 \|——\| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\amdsbs.sys—(amdsbs) DRV:64bit: - [2009-07-14 03:48:04 \| 000,065,600 \|——\| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\lsi_sas2.sys—(LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 \| 000,024,656 \|——\| M] (Promise Technology) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\stexstor.sys—(stexstor) DRV:64bit: - [2009-07-07 16:53:04 \| 000,032,256 \|——\| M] (http://libusb-win32.sourceforge.net) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\libusb0.sys—(libusb0) DRV:64bit: - [2009-06-10 22:35:28 \| 005,434,368 \|——\| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\netw5v64.sys—(netw5v64) Kortdriver til Intel(R) DRV:64bit: - [2009-06-10 22:34:33 \| 003,286,016 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\evbda.sys—(ebdrv) DRV:64bit: - [2009-06-10 22:34:28 \| 000,468,480 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\bxvbda.sys—(b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 \| 000,270,848 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\b57nd60a.sys—(b57nd60a) DRV:64bit: - [2009-06-10 22:34:18 \| 000,057,344 \|——\| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\L1C62x64.sys—(L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV:64bit: - [2009-06-10 22:31:59 \| 000,031,232 \|——\| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\hcw85cir.sys—(hcw85cir) DRV:64bit: - [2009-05-18 13:17:08 \| 000,034,152 \|——\| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\GEARAspiWDM.sys—(GEARAspiWDM) DRV:64bit: - [2009-02-13 11:02:52 \| 000,014,464 \|——\| M] (Western Digital Technologies) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\wdcsam64.sys—(WDC_SAM) DRV - [2009-07-14 03:19:10 \| 000,019,008 \|——\| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped]—C:\Windows\SysWOW64\drivers\wimmount.sys—(WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D E4 D1 6B B9 F6 CA 01 [binary data] IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: “URL” = http://isearch.avg.com/search?cid={E2B9B8C0-A88C-401F-BDA0-810DB5CE9360}&mid=7a90c8f1e15e47d0944fd1565041dc79-1b296a0f2eafcd196f7edd317868a06e0e385aa3&lang=da&ds=AVG&pr=fr&d=2012-06-05 21:26:07&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\..\SearchScopes\{D034A51B-D244-4E09-92D6-2F6DB3A7269A}: “URL” = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie;={inputEncoding?}&oe;={outputEncoding?} IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: “AVG Secure Search” FF - prefs.js..browser.startup.homepage: “www.google.dk” FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: “http://isearch.avg.com/search?cid={d0b4519f-ef8e-49cf-8c3d-0b68240f31e7}&mid=7a90c8f1e15e47d0944fd1565041dc79-1b296a0f2eafcd196f7edd317868a06e0e385aa3&ds=AVG&v=11.1.0.7&lang=da&pr=fr&d=2012-06-05 21:26:07&sap=ku&q=” FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit:* - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin: C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: C:\\Windows\\system32\\Wat\\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\npctrl.dll ( Microsoft Corporation) FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32.dll () FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=: File not found FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: D:\\iTunes\\Mozilla Plugins\\npitunes.dll () FF - HKLM\\Software\\MozillaPlugins\\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\11.1.0\\\\npsitesafety.dll () FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin: C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: C:\\Windows\\system32\\Wat\\npWatWeb.dll (Microsoft Corporation) FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\npctrl.dll ( Microsoft Corporation) FF - HKLM\\Software\\MozillaPlugins\\@videolan.org/vlc,version=1.1.11: C:\\Program Files (x86)\\VideoLAN\\VLC\\npvlc.dll (the VideoLAN Team) FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\avg@toolbar: C:\\ProgramData\\AVG Secure Search\\11.1.0.7\\ [2012-07-08 20:36:56 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.6.8\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2010-09-12 09:37:40 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.6.8\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2012-06-18 16:32:29 \| 000,000,000 \|—-D \| M] [2010-09-12 09:38:09 \| 000,000,000 \|—-D \| M] (No name found)—C:\\Users\\acer\\AppData\\Roaming\\mozilla\\Extensions [2010-09-12 13:36:48 \| 000,000,000 \|—-D \| M] (No name found)—C:\\Users\\acer\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\6ooalpuy.default\\extensions [2011-10-25 20:03:40 \| 000,000,000 \|—-D \| M] (No name found)—C:\\Program Files (x86)\\mozilla firefox\\extensions [2010-12-09 16:08:02 \| 000,000,000 \|—-D \| M] (Java Console)—C:\\Program Files (x86)\\mozilla firefox\\extensions\\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011-01-16 17:17:32 \| 000,000,000 \|—-D \| M] (Java Console)—C:\\Program Files (x86)\\mozilla firefox\\extensions\\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-03-01 18:02:23 \| 000,000,000 \|—-D \| M] (Java Console)—C:\\Program Files (x86)\\mozilla firefox\\extensions\\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-06-23 16:52:39 \| 000,000,000 \|—-D \| M] (Java Console)—C:\\Program Files (x86)\\mozilla firefox\\extensions\\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-10-25 20:03:40 \| 000,000,000 \|—-D \| M] (Java Console)—C:\\Program Files (x86)\\mozilla firefox\\extensions\\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-10-03 05:06:04 \| 000,476,904 \|——\| M] (Sun Microsystems, Inc.)—C:\\Program Files (x86)\\mozilla firefox\\plugins\\npdeployJava1.dll [2010-07-23 02:53:25 \| 000,001,525 \|——\| M] ()—C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\amazon-co-uk.xml [2012-06-05 21:26:02 \| 000,003,747 \|——\| M] ()—C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\avg-secure-search.xml [2010-07-23 02:53:25 \| 000,001,178 \|——\| M] ()—C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\wikipedia-da.xml [2010-07-23 02:53:25 \| 000,001,102 \|——\| M] ()—C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\yahoo-dk.xml O1 HOSTS File: ([2012-07-19 18:51:07 \| 000,000,027 \|——\| M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\\Program Files (x86)\\AVG Secure Search\\11.1.0.7\\AVG Secure Search_toolbar.dll File not found O3 - HKLM\\..\\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\\Program Files (x86)\\AVG Secure Search\\11.1.0.7\\AVG Secure Search_toolbar.dll File not found O3 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..\\Toolbar\\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\\Run: [HotKeysCmds] C:\\Windows\\SysNative\\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\\Run: [IgfxTray] C:\\Windows\\SysNative\\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\\Run: [Persistence] C:\\Windows\\SysNative\\igfxpers.exe (Intel Corporation) O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.) O4 - HKLM..\\Run: [Malwarebytes’ Anti-Malware] C:\\Users\\acer\\Desktop\\Malwarebytes’ Anti-Malware\\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\\Users\\acer\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk = C:\\Users\\acer\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions present O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDrives = 0 O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3 O7 - HKU\\.DEFAULT\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present O7 - HKU\\S-1-5-18\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present O7 - HKU\\S-1-5-19\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present O7 - HKU\\S-1-5-20\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present O7 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present O7 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\\PROGRA~2\\MICROS~1\\Office12\\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\\PROGRA~2\\MICROS~1\\Office12\\EXCEL.EXE/3000 File not found O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~2\\MICROS~1\\Office12\\ONBttnIE.dll (Microsoft Corporation) O9 - Extra ‘Tools’ menuitem : S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~2\\MICROS~1\\Office12\\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~2\\MICROS~1\\Office12\\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\\Catalog_Entries64\\000000000008 [] - C:\\Programmer\\Bonjour\\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000008 [] - C:\\Program Files (x86)\\Bonjour\\mdnsNSP.dll (Apple Inc.) O15 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..Trusted Domains: danskebank.dk ([]https in Trusted sites) O15 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..Trusted Domains: danskebank.dk ([www] https in Trusted sites) O15 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..Trusted Domains: danskebank.dk ([www-2] https in Trusted sites) O15 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..Trusted Domains: microsoft.com ([drmlicense.one] https in Trusted sites) O15 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..Trusted Domains: oestjydskbank.dk ([]https in Trusted sites) O15 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..Trusted Domains: oestjydskbank.dk ([www] https in Trusted sites) O15 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..Trusted Domains: phoe.dk ([]* in Local intranet) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab (e-Safekey) O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 212.10.10.4 212.10.24.252 212.10.10.5 O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{0DE5E58A-36CF-490B-8B44-96BC72DDAAF9}: DhcpNameServer = 212.10.10.4 212.10.24.252 212.10.10.5 O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found O18:64bit: - Protocol\\Handler\\viprotocol - No CLSID value found O18 - Protocol\\Handler\\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\ViProtocolInstaller\\11.1.0\\ViProtocol.dll () O18:64bit: - Protocol\\Filter\\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\\Programmer\\Common Files\\Microsoft Shared\\OFFICE12\\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\\Filter\\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\\PROGRA~2\\COMMON~1\\MICROS~1\\OFFICE12\\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\\Windows\\SysNative\\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysWOW64\\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\\Notify\\igfxcui: DllName - (igfxdev.dll) - C:\\Windows\\SysNative\\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\\..comfile [open]—“%1” %* O35:64bit: - HKLM\..exefile [open]—“%1” %* O35 - HKLM\..comfile [open]—“%1” %* O35 - HKLM\..exefile [open]—“%1” %* O37:64bit: - HKLM\...com [@ = ComFile]—“%1” %* O37:64bit: - HKLM\...exe [@ = exefile]—“%1” %* O37 - HKLM\...com [@ = ComFile]—“%1” %* O37 - HKLM\...exe [@ = exefile]—“%1” %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-07-20 12:55:04 \| 000,596,480 \|——\| C] (OldTimer Tools)—C:\Users\acer\Desktop\OTL.com [2012-07-20 12:42:41 \| 000,000,000 \| -HSD \| C]—C:\$RECYCLE.BIN [2012-07-19 18:57:16 \| 000,000,000 \|—-D \| C]—C:\Windows\temp [2012-07-19 18:40:06 \| 000,518,144 \|——\| C] (SteelWerX)—C:\Windows\SWREG.exe [2012-07-19 18:40:06 \| 000,406,528 \|——\| C] (SteelWerX)—C:\Windows\SWSC.exe [2012-07-19 18:40:06 \| 000,060,416 \|——\| C] (NirSoft)—C:\Windows\NIRCMD.exe [2012-07-19 15:57:38 \| 004,582,475 \| R—- \| C] (Swearware)—C:\Users\acer\Desktop\ComboFix.exe [2012-07-19 10:39:14 \| 002,622,464 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wucltux.dll [2012-07-19 10:39:14 \| 000,057,880 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wuauclt.exe [2012-07-19 10:39:14 \| 000,044,056 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wups2.dll [2012-07-19 10:38:18 \| 000,701,976 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wuapi.dll [2012-07-19 10:38:18 \| 000,099,840 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wudriver.dll [2012-07-19 10:38:18 \| 000,038,424 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wups.dll [2012-07-19 10:37:44 \| 000,186,752 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wuwebv.dll [2012-07-19 10:37:44 \| 000,036,864 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wuapp.exe [2012-07-19 10:35:08 \| 000,000,000 \|—-D \| C]—C:\Users\acer\AppData\Roaming\Malwarebytes [2012-07-19 10:35:02 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes’ Anti-Malware [2012-07-19 10:35:01 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Malwarebytes [2012-07-19 10:35:00 \| 000,024,904 \|——\| C] (Malwarebytes Corporation)—C:\Windows\SysNative\drivers\mbam.sys [2012-07-19 10:35:00 \| 000,000,000 \|—-D \| C]—C:\Users\acer\Desktop\Malwarebytes’ Anti-Malware [2012-07-19 10:33:13 \| 010,652,120 \|——\| C] (Malwarebytes Corporation )—C:\Users\acer\Desktop\mbam-setup-1.62.0.1300.exe [2012-07-18 20:09:12 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.EAC17F310DD4EAB1 [2012-07-18 15:40:28 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.43D2CADD91E5F7B2 [2012-07-18 15:37:06 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.AE7754A08E60CAA3 [2012-07-18 15:33:30 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.62D0ECAAE8E9AD17 [2012-07-18 15:30:00 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.1E49C580268C2058 [2012-07-18 15:26:20 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.298BF240F243E602 [2012-07-18 15:22:48 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.FF192BD2FF7ACE56 [2012-07-18 15:19:14 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.70BC4822B9CE499D [2012-07-18 15:15:48 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F8C8C0634FE94FAB [2012-07-18 15:12:27 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E5A98A3ECA9B123A [2012-07-18 15:09:10 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.DD86DBE3FB7A2E95 [2012-07-18 15:05:50 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9259C3D5A159192C [2012-07-18 15:02:35 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F76A878F8B499051 [2012-07-18 14:57:22 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.378A9A77F622A390 [2012-07-18 14:54:04 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9269F1E955419B46 [2012-07-18 14:50:59 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C54107CB4E2D0137 [2012-07-18 14:47:44 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.77FC8534ED7BD9D8 [2012-07-18 14:47:19 \| 000,000,000 \|—-D \| C]—C:\Qoobox [2012-07-18 14:47:07 \| 000,000,000 \|—-D \| C]—C:\Windows\erdnt [2012-07-18 14:44:30 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E62FE73948325E3E [2012-07-18 08:43:25 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0ACFA960C448648C [2012-07-18 08:40:04 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C783AB4F26538DF9 [2012-07-18 08:36:51 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0E8A979791C1B741 [2012-07-18 08:33:03 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0EFA911E55EEEDF6 [2012-07-18 08:29:10 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A4F183292C0508F9 [2012-07-18 08:25:14 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C9802838B2CAC6A1 [2012-07-16 17:32:26 \| 000,000,000 \|—-D \| C]—C:\FRST [2012-07-16 16:56:32 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.27E841921B95863D [2012-07-16 16:52:26 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F2E4A3804778A2C9 [2012-07-16 16:48:26 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.01B1BF4A3DC6F449 [2012-07-16 15:58:57 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C8A31849ADCBA067 [2012-07-15 19:45:15 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.3B11F0FF636DB9E8 [2012-07-15 19:41:12 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.BDCE1C881BF0921D [2012-07-15 19:37:08 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9BFB9427F04CBDFE [2012-07-15 19:33:10 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.07112C6502A27372 [2012-07-15 19:29:10 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.15AC4D009DECF303 [2012-07-15 19:24:05 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.4EF7D6D2C96AE080 [2012-07-15 19:18:51 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.CF54AAD0FCC7B93D [2012-07-15 19:14:34 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F3B40E8493CDA7EE [2012-07-15 15:32:00 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.B3D6DE6A756A990B [2012-07-15 15:24:02 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0D28E6CE1A7B1573 [2012-07-15 15:16:48 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.223ECBC430C8E2B2 [2012-07-15 15:12:52 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E116B12B9BF53F93 [2012-07-15 15:06:47 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9E9E350263A1479E [2012-07-15 14:53:51 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.762BF33417600E08 [2012-07-15 14:53:41 \| 001,436,595 \|——\| C] (Farbar)—C:\Users\acer\Desktop\FRST64.exe [2012-07-15 14:49:54 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.6AFA37D17DA3F6D7 [2012-07-15 14:44:31 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C9D85EA22E6EB8C1 [2012-07-11 15:30:35 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.86D103BA368995CF [2012-07-11 15:26:57 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C37C41A2AFCF489A [2012-07-11 15:23:28 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.DEC0F3B881DED418 [2012-07-11 15:19:55 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.14F3D44A36B6C90F [2012-07-11 15:16:06 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.CCAAB0B7863BB133 [2012-07-11 15:12:33 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.D7D5486E532E276E [2012-07-11 15:08:54 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C45D02C1E6A43FFD [2012-07-11 15:05:16 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.5A528C77B145BCDD [2012-07-11 15:01:45 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.057F20D1E19C8D57 [2012-07-11 14:58:13 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.B2FE9DF54AA16C84 [2012-07-11 14:54:18 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.6E9CA8C5B7C54177 [2012-07-11 14:50:30 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A5C9BB2EC0498098 [2012-07-11 14:46:57 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E65B6066AC1D6948 [2012-07-11 14:43:14 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.CA2D400D3094535B [2012-07-10 21:05:07 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A9FE56F43148CD7D [2012-07-10 21:01:19 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.D298A2CF1948F40F [2012-07-10 20:57:40 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A9E4D36F3F5E7C71 [2012-07-10 20:53:52 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A6792AD168918E59 [2012-07-10 20:49:59 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.698A2E69B01F165D [2012-07-08 20:54:15 \| 000,000,000 \|—-D \| C]—C:\Users\acer\AppData\Local\Mozilla [2012-07-08 20:52:26 \| 000,000,000 \|—-D \| C]—C:\Users\acer\AppData\Local\VirtualStore [2010-08-31 20:47:07 \| 016,127,776 \|——\| C] (Sun Microsystems, Inc.)—C:\Users\acer\jre-6u21-windows-x64.exe ========== Files - Modified Within 30 Days ========== [2012-07-20 12:52:16 \| 000,013,760 \| -H—\| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-20 12:52:16 \| 000,013,760 \| -H—\| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-20 12:42:29 \| 000,067,584 \|—S- \| M] ()—C:\Windows\bootstat.dat [2012-07-20 12:42:22 \| 3167,584,256 \| -HS- \| M] ()—C:\hiberfil.sys [2012-07-20 12:41:28 \| 000,596,480 \|——\| M] (OldTimer Tools)—C:\Users\acer\Desktop\OTL.com [2012-07-20 12:40:32 \| 000,165,376 \|——\| M] ()—C:\Users\acer\Desktop\SystemLook_x64.exe [2012-07-19 18:51:07 \| 000,000,027 \|——\| M] ()—C:\Windows\SysNative\drivers\etc\hosts [2012-07-19 18:33:03 \| 000,001,912 \|——\| M] ()—C:\Windows\epplauncher.mif [2012-07-19 18:32:47 \| 000,617,904 \|——\| M] ()—C:\Windows\SysNative\perfh009.dat [2012-07-19 18:32:47 \| 000,472,220 \|——\| M] ()—C:\Windows\SysNative\perfh006.dat [2012-07-19 18:32:47 \| 000,107,524 \|——\| M] ()—C:\Windows\SysNative\perfc009.dat [2012-07-19 18:32:47 \| 000,081,062 \|——\| M] ()—C:\Windows\SysNative\perfc006.dat [2012-07-19 15:56:46 \| 004,582,475 \| R—- \| M] (Swearware)—C:\Users\acer\Desktop\ComboFix.exe [2012-07-19 10:35:02 \| 000,000,777 \|——\| M] ()—C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-07-19 10:24:06 \| 010,652,120 \|——\| M] (Malwarebytes Corporation )—C:\Users\acer\Desktop\mbam-setup-1.62.0.1300.exe [2012-07-18 20:09:12 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.EAC17F310DD4EAB1 [2012-07-18 15:40:28 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.43D2CADD91E5F7B2 [2012-07-18 15:37:06 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.AE7754A08E60CAA3 [2012-07-18 15:33:30 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.62D0ECAAE8E9AD17 [2012-07-18 15:30:00 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.1E49C580268C2058 [2012-07-18 15:26:20 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.298BF240F243E602 [2012-07-18 15:22:48 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.FF192BD2FF7ACE56 [2012-07-18 15:19:14 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.70BC4822B9CE499D [2012-07-18 15:15:48 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F8C8C0634FE94FAB [2012-07-18 15:12:27 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E5A98A3ECA9B123A [2012-07-18 15:09:10 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.DD86DBE3FB7A2E95 [2012-07-18 15:05:50 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9259C3D5A159192C [2012-07-18 15:02:35 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F76A878F8B499051 [2012-07-18 14:57:22 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.378A9A77F622A390 [2012-07-18 14:54:04 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9269F1E955419B46 [2012-07-18 14:50:59 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C54107CB4E2D0137 [2012-07-18 14:47:44 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.77FC8534ED7BD9D8 [2012-07-18 14:45:17 \| 001,276,860 \|——\| M] ()—C:\Windows\SysNative\PerfStringBackup.INI [2012-07-18 14:44:30 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E62FE73948325E3E [2012-07-18 08:43:25 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0ACFA960C448648C [2012-07-18 08:40:04 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C783AB4F26538DF9 [2012-07-18 08:36:51 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0E8A979791C1B741 [2012-07-18 08:33:03 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0EFA911E55EEEDF6 [2012-07-18 08:29:10 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A4F183292C0508F9 [2012-07-18 08:25:14 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C9802838B2CAC6A1 [2012-07-16 16:56:32 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.27E841921B95863D [2012-07-16 16:52:26 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F2E4A3804778A2C9 [2012-07-16 16:48:26 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.01B1BF4A3DC6F449 [2012-07-16 15:58:57 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C8A31849ADCBA067 [2012-07-15 19:45:15 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.3B11F0FF636DB9E8 [2012-07-15 19:41:12 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.BDCE1C881BF0921D [2012-07-15 19:37:08 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9BFB9427F04CBDFE [2012-07-15 19:33:10 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.07112C6502A27372 [2012-07-15 19:29:10 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.15AC4D009DECF303 [2012-07-15 19:24:05 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.4EF7D6D2C96AE080 [2012-07-15 19:18:51 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.CF54AAD0FCC7B93D [2012-07-15 19:14:34 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F3B40E8493CDA7EE [2012-07-15 15:32:00 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.B3D6DE6A756A990B [2012-07-15 15:24:02 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0D28E6CE1A7B1573 [2012-07-15 15:16:48 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.223ECBC430C8E2B2 [2012-07-15 15:12:52 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E116B12B9BF53F93 [2012-07-15 15:06:47 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9E9E350263A1479E [2012-07-15 14:53:51 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.762BF33417600E08 [2012-07-15 14:49:54 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.6AFA37D17DA3F6D7 [2012-07-15 14:44:31 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C9D85EA22E6EB8C1 [2012-07-15 14:40:44 \| 001,436,595 \|——\| M] (Farbar)—C:\Users\acer\Desktop\FRST64.exe [2012-07-11 15:30:35 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.86D103BA368995CF [2012-07-11 15:26:57 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C37C41A2AFCF489A [2012-07-11 15:23:28 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.DEC0F3B881DED418 [2012-07-11 15:19:55 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.14F3D44A36B6C90F [2012-07-11 15:16:06 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.CCAAB0B7863BB133 [2012-07-11 15:12:33 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.D7D5486E532E276E [2012-07-11 15:08:54 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C45D02C1E6A43FFD [2012-07-11 15:05:16 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.5A528C77B145BCDD [2012-07-11 15:01:45 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.057F20D1E19C8D57 [2012-07-11 14:58:13 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.B2FE9DF54AA16C84 [2012-07-11 14:54:18 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.6E9CA8C5B7C54177 [2012-07-11 14:50:30 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A5C9BB2EC0498098 [2012-07-11 14:46:57 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E65B6066AC1D6948 [2012-07-11 14:43:14 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.CA2D400D3094535B [2012-07-10 21:05:07 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A9FE56F43148CD7D [2012-07-10 21:01:19 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.D298A2CF1948F40F [2012-07-10 20:57:40 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A9E4D36F3F5E7C71 [2012-07-10 20:53:52 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A6792AD168918E59 [2012-07-10 20:49:59 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.698A2E69B01F165D [2012-07-08 21:04:08 \| 001,296,860 \|——\| M] ()—C:\Windows\SysWow64\PerfStringBackup.INI [2012-07-03 13:46:44 \| 000,024,904 \|——\| M] (Malwarebytes Corporation)—C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012-07-20 12:45:18 \| 000,165,376 \|——\| C] ()—C:\Users\acer\Desktop\SystemLook_x64.exe [2012-07-19 18:40:06 \| 000,256,000 \|——\| C] ()—C:\Windows\PEV.exe [2012-07-19 18:40:06 \| 000,208,896 \|——\| C] ()—C:\Windows\MBR.exe [2012-07-19 18:40:06 \| 000,098,816 \|——\| C] ()—C:\Windows\sed.exe [2012-07-19 18:40:06 \| 000,080,412 \|——\| C] ()—C:\Windows\grep.exe [2012-07-19 18:40:06 \| 000,068,096 \|——\| C] ()—C:\Windows\zip.exe [2012-07-19 10:35:02 \| 000,000,777 \|——\| C] ()—C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-04-04 08:17:11 \| 000,000,168 \|——\| C] ()—C:\ProgramData\-vbUbcGrFEXEU3Xr [2012-04-04 08:17:10 \| 000,000,000 \|——\| C] ()—C:\ProgramData\-vbUbcGrFEXEU3X [2012-04-04 08:16:45 \| 000,000,256 \|——\| C] ()—C:\ProgramData\vbUbcGrFEXEU3X [2011-12-16 17:26:19 \| 000,001,643 \|——\| C] ()—C:\Users\acer\rasphone.pbk [2011-11-06 10:30:57 \| 000,019,425 \|——\| C] ()—C:\Windows\prodsett_copy.ini [2011-05-26 14:03:54 \| 000,000,000 \|——\| C] ()—C:\Users\acer\temp.dat [2011-01-25 21:46:00 \| 001,296,860 \|——\| C] ()—C:\Windows\SysWow64\PerfStringBackup.INI [2010-11-18 13:29:33 \| 000,000,983 \|——\| C] ()—C:\Windows\eReg.dat ========== LOP Check ========== [2012-07-20 12:44:15 \| 000,000,000 \|—-D \| M]—C:\Users\acer\AppData\Roaming\Dropbox [2012-07-15 19:35:02 \| 000,032,550 \|——\| M] ()—C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < :folderfind > < {eef30b76-5c69-6924-8fc8-5f1985968b27} > < @ > < U > < L > < :regfind > < {eef30b76-5c69-6924-8fc8-5f1985968b27} > < :filefind > < \n > < .n > < \@ > < .@ > < End of report >
[ Ignorer ] [ # 12 ] JFK
20.07.2012 13:22:00 Antal indlæg: 13	Argh, jeg er kommet til at kopiere forkert ind ved det seneste indlæg.. Laver lige en ny.
[ Ignorer ] [ # 13 ] JFK
20.07.2012 14:14:59 Antal indlæg: 13	Jeg får med det nederste fede skrift, kun den ene fil frem: OTL logfile created on: 20-07-2012 13:51:18 - Run 4 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\acer\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 3,93 Gb Total Physical Memory \| 2,63 Gb Available Physical Memory \| 66,96% Memory free 7,87 Gb Paging File \| 6,55 Gb Available in Paging File \| 83,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 100,48 Gb Total Space \| 51,63 Gb Free Space \| 51,38% Space Free \| Partition Type: NTFS Drive D: \| 355,41 Gb Total Space \| 352,36 Gb Free Space \| 99,14% Space Free \| Partition Type: NTFS Drive F: \| 1,86 Gb Total Space \| 1,85 Gb Free Space \| 99,08% Space Free \| Partition Type: FAT32 Computer Name: ACER-PC \| User Name: acer \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-07-20 12:41:28 \| 000,596,480 \|——\| M] (OldTimer Tools)—C:\Users\acer\Desktop\OTL.com PRC - [2012-07-03 13:46:44 \| 000,655,944 \|——\| M] (Malwarebytes Corporation)—C:\Users\acer\Desktop\Malwarebytes’ Anti-Malware\mbamservice.exe PRC - [2012-07-03 13:46:44 \| 000,462,920 \|——\| M] (Malwarebytes Corporation)—C:\Users\acer\Desktop\Malwarebytes’ Anti-Malware\mbamgui.exe PRC - [2012-06-05 21:26:04 \| 000,935,480 \|——\| M] ()—C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe PRC - [2012-05-24 20:39:22 \| 027,112,840 \|——\| M] (Dropbox, Inc.)—C:\Users\acer\AppData\Roaming\Dropbox\bin\Dropbox.exe ========== Modules (No Company Name) ========== MOD - [2012-02-20 21:29:04 \| 000,087,912 \|——\| M] ()—C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012-02-20 21:28:42 \| 001,242,472 \|——\| M] ()—C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [On_Demand \| Stopped]—C:\Program Files\Microsoft Security Client\NisSrv.exe—(NisSrv) SRV:64bit: - File not found [Auto \| Stopped]—C:\Program Files\Microsoft Security Client\MsMpEng.exe—(MsMpSvc) SRV:64bit: - [2009-08-18 02:36:20 \| 000,203,264 \|——\| M] (AMD) [Auto \| Running]—C:\Windows\SysNative\atiesrxx.exe—(AMD External Events Utility) SRV - [2012-07-03 13:46:44 \| 000,655,944 \|——\| M] (Malwarebytes Corporation) [Auto \| Running]—C:\Users\acer\Desktop\Malwarebytes’ Anti-Malware\mbamservice.exe—(MBAMService) SRV - [2012-06-05 21:26:04 \| 000,935,480 \|——\| M] () [Auto \| Running]—C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe—(vToolbarUpdater11.1.0) SRV - [2010-03-18 13:16:28 \| 000,130,384 \|——\| M] (Microsoft Corporation) [Auto \| Stopped]—C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe—(clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 \| 000,066,384 \|——\| M] (Microsoft Corporation) [Disabled \| Stopped]—C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe—(clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-07-03 13:46:44 \| 000,024,904 \|——\| M] (Malwarebytes Corporation) [File_System \| On_Demand \| Running]—C:\Windows\SysNative\drivers\mbam.sys—(MBAMProtector) DRV:64bit: - [2012-03-01 08:46:16 \| 000,023,408 \|——\| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown]—C:\Windows\SysNative\drivers\fs_rec.sys—(Fs_Rec) DRV:64bit: - [2012-02-15 11:01:50 \| 000,052,736 \|——\| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\usbaapl64.sys—(USBAAPL64) DRV:64bit: - [2011-03-11 08:41:12 \| 000,107,904 \|——\| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\amdsata.sys—(amdsata) DRV:64bit: - [2011-03-11 08:41:12 \| 000,027,008 \|——\| M] (Advanced Micro Devices) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\amdxata.sys—(amdxata) DRV:64bit: - [2010-11-20 15:33:35 \| 000,078,720 \|——\| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\HpSAMD.sys—(HpSAMD) DRV:64bit: - [2010-11-20 13:07:05 \| 000,059,392 \|——\| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\TsUsbFlt.sys—(TsUsbFlt) DRV:64bit: - [2010-08-25 20:36:04 \| 010,611,552 \|——\| M] (Intel Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\igdkmd64.sys—(igfx) DRV:64bit: - [2009-09-15 19:40:42 \| 006,952,960 \|——\| M] (Intel Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\NETw5s64.sys—(NETw5s64) Intel(R) DRV:64bit: - [2009-08-18 03:48:48 \| 006,037,504 \|——\| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\atikmdag.sys—(atikmdag) DRV:64bit: - [2009-07-14 03:52:20 \| 000,194,128 \|——\| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\amdsbs.sys—(amdsbs) DRV:64bit: - [2009-07-14 03:48:04 \| 000,065,600 \|——\| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\lsi_sas2.sys—(LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 \| 000,024,656 \|——\| M] (Promise Technology) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\stexstor.sys—(stexstor) DRV:64bit: - [2009-07-07 16:53:04 \| 000,032,256 \|——\| M] (http://libusb-win32.sourceforge.net) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\libusb0.sys—(libusb0) DRV:64bit: - [2009-06-10 22:35:28 \| 005,434,368 \|——\| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\netw5v64.sys—(netw5v64) Kortdriver til Intel(R) DRV:64bit: - [2009-06-10 22:34:33 \| 003,286,016 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\evbda.sys—(ebdrv) DRV:64bit: - [2009-06-10 22:34:28 \| 000,468,480 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\bxvbda.sys—(b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 \| 000,270,848 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\b57nd60a.sys—(b57nd60a) DRV:64bit: - [2009-06-10 22:34:18 \| 000,057,344 \|——\| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\L1C62x64.sys—(L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV:64bit: - [2009-06-10 22:31:59 \| 000,031,232 \|——\| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\hcw85cir.sys—(hcw85cir) DRV:64bit: - [2009-05-18 13:17:08 \| 000,034,152 \|——\| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\GEARAspiWDM.sys—(GEARAspiWDM) DRV:64bit: - [2009-02-13 11:02:52 \| 000,014,464 \|——\| M] (Western Digital Technologies) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\wdcsam64.sys—(WDC_SAM) DRV - [2009-07-14 03:19:10 \| 000,019,008 \|——\| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped]—C:\Windows\SysWOW64\drivers\wimmount.sys—(WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D E4 D1 6B B9 F6 CA 01 [binary data] IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: “URL” = http://isearch.avg.com/search?cid={E2B9B8C0-A88C-401F-BDA0-810DB5CE9360}&mid=7a90c8f1e15e47d0944fd1565041dc79-1b296a0f2eafcd196f7edd317868a06e0e385aa3&lang=da&ds=AVG&pr=fr&d=2012-06-05 21:26:07&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\..\SearchScopes\{D034A51B-D244-4E09-92D6-2F6DB3A7269A}: “URL” = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie;={inputEncoding?}&oe;={outputEncoding?} IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-21-2763804674-2296292141-2981214865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: “AVG Secure Search” FF - prefs.js..browser.startup.homepage: “www.google.dk” FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: “http://isearch.avg.com/search?cid={d0b4519f-ef8e-49cf-8c3d-0b68240f31e7}&mid=7a90c8f1e15e47d0944fd1565041dc79-1b296a0f2eafcd196f7edd317868a06e0e385aa3&ds=AVG&v=11.1.0.7&lang=da&pr=fr&d=2012-06-05 21:26:07&sap=ku&q=” FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit:* - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin: C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: C:\\Windows\\system32\\Wat\\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\npctrl.dll ( Microsoft Corporation) FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32.dll () FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=: File not found FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: D:\\iTunes\\Mozilla Plugins\\npitunes.dll () FF - HKLM\\Software\\MozillaPlugins\\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\11.1.0\\\\npsitesafety.dll () FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin: C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: C:\\Windows\\system32\\Wat\\npWatWeb.dll (Microsoft Corporation) FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\npctrl.dll ( Microsoft Corporation) FF - HKLM\\Software\\MozillaPlugins\\@videolan.org/vlc,version=1.1.11: C:\\Program Files (x86)\\VideoLAN\\VLC\\npvlc.dll (the VideoLAN Team) FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\avg@toolbar: C:\\ProgramData\\AVG Secure Search\\11.1.0.7\\ [2012-07-08 20:36:56 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.6.8\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2010-09-12 09:37:40 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.6.8\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2012-06-18 16:32:29 \| 000,000,000 \|—-D \| M] [2010-09-12 09:38:09 \| 000,000,000 \|—-D \| M] (No name found)—C:\\Users\\acer\\AppData\\Roaming\\mozilla\\Extensions [2010-09-12 13:36:48 \| 000,000,000 \|—-D \| M] (No name found)—C:\\Users\\acer\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\6ooalpuy.default\\extensions [2011-10-25 20:03:40 \| 000,000,000 \|—-D \| M] (No name found)—C:\\Program Files (x86)\\mozilla firefox\\extensions [2010-12-09 16:08:02 \| 000,000,000 \|—-D \| M] (Java Console)—C:\\Program Files (x86)\\mozilla firefox\\extensions\\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011-01-16 17:17:32 \| 000,000,000 \|—-D \| M] (Java Console)—C:\\Program Files (x86)\\mozilla firefox\\extensions\\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011-03-01 18:02:23 \| 000,000,000 \|—-D \| M] (Java Console)—C:\\Program Files (x86)\\mozilla firefox\\extensions\\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-06-23 16:52:39 \| 000,000,000 \|—-D \| M] (Java Console)—C:\\Program Files (x86)\\mozilla firefox\\extensions\\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-10-25 20:03:40 \| 000,000,000 \|—-D \| M] (Java Console)—C:\\Program Files (x86)\\mozilla firefox\\extensions\\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011-10-03 05:06:04 \| 000,476,904 \|——\| M] (Sun Microsystems, Inc.)—C:\\Program Files (x86)\\mozilla firefox\\plugins\\npdeployJava1.dll [2010-07-23 02:53:25 \| 000,001,525 \|——\| M] ()—C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\amazon-co-uk.xml [2012-06-05 21:26:02 \| 000,003,747 \|——\| M] ()—C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\avg-secure-search.xml [2010-07-23 02:53:25 \| 000,001,178 \|——\| M] ()—C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\wikipedia-da.xml [2010-07-23 02:53:25 \| 000,001,102 \|——\| M] ()—C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\yahoo-dk.xml O1 HOSTS File: ([2012-07-19 18:51:07 \| 000,000,027 \|——\| M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\\Program Files (x86)\\AVG Secure Search\\11.1.0.7\\AVG Secure Search_toolbar.dll File not found O3 - HKLM\\..\\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\\Program Files (x86)\\AVG Secure Search\\11.1.0.7\\AVG Secure Search_toolbar.dll File not found O3 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..\\Toolbar\\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\\Run: [HotKeysCmds] C:\\Windows\\SysNative\\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\\Run: [IgfxTray] C:\\Windows\\SysNative\\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\\Run: [Persistence] C:\\Windows\\SysNative\\igfxpers.exe (Intel Corporation) O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.) O4 - HKLM..\\Run: [Malwarebytes’ Anti-Malware] C:\\Users\\acer\\Desktop\\Malwarebytes’ Anti-Malware\\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\\Users\\acer\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk = C:\\Users\\acer\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions present O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDrives = 0 O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3 O7 - HKU\\.DEFAULT\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present O7 - HKU\\S-1-5-18\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present O7 - HKU\\S-1-5-19\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present O7 - HKU\\S-1-5-20\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present O7 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present O7 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\\PROGRA~2\\MICROS~1\\Office12\\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\\PROGRA~2\\MICROS~1\\Office12\\EXCEL.EXE/3000 File not found O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~2\\MICROS~1\\Office12\\ONBttnIE.dll (Microsoft Corporation) O9 - Extra ‘Tools’ menuitem : S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~2\\MICROS~1\\Office12\\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~2\\MICROS~1\\Office12\\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\\Catalog_Entries64\\000000000008 [] - C:\\Programmer\\Bonjour\\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000008 [] - C:\\Program Files (x86)\\Bonjour\\mdnsNSP.dll (Apple Inc.) O15 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..Trusted Domains: danskebank.dk ([]https in Trusted sites) O15 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..Trusted Domains: danskebank.dk ([www] https in Trusted sites) O15 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..Trusted Domains: danskebank.dk ([www-2] https in Trusted sites) O15 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..Trusted Domains: microsoft.com ([drmlicense.one] https in Trusted sites) O15 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..Trusted Domains: oestjydskbank.dk ([]https in Trusted sites) O15 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..Trusted Domains: oestjydskbank.dk ([www] https in Trusted sites) O15 - HKU\\S-1-5-21-2763804674-2296292141-2981214865-1000\\..Trusted Domains: phoe.dk ([]* in Local intranet) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class) O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab (e-Safekey) O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 212.10.10.4 212.10.24.252 212.10.10.5 O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{0DE5E58A-36CF-490B-8B44-96BC72DDAAF9}: DhcpNameServer = 212.10.10.4 212.10.24.252 212.10.10.5 O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found O18:64bit: - Protocol\\Handler\\viprotocol - No CLSID value found O18 - Protocol\\Handler\\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\ViProtocolInstaller\\11.1.0\\ViProtocol.dll () O18:64bit: - Protocol\\Filter\\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\\Programmer\\Common Files\\Microsoft Shared\\OFFICE12\\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\\Filter\\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\\PROGRA~2\\COMMON~1\\MICROS~1\\OFFICE12\\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\\Windows\\SysNative\\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysWOW64\\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\\Notify\\igfxcui: DllName - (igfxdev.dll) - C:\\Windows\\SysNative\\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\\..comfile [open]—“%1” %* O35:64bit: - HKLM\..exefile [open]—“%1” %* O35 - HKLM\..comfile [open]—“%1” %* O35 - HKLM\..exefile [open]—“%1” %* O37:64bit: - HKLM\...com [@ = ComFile]—“%1” %* O37:64bit: - HKLM\...exe [@ = exefile]—“%1” %* O37 - HKLM\...com [@ = ComFile]—“%1” %* O37 - HKLM\...exe [@ = exefile]—“%1” %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-07-20 13:50:27 \| 000,596,480 \|——\| C] (OldTimer Tools)—C:\Users\acer\Desktop\OTL.com [2012-07-20 12:42:41 \| 000,000,000 \| -HSD \| C]—C:\$RECYCLE.BIN [2012-07-19 18:57:16 \| 000,000,000 \|—-D \| C]—C:\Windows\temp [2012-07-19 18:40:06 \| 000,518,144 \|——\| C] (SteelWerX)—C:\Windows\SWREG.exe [2012-07-19 18:40:06 \| 000,406,528 \|——\| C] (SteelWerX)—C:\Windows\SWSC.exe [2012-07-19 18:40:06 \| 000,060,416 \|——\| C] (NirSoft)—C:\Windows\NIRCMD.exe [2012-07-19 15:57:38 \| 004,582,475 \| R—- \| C] (Swearware)—C:\Users\acer\Desktop\ComboFix.exe [2012-07-19 10:39:14 \| 002,622,464 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wucltux.dll [2012-07-19 10:39:14 \| 000,057,880 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wuauclt.exe [2012-07-19 10:39:14 \| 000,044,056 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wups2.dll [2012-07-19 10:38:18 \| 000,701,976 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wuapi.dll [2012-07-19 10:38:18 \| 000,099,840 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wudriver.dll [2012-07-19 10:38:18 \| 000,038,424 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wups.dll [2012-07-19 10:37:44 \| 000,186,752 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wuwebv.dll [2012-07-19 10:37:44 \| 000,036,864 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\wuapp.exe [2012-07-19 10:35:08 \| 000,000,000 \|—-D \| C]—C:\Users\acer\AppData\Roaming\Malwarebytes [2012-07-19 10:35:02 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes’ Anti-Malware [2012-07-19 10:35:01 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Malwarebytes [2012-07-19 10:35:00 \| 000,024,904 \|——\| C] (Malwarebytes Corporation)—C:\Windows\SysNative\drivers\mbam.sys [2012-07-19 10:35:00 \| 000,000,000 \|—-D \| C]—C:\Users\acer\Desktop\Malwarebytes’ Anti-Malware [2012-07-19 10:33:13 \| 010,652,120 \|——\| C] (Malwarebytes Corporation )—C:\Users\acer\Desktop\mbam-setup-1.62.0.1300.exe [2012-07-18 20:09:12 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.EAC17F310DD4EAB1 [2012-07-18 15:40:28 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.43D2CADD91E5F7B2 [2012-07-18 15:37:06 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.AE7754A08E60CAA3 [2012-07-18 15:33:30 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.62D0ECAAE8E9AD17 [2012-07-18 15:30:00 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.1E49C580268C2058 [2012-07-18 15:26:20 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.298BF240F243E602 [2012-07-18 15:22:48 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.FF192BD2FF7ACE56 [2012-07-18 15:19:14 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.70BC4822B9CE499D [2012-07-18 15:15:48 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F8C8C0634FE94FAB [2012-07-18 15:12:27 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E5A98A3ECA9B123A [2012-07-18 15:09:10 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.DD86DBE3FB7A2E95 [2012-07-18 15:05:50 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9259C3D5A159192C [2012-07-18 15:02:35 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F76A878F8B499051 [2012-07-18 14:57:22 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.378A9A77F622A390 [2012-07-18 14:54:04 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9269F1E955419B46 [2012-07-18 14:50:59 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C54107CB4E2D0137 [2012-07-18 14:47:44 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.77FC8534ED7BD9D8 [2012-07-18 14:47:19 \| 000,000,000 \|—-D \| C]—C:\Qoobox [2012-07-18 14:47:07 \| 000,000,000 \|—-D \| C]—C:\Windows\erdnt [2012-07-18 14:44:30 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E62FE73948325E3E [2012-07-18 08:43:25 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0ACFA960C448648C [2012-07-18 08:40:04 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C783AB4F26538DF9 [2012-07-18 08:36:51 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0E8A979791C1B741 [2012-07-18 08:33:03 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0EFA911E55EEEDF6 [2012-07-18 08:29:10 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A4F183292C0508F9 [2012-07-18 08:25:14 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C9802838B2CAC6A1 [2012-07-16 17:32:26 \| 000,000,000 \|—-D \| C]—C:\FRST [2012-07-16 16:56:32 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.27E841921B95863D [2012-07-16 16:52:26 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F2E4A3804778A2C9 [2012-07-16 16:48:26 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.01B1BF4A3DC6F449 [2012-07-16 15:58:57 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C8A31849ADCBA067 [2012-07-15 19:45:15 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.3B11F0FF636DB9E8 [2012-07-15 19:41:12 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.BDCE1C881BF0921D [2012-07-15 19:37:08 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9BFB9427F04CBDFE [2012-07-15 19:33:10 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.07112C6502A27372 [2012-07-15 19:29:10 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.15AC4D009DECF303 [2012-07-15 19:24:05 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.4EF7D6D2C96AE080 [2012-07-15 19:18:51 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.CF54AAD0FCC7B93D [2012-07-15 19:14:34 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F3B40E8493CDA7EE [2012-07-15 15:32:00 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.B3D6DE6A756A990B [2012-07-15 15:24:02 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0D28E6CE1A7B1573 [2012-07-15 15:16:48 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.223ECBC430C8E2B2 [2012-07-15 15:12:52 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E116B12B9BF53F93 [2012-07-15 15:06:47 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9E9E350263A1479E [2012-07-15 14:53:51 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.762BF33417600E08 [2012-07-15 14:53:41 \| 001,436,595 \|——\| C] (Farbar)—C:\Users\acer\Desktop\FRST64.exe [2012-07-15 14:49:54 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.6AFA37D17DA3F6D7 [2012-07-15 14:44:31 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C9D85EA22E6EB8C1 [2012-07-11 15:30:35 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.86D103BA368995CF [2012-07-11 15:26:57 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C37C41A2AFCF489A [2012-07-11 15:23:28 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.DEC0F3B881DED418 [2012-07-11 15:19:55 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.14F3D44A36B6C90F [2012-07-11 15:16:06 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.CCAAB0B7863BB133 [2012-07-11 15:12:33 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.D7D5486E532E276E [2012-07-11 15:08:54 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C45D02C1E6A43FFD [2012-07-11 15:05:16 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.5A528C77B145BCDD [2012-07-11 15:01:45 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.057F20D1E19C8D57 [2012-07-11 14:58:13 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.B2FE9DF54AA16C84 [2012-07-11 14:54:18 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.6E9CA8C5B7C54177 [2012-07-11 14:50:30 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A5C9BB2EC0498098 [2012-07-11 14:46:57 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E65B6066AC1D6948 [2012-07-11 14:43:14 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.CA2D400D3094535B [2012-07-10 21:05:07 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A9FE56F43148CD7D [2012-07-10 21:01:19 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.D298A2CF1948F40F [2012-07-10 20:57:40 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A9E4D36F3F5E7C71 [2012-07-10 20:53:52 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A6792AD168918E59 [2012-07-10 20:49:59 \| 000,328,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.698A2E69B01F165D [2012-07-08 20:54:15 \| 000,000,000 \|—-D \| C]—C:\Users\acer\AppData\Local\Mozilla [2012-07-08 20:52:26 \| 000,000,000 \|—-D \| C]—C:\Users\acer\AppData\Local\VirtualStore [2010-08-31 20:47:07 \| 016,127,776 \|——\| C] (Sun Microsystems, Inc.)—C:\Users\acer\jre-6u21-windows-x64.exe ========== Files - Modified Within 30 Days ========== [2012-07-20 12:52:16 \| 000,013,760 \| -H—\| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-20 12:52:16 \| 000,013,760 \| -H—\| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-20 12:42:29 \| 000,067,584 \|—S- \| M] ()—C:\Windows\bootstat.dat [2012-07-20 12:42:22 \| 3167,584,256 \| -HS- \| M] ()—C:\hiberfil.sys [2012-07-20 12:41:28 \| 000,596,480 \|——\| M] (OldTimer Tools)—C:\Users\acer\Desktop\OTL.com [2012-07-20 12:40:32 \| 000,165,376 \|——\| M] ()—C:\Users\acer\Desktop\SystemLook_x64.exe [2012-07-19 18:51:07 \| 000,000,027 \|——\| M] ()—C:\Windows\SysNative\drivers\etc\hosts [2012-07-19 18:33:03 \| 000,001,912 \|——\| M] ()—C:\Windows\epplauncher.mif [2012-07-19 18:32:47 \| 000,617,904 \|——\| M] ()—C:\Windows\SysNative\perfh009.dat [2012-07-19 18:32:47 \| 000,472,220 \|——\| M] ()—C:\Windows\SysNative\perfh006.dat [2012-07-19 18:32:47 \| 000,107,524 \|——\| M] ()—C:\Windows\SysNative\perfc009.dat [2012-07-19 18:32:47 \| 000,081,062 \|——\| M] ()—C:\Windows\SysNative\perfc006.dat [2012-07-19 15:56:46 \| 004,582,475 \| R—- \| M] (Swearware)—C:\Users\acer\Desktop\ComboFix.exe [2012-07-19 10:35:02 \| 000,000,777 \|——\| M] ()—C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-07-19 10:24:06 \| 010,652,120 \|——\| M] (Malwarebytes Corporation )—C:\Users\acer\Desktop\mbam-setup-1.62.0.1300.exe [2012-07-18 20:09:12 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.EAC17F310DD4EAB1 [2012-07-18 15:40:28 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.43D2CADD91E5F7B2 [2012-07-18 15:37:06 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.AE7754A08E60CAA3 [2012-07-18 15:33:30 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.62D0ECAAE8E9AD17 [2012-07-18 15:30:00 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.1E49C580268C2058 [2012-07-18 15:26:20 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.298BF240F243E602 [2012-07-18 15:22:48 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.FF192BD2FF7ACE56 [2012-07-18 15:19:14 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.70BC4822B9CE499D [2012-07-18 15:15:48 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F8C8C0634FE94FAB [2012-07-18 15:12:27 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E5A98A3ECA9B123A [2012-07-18 15:09:10 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.DD86DBE3FB7A2E95 [2012-07-18 15:05:50 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9259C3D5A159192C [2012-07-18 15:02:35 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F76A878F8B499051 [2012-07-18 14:57:22 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.378A9A77F622A390 [2012-07-18 14:54:04 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9269F1E955419B46 [2012-07-18 14:50:59 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C54107CB4E2D0137 [2012-07-18 14:47:44 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.77FC8534ED7BD9D8 [2012-07-18 14:45:17 \| 001,276,860 \|——\| M] ()—C:\Windows\SysNative\PerfStringBackup.INI [2012-07-18 14:44:30 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E62FE73948325E3E [2012-07-18 08:43:25 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0ACFA960C448648C [2012-07-18 08:40:04 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C783AB4F26538DF9 [2012-07-18 08:36:51 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0E8A979791C1B741 [2012-07-18 08:33:03 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0EFA911E55EEEDF6 [2012-07-18 08:29:10 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A4F183292C0508F9 [2012-07-18 08:25:14 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C9802838B2CAC6A1 [2012-07-16 16:56:32 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.27E841921B95863D [2012-07-16 16:52:26 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F2E4A3804778A2C9 [2012-07-16 16:48:26 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.01B1BF4A3DC6F449 [2012-07-16 15:58:57 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C8A31849ADCBA067 [2012-07-15 19:45:15 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.3B11F0FF636DB9E8 [2012-07-15 19:41:12 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.BDCE1C881BF0921D [2012-07-15 19:37:08 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9BFB9427F04CBDFE [2012-07-15 19:33:10 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.07112C6502A27372 [2012-07-15 19:29:10 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.15AC4D009DECF303 [2012-07-15 19:24:05 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.4EF7D6D2C96AE080 [2012-07-15 19:18:51 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.CF54AAD0FCC7B93D [2012-07-15 19:14:34 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.F3B40E8493CDA7EE [2012-07-15 15:32:00 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.B3D6DE6A756A990B [2012-07-15 15:24:02 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.0D28E6CE1A7B1573 [2012-07-15 15:16:48 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.223ECBC430C8E2B2 [2012-07-15 15:12:52 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E116B12B9BF53F93 [2012-07-15 15:06:47 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.9E9E350263A1479E [2012-07-15 14:53:51 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.762BF33417600E08 [2012-07-15 14:49:54 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.6AFA37D17DA3F6D7 [2012-07-15 14:44:31 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C9D85EA22E6EB8C1 [2012-07-15 14:40:44 \| 001,436,595 \|——\| M] (Farbar)—C:\Users\acer\Desktop\FRST64.exe [2012-07-11 15:30:35 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.86D103BA368995CF [2012-07-11 15:26:57 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C37C41A2AFCF489A [2012-07-11 15:23:28 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.DEC0F3B881DED418 [2012-07-11 15:19:55 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.14F3D44A36B6C90F [2012-07-11 15:16:06 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.CCAAB0B7863BB133 [2012-07-11 15:12:33 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.D7D5486E532E276E [2012-07-11 15:08:54 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.C45D02C1E6A43FFD [2012-07-11 15:05:16 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.5A528C77B145BCDD [2012-07-11 15:01:45 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.057F20D1E19C8D57 [2012-07-11 14:58:13 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.B2FE9DF54AA16C84 [2012-07-11 14:54:18 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.6E9CA8C5B7C54177 [2012-07-11 14:50:30 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A5C9BB2EC0498098 [2012-07-11 14:46:57 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.E65B6066AC1D6948 [2012-07-11 14:43:14 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.CA2D400D3094535B [2012-07-10 21:05:07 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A9FE56F43148CD7D [2012-07-10 21:01:19 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.D298A2CF1948F40F [2012-07-10 20:57:40 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A9E4D36F3F5E7C71 [2012-07-10 20:53:52 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.A6792AD168918E59 [2012-07-10 20:49:59 \| 000,328,704 \|——\| M] (Microsoft Corporation)—C:\Windows\SysNative\services.exe.698A2E69B01F165D [2012-07-08 21:04:08 \| 001,296,860 \|——\| M] ()—C:\Windows\SysWow64\PerfStringBackup.INI [2012-07-03 13:46:44 \| 000,024,904 \|——\| M] (Malwarebytes Corporation)—C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012-07-20 12:45:18 \| 000,165,376 \|——\| C] ()—C:\Users\acer\Desktop\SystemLook_x64.exe [2012-07-19 18:40:06 \| 000,256,000 \|——\| C] ()—C:\Windows\PEV.exe [2012-07-19 18:40:06 \| 000,208,896 \|——\| C] ()—C:\Windows\MBR.exe [2012-07-19 18:40:06 \| 000,098,816 \|——\| C] ()—C:\Windows\sed.exe [2012-07-19 18:40:06 \| 000,080,412 \|——\| C] ()—C:\Windows\grep.exe [2012-07-19 18:40:06 \| 000,068,096 \|——\| C] ()—C:\Windows\zip.exe [2012-07-19 10:35:02 \| 000,000,777 \|——\| C] ()—C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-04-04 08:17:11 \| 000,000,168 \|——\| C] ()—C:\ProgramData\-vbUbcGrFEXEU3Xr [2012-04-04 08:17:10 \| 000,000,000 \|——\| C] ()—C:\ProgramData\-vbUbcGrFEXEU3X [2012-04-04 08:16:45 \| 000,000,256 \|——\| C] ()—C:\ProgramData\vbUbcGrFEXEU3X [2011-12-16 17:26:19 \| 000,001,643 \|——\| C] ()—C:\Users\acer\rasphone.pbk [2011-11-06 10:30:57 \| 000,019,425 \|——\| C] ()—C:\Windows\prodsett_copy.ini [2011-05-26 14:03:54 \| 000,000,000 \|——\| C] ()—C:\Users\acer\temp.dat [2011-01-25 21:46:00 \| 001,296,860 \|——\| C] ()—C:\Windows\SysWow64\PerfStringBackup.INI [2010-11-18 13:29:33 \| 000,000,983 \|——\| C] ()—C:\Windows\eReg.dat ========== LOP Check ========== [2012-07-20 12:44:15 \| 000,000,000 \|—-D \| M]—C:\Users\acer\AppData\Roaming\Dropbox [2012-07-15 19:35:02 \| 000,032,550 \|——\| M] ()—C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: ATAPI.SYS > [2009-07-14 03:52:21 \| 000,024,128 \|——\| M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C—C:\Windows\erdnt\cache64\atapi.sys [2009-07-14 03:52:21 \| 000,024,128 \|——\| M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C—C:\Windows\SysNative\drivers\atapi.sys [2009-07-14 03:52:21 \| 000,024,128 \|——\| M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C—C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009-07-14 03:52:21 \| 000,024,128 \|——\| M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C—C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009-07-14 03:52:21 \| 000,024,128 \|——\| M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C—C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: EXPLORER.EXE > [2011-02-26 08:23:14 \| 002,870,272 \|——\| M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93—C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011-02-26 07:19:21 \| 002,616,320 \|——\| M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746—C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009-07-14 03:14:20 \| 002,613,248 \|——\| M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F—C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011-02-26 07:51:13 \| 002,614,784 \|——\| M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8—C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009-10-31 07:45:39 \| 002,614,272 \|——\| M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727—C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011-02-26 07:33:07 \| 002,614,784 \|——\| M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF—C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011-02-25 08:19:30 \| 002,871,808 \|——\| M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3—C:\Windows\erdnt\cache86\explorer.exe [2011-02-25 08:19:30 \| 002,871,808 \|——\| M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3—C:\Windows\explorer.exe [2011-02-25 08:19:30 \| 002,871,808 \|——\| M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3—C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011-02-26 08:14:34 \| 002,871,808 \|——\| M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48—C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010-11-20 14:17:09 \| 002,616,320 \|——\| M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493—C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009-08-03 08:19:07 \| 002,868,224 \|——\| M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6—C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011-02-25 07:30:54 \| 002,616,320 \|——\| M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E—C:\Windows\SysWOW64\explorer.exe [2011-02-25 07:30:54 \| 002,616,320 \|——\| M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E—C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009-08-03 07:49:47 \| 002,613,248 \|——\| M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D—C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009-10-31 08:34:59 \| 002,870,272 \|——\| M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE—C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010-11-20 15:24:45 \| 002,872,320 \|——\| M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24—C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009-10-31 08:38:38 \| 002,870,272 \|——\| M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F—C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009-08-03 07:35:50 \| 002,613,248 \|——\| M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047—C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009-07-14 03:39:10 \| 002,868,224 \|——\| M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64—C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009-10-31 08:00:51 \| 002,614,272 \|——\| M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917—C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011-02-26 08:26:45 \| 002,870,784 \|——\| M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D—C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009-08-03 08:17:37 \| 002,868,224 \|——\| M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799—C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: SERVICES.EXE > [2009-07-14 03:39:37 \| 000,328,704 \|——\| M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06—C:\FRST\Quarantine\services.exe [2009-07-14 03:39:37 \| 000,328,704 \|——\| M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB—C:\Windows\erdnt\cache64\services.exe [2009-07-14 03:39:37 \| 000,328,704 \|——\| M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB—C:\Windows\SysNative\services.exe [2009-07-14 03:39:37 \| 000,328,704 \|——\| M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB—C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe < MD5 for: SVCHOST.EXE > [2009-07-14 03:14:41 \| 000,020,992 \|——\| M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866—C:\Windows\erdnt\cache86\svchost.exe [2009-07-14 03:14:41 \| 000,020,992 \|——\| M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866—C:\Windows\SysWOW64\svchost.exe [2009-07-14 03:14:41 \| 000,020,992 \|——\| M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866—C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2012-07-03 13:46:42 \| 000,217,672 \|——\| M] () MD5=8A7F34F0BBD076EC3815680A7309114F—C:\Users\acer\Desktop\Malwarebytes’ Anti-Malware\Chameleon\svchost.exe [2009-07-14 03:39:46 \| 000,027,136 \|——\| M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D—C:\Windows\erdnt\cache64\svchost.exe [2009-07-14 03:39:46 \| 000,027,136 \|——\| M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D—C:\Windows\SysNative\svchost.exe [2009-07-14 03:39:46 \| 000,027,136 \|——\| M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D—C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010-11-20 14:17:48 \| 000,026,624 \|——\| M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223—C:\Windows\erdnt\cache86\userinit.exe [2010-11-20 14:17:48 \| 000,026,624 \|——\| M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223—C:\Windows\SysWOW64\userinit.exe [2010-11-20 14:17:48 \| 000,026,624 \|——\| M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223—C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009-07-14 03:14:43 \| 000,026,112 \|——\| M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175—C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009-07-14 03:39:48 \| 000,030,208 \|——\| M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE—C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010-11-20 15:25:24 \| 000,030,720 \|——\| M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53—C:\Windows\erdnt\cache64\userinit.exe [2010-11-20 15:25:24 \| 000,030,720 \|——\| M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53—C:\Windows\SysNative\userinit.exe [2010-11-20 15:25:24 \| 000,030,720 \|——\| M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53—C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010-11-20 15:25:30 \| 000,390,656 \|——\| M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457—C:\Windows\erdnt\cache64\winlogon.exe [2010-11-20 15:25:30 \| 000,390,656 \|——\| M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457—C:\Windows\SysNative\winlogon.exe [2010-11-20 15:25:30 \| 000,390,656 \|——\| M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457—C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009-07-14 03:39:52 \| 000,389,120 \|——\| M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A—C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012-07-03 13:46:42 \| 000,217,672 \|——\| M] () MD5=8A7F34F0BBD076EC3815680A7309114F—C:\Users\acer\Desktop\Malwarebytes’ Anti-Malware\Chameleon\winlogon.exe [2009-10-28 09:01:57 \| 000,389,632 \|——\| M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE—C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009-10-28 08:24:40 \| 000,389,632 \|——\| M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A—C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < End of report >
[ Ignorer ] [ # 14 ] Peder TeamSpywarefri
20.07.2012 15:17:41 Redaktør Team Spywarefri Antal indlæg: 14028	Kør OTL > Kopier teksten med fed skrift ind under ”Custom Scans/Fixes” og klik på ”Run Fix”. :OTL :Files C:\Windows\SysNative\services.exe.EAC17F310DD4EAB1 C:\Windows\SysNative\services.exe.43D2CADD91E5F7B2 C:\Windows\SysNative\services.exe.AE7754A08E60CAA3 C:\Windows\SysNative\services.exe.62D0ECAAE8E9AD17 C:\Windows\SysNative\services.exe.1E49C580268C2058 C:\Windows\SysNative\services.exe.298BF240F243E602 C:\Windows\SysNative\services.exe.FF192BD2FF7ACE56 C:\Windows\SysNative\services.exe.70BC4822B9CE499D C:\Windows\SysNative\services.exe.F8C8C0634FE94FAB C:\Windows\SysNative\services.exe.E5A98A3ECA9B123A C:\Windows\SysNative\services.exe.DD86DBE3FB7A2E95 C:\Windows\SysNative\services.exe.9259C3D5A159192C C:\Windows\SysNative\services.exe.F76A878F8B499051 C:\Windows\SysNative\services.exe.378A9A77F622A390 C:\Windows\SysNative\services.exe.9269F1E955419B46 C:\Windows\SysNative\services.exe.C54107CB4E2D0137 C:\Windows\SysNative\services.exe.77FC8534ED7BD9D8 C:\Windows\SysNative\services.exe.E62FE73948325E3E C:\Windows\SysNative\services.exe.0ACFA960C448648C C:\Windows\SysNative\services.exe.C783AB4F26538DF9 C:\Windows\SysNative\services.exe.0E8A979791C1B741 C:\Windows\SysNative\services.exe.0EFA911E55EEEDF6 C:\Windows\SysNative\services.exe.A4F183292C0508F9 C:\Windows\SysNative\services.exe.C9802838B2CAC6A1 C:\Windows\SysNative\services.exe.27E841921B95863D C:\Windows\SysNative\services.exe.F2E4A3804778A2C9 C:\Windows\SysNative\services.exe.01B1BF4A3DC6F449 C:\Windows\SysNative\services.exe.C8A31849ADCBA067 C:\Windows\SysNative\services.exe.3B11F0FF636DB9E8 C:\Windows\SysNative\services.exe.BDCE1C881BF0921D C:\Windows\SysNative\services.exe.9BFB9427F04CBDFE C:\Windows\SysNative\services.exe.07112C6502A27372 C:\Windows\SysNative\services.exe.15AC4D009DECF303 C:\Windows\SysNative\services.exe.4EF7D6D2C96AE080 C:\Windows\SysNative\services.exe.CF54AAD0FCC7B93D C:\Windows\SysNative\services.exe.F3B40E8493CDA7EE C:\Windows\SysNative\services.exe.B3D6DE6A756A990B C:\Windows\SysNative\services.exe.0D28E6CE1A7B1573 C:\Windows\SysNative\services.exe.223ECBC430C8E2B2 C:\Windows\SysNative\services.exe.E116B12B9BF53F93 C:\Windows\SysNative\services.exe.9E9E350263A1479E C:\Windows\SysNative\services.exe.762BF33417600E08 C:\Windows\SysNative\services.exe.6AFA37D17DA3F6D7 C:\Windows\SysNative\services.exe.C9D85EA22E6EB8C1 C:\Windows\SysNative\services.exe.86D103BA368995CF C:\Windows\SysNative\services.exe.C37C41A2AFCF489A C:\Windows\SysNative\services.exe.DEC0F3B881DED418 C:\Windows\SysNative\services.exe.14F3D44A36B6C90F C:\Windows\SysNative\services.exe.CCAAB0B7863BB133 C:\Windows\SysNative\services.exe.D7D5486E532E276E C:\Windows\SysNative\services.exe.C45D02C1E6A43FFD C:\Windows\SysNative\services.exe.5A528C77B145BCDD C:\Windows\SysNative\services.exe.057F20D1E19C8D57 C:\Windows\SysNative\services.exe.B2FE9DF54AA16C84 C:\Windows\SysNative\services.exe.6E9CA8C5B7C54177 C:\Windows\SysNative\services.exe.A5C9BB2EC0498098 C:\Windows\SysNative\services.exe.E65B6066AC1D6948 C:\Windows\SysNative\services.exe.CA2D400D3094535B C:\Windows\SysNative\services.exe.A9FE56F43148CD7D C:\Windows\SysNative\services.exe.D298A2CF1948F40F C:\Windows\SysNative\services.exe.A9E4D36F3F5E7C71 C:\Windows\SysNative\services.exe.A6792AD168918E59 C:\Windows\SysNative\services.exe.698A2E69B01F165D ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [ClearAllRestorePoints] [EMPTYFLASH] [Reboot] Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd. Hvordan kører din PC nu? PS: Hvilken antivirusprogram kører du med nu?. Signatur Kaffen er drukket Kassen er lukket Støtten gør mere nytte Hos de små og forknytte Børns Vilkår
[ Ignorer ] [ # 15 ] JFK
21.07.2012 08:31:40 Antal indlæg: 13	Computeren kører rigtig fint nu, den lukker ikke ned længere, så jeg går ud fra, at den er rask nu? Så jeg takker mange gange. Jeg har microsoft security essentials - er det et ok program? Tidligere har jeg haft Bullguard, men fik at vide, at det andet kunne være ligeså godt. Her er logfilen: All processes killed ========== OTL ========== ========== FILES ========== File\Folder C:\Windows\SysNative\services.exe.EAC17F310DD4EAB1 not found. File\Folder C:\Windows\SysNative\services.exe.43D2CADD91E5F7B2 not found. File\Folder C:\Windows\SysNative\services.exe.AE7754A08E60CAA3 not found. File\Folder C:\Windows\SysNative\services.exe.62D0ECAAE8E9AD17 not found. File\Folder C:\Windows\SysNative\services.exe.1E49C580268C2058 not found. File\Folder C:\Windows\SysNative\services.exe.298BF240F243E602 not found. File\Folder C:\Windows\SysNative\services.exe.FF192BD2FF7ACE56 not found. File\Folder C:\Windows\SysNative\services.exe.70BC4822B9CE499D not found. File\Folder C:\Windows\SysNative\services.exe.F8C8C0634FE94FAB not found. File\Folder C:\Windows\SysNative\services.exe.E5A98A3ECA9B123A not found. File\Folder C:\Windows\SysNative\services.exe.DD86DBE3FB7A2E95 not found. File\Folder C:\Windows\SysNative\services.exe.9259C3D5A159192C not found. File\Folder C:\Windows\SysNative\services.exe.F76A878F8B499051 not found. File\Folder C:\Windows\SysNative\services.exe.378A9A77F622A390 not found. File\Folder C:\Windows\SysNative\services.exe.9269F1E955419B46 not found. File\Folder C:\Windows\SysNative\services.exe.C54107CB4E2D0137 not found. File\Folder C:\Windows\SysNative\services.exe.77FC8534ED7BD9D8 not found. File\Folder C:\Windows\SysNative\services.exe.E62FE73948325E3E not found. File\Folder C:\Windows\SysNative\services.exe.0ACFA960C448648C not found. File\Folder C:\Windows\SysNative\services.exe.C783AB4F26538DF9 not found. File\Folder C:\Windows\SysNative\services.exe.0E8A979791C1B741 not found. File\Folder C:\Windows\SysNative\services.exe.0EFA911E55EEEDF6 not found. File\Folder C:\Windows\SysNative\services.exe.A4F183292C0508F9 not found. File\Folder C:\Windows\SysNative\services.exe.C9802838B2CAC6A1 not found. File\Folder C:\Windows\SysNative\services.exe.27E841921B95863D not found. File\Folder C:\Windows\SysNative\services.exe.F2E4A3804778A2C9 not found. File\Folder C:\Windows\SysNative\services.exe.01B1BF4A3DC6F449 not found. File\Folder C:\Windows\SysNative\services.exe.C8A31849ADCBA067 not found. File\Folder C:\Windows\SysNative\services.exe.3B11F0FF636DB9E8 not found. File\Folder C:\Windows\SysNative\services.exe.BDCE1C881BF0921D not found. File\Folder C:\Windows\SysNative\services.exe.9BFB9427F04CBDFE not found. File\Folder C:\Windows\SysNative\services.exe.07112C6502A27372 not found. File\Folder C:\Windows\SysNative\services.exe.15AC4D009DECF303 not found. File\Folder C:\Windows\SysNative\services.exe.4EF7D6D2C96AE080 not found. File\Folder C:\Windows\SysNative\services.exe.CF54AAD0FCC7B93D not found. File\Folder C:\Windows\SysNative\services.exe.F3B40E8493CDA7EE not found. File\Folder C:\Windows\SysNative\services.exe.B3D6DE6A756A990B not found. File\Folder C:\Windows\SysNative\services.exe.0D28E6CE1A7B1573 not found. File\Folder C:\Windows\SysNative\services.exe.223ECBC430C8E2B2 not found. File\Folder C:\Windows\SysNative\services.exe.E116B12B9BF53F93 not found. File\Folder C:\Windows\SysNative\services.exe.9E9E350263A1479E not found. File\Folder C:\Windows\SysNative\services.exe.762BF33417600E08 not found. File\Folder C:\Windows\SysNative\services.exe.6AFA37D17DA3F6D7 not found. File\Folder C:\Windows\SysNative\services.exe.C9D85EA22E6EB8C1 not found. File\Folder C:\Windows\SysNative\services.exe.86D103BA368995CF not found. File\Folder C:\Windows\SysNative\services.exe.C37C41A2AFCF489A not found. File\Folder C:\Windows\SysNative\services.exe.DEC0F3B881DED418 not found. File\Folder C:\Windows\SysNative\services.exe.14F3D44A36B6C90F not found. File\Folder C:\Windows\SysNative\services.exe.CCAAB0B7863BB133 not found. File\Folder C:\Windows\SysNative\services.exe.D7D5486E532E276E not found. File\Folder C:\Windows\SysNative\services.exe.C45D02C1E6A43FFD not found. File\Folder C:\Windows\SysNative\services.exe.5A528C77B145BCDD not found. File\Folder C:\Windows\SysNative\services.exe.057F20D1E19C8D57 not found. File\Folder C:\Windows\SysNative\services.exe.B2FE9DF54AA16C84 not found. File\Folder C:\Windows\SysNative\services.exe.6E9CA8C5B7C54177 not found. File\Folder C:\Windows\SysNative\services.exe.A5C9BB2EC0498098 not found. File\Folder C:\Windows\SysNative\services.exe.E65B6066AC1D6948 not found. File\Folder C:\Windows\SysNative\services.exe.CA2D400D3094535B not found. File\Folder C:\Windows\SysNative\services.exe.A9FE56F43148CD7D not found. File\Folder C:\Windows\SysNative\services.exe.D298A2CF1948F40F not found. File\Folder C:\Windows\SysNative\services.exe.A9E4D36F3F5E7C71 not found. File\Folder C:\Windows\SysNative\services.exe.A6792AD168918E59 not found. File\Folder C:\Windows\SysNative\services.exe.698A2E69B01F165D not found. < ipconfig /flushdns /c > Windows IP-konfiguration DNS Resolver Cache blev t›mt. C:\Users\acer\Desktop\cmd.bat deleted successfully. C:\Users\acer\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: acer ->Temp folder emptied: 841 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 3780823 bytes ->Flash cache emptied: 456 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 15048 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 4,00 mb Restore point Set: OTL Restore Point [EMPTYFLASH] User: acer ->Flash cache emptied: 0 bytes User: All Users User: Default User: Default User User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07212012_081750 Files\Folders moved on Reboot… C:\Users\acer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files… File C:\Users\acer\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot…

1 af 2

Næste