Jump to content

0x80070424


Mank70
 Share

Recommended Posts

Min windows friewall har gått ner och när jag försöker starta eländet så får jag följande felkod: 0x80070424. Även 0x8007042c förekommer.

Jag har provat med "fixit" som microsoft rekommenderar men det hjälper mig inte. Det är ej heller ngt fel på min windows update. Jag hade ett liknande problem för ett tag sedan på min microsofts antivirus program.. kommer dock tyvärr inte ihåg hur jag fick till det då.. :(

Mycket tacksam för svar! /Magnus

Link to comment
Share on other sites

Du kan fortfarande ha en infekterad dator...

Rootkit revealer och rensning.. http://www.gmer.net/

http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx

Plus någon bra onlineskanner om du inte har någon annan sedan tidigare. Malwarebytes.. till att börja med.. http://www.malwarebytes.org/products/malwarebytes_free

Sedan kan vi hoppas på att vårat kvinnliga superproffs på säkerheten är tillgänglig... :D

Link to comment
Share on other sites

;)

Min gissning är att Mank70 menar att göra en ominstallation av Windows med detta

Funderar på att boota om hela datorn
. En ominstallation av Windows inklusive formatering är ett bra sätt att bli av med de allra flesta typer av skadliga program, under förutsättning att man också ser till att skriva dit en ny MBR.

Men om Mank70 hellre vill pröva med att rensa datorn så följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn så gott det går. Svar här förstås.

Link to comment
Share on other sites

Tack för sbaren!

Jag har provat de trix som förelsagits och det har gått bet. Nu kan jag ej heller uppdatera Microsoft secrity essentials. Så det blir nog till att ominstallera windows. Frågan är då funkar det eftersom jag inte kan tömma hårddisken- då jag bara har en backupskiva för windows? Och vad äre MBR? :)

Tack!

Link to comment
Share on other sites

Du måste formatera om hela C: för att få bort skadliga filer och det innebär att C: blir helt tom. Men vad menar du med backup-skiva, vad står det på den?

MBR = Master Boot Record, det är liten fil först på hårddisken som berättar för BIOS var Windows startfiler finns.

Det förekommer att skadliga program (vissa rootkit) ändrar i MBR och då behöver man skriva över MBR med normal version av MBR.

;) Det ser inte ut som att du har prövat att rensa datorn genom att följa mina anvisningar, eftersom du inte har klistrat in några loggar.

Link to comment
Share on other sites

Hej Cecilia. Med backupskiva menar jag den återställningsskiva jag skapade när jag köpte datorn eftersom det windows som följde med köpet redan var inlagt och ingen windowsorginalskiva följde med..

Jag har nu gjort som det stod på sidan du länkade till och skapat en textfil. Ska jag alltså skriva ut den här i forumet eller hur menar du? :)

Fortfarande mycket tacksam för den hjlp jag får! :) /Magnus

Link to comment
Share on other sites

Hej!

En återställningsskiva alltså, den kommer att skriva över hela C: med nytt innehåll men troligen inte ändra MBR (beror lite på eftersom de kan variera beroende på datortillverkare och -modell).

Kopiera hela innehållet i DDS.txt och klistra in det i ditt svar här i forumet.

Vänta med att tacka tills du vet att det löser sig ;)

Link to comment
Share on other sites

Here we go..

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Mank70 at 19:36:49 on 2012-07-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8151.6052 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Logitech\G35\G35.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.se/

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: RewardsArcade: {597a9974-8cb0-4f41-b61f-ed065738a397} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll

BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

TCP: Interfaces\{575E171D-DDF1-4DB7-AEDE-6ABC6CA8B4EB} : NameServer = 130.244.127.162,212.247.250.254

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{53707962-6F74-2D53-2644-206D7942484F}

{597A9974-8CB0-4f41-B61F-ED065738A397}

{9CB65201-89C4-402c-BA80-02D8C59F9B1D}

{ba14329e-9550-4989-b3f2-9732e92d17cc}

{FE063DB1-4EC0-403e-8DD8-394C54984B2C}

{ba14329e-9550-4989-b3f2-9732e92d17cc}

{FE063DB9-4EC0-403e-8DD8-394C54984B2C}

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Standard)]

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-25 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys --> C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSCamd64.sys [?]

S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSRamd64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-09 16:53:34 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{657BA206-C594-4B71-AC0D-6D8FCFC2B281}\gapaengine.dll

2012-07-09 16:51:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-07-09 16:51:11 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-07-09 16:50:57 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-07-09 16:50:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-07-09 16:47:58 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F8AD044-29E9-46C9-A717-07EE333CCEA4}\mpengine.dll

2012-07-09 15:11:33 -------- d-----w- C:\ProgramData\IBUpdaterService

2012-07-09 13:53:57 -------- d-----w- C:\0ebca1d037f143b46736e586b3ec8b

2012-07-09 13:40:18 -------- d-----w- C:\Users\Mank70\AppData\Local\ElevatedDiagnostics

2012-07-05 08:18:51 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-17 18:57:30 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-06-13 10:18:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

.

==================== Find3M ====================

.

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-09 20:42:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-09 20:42:46 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 19:37:10,43 ===============

Link to comment
Share on other sites

1.

Avinstallera:

RewardsArcade, orsak: http://www.systemlookup.com/CLSID/74249-RewardsArcade_dll.html

Vuze Remote Toolbar, orsak: http://www.systemlookup.com/CLSID/70253-tbVuze_dll_tbVuz0_dll_tbVuz1_dll_tbVuz2_dll_prxtbVuze_dll_prxtbVuz0_dll_prxtbVuz1_dll_prxtbVuz2_dll.html

Ask Toolbar (eller något annat med Ask, det varierar en del vad det kallas), orsak: http://www.systemlookup.com/CLSID/26711-ASKTBAR_DLL_Uninstall_Ask_Toolbar_dll.html

2.

2012-07-09 15:11:33 -------- d-----w- C:\ProgramData\IBUpdaterService

Det är något som hör ihop med InstallBrain Installer och mappen skapades någon gång igår eftermiddag (inte nödvändigtvis vid 15-tiden).

Började dina problem i samband med att du installerade eller avinstallerade något eftermiddag?

Vad i så fall?

3.

Spara SystemLook på Skrivbordet från:

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

Dubbelklicka på SystemLook-filen för att köra den.

Kopiera alla rader i rutan

:dir
C:\ProgramData\IBUpdaterService
C:\0ebca1d037f143b46736e586b3ec8b

och klistra in i det stora textfältet i SýstemLook.

Tryck på knappen Look för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som SystemLook.txt på Skrivbordet.

Link to comment
Share on other sites

1.Jag har fixat att ta bort de första 2. ask toolbar hittar jag helt sonkia inte.

2. Jag har lagt in mägnder med olika program i syfte att få bukt med mina nuvarande dataproblem de senaste dagarna- svårt att veta vilket..

3:

SystemLook 30.07.11 by jpshortstuff

Log created at 13:12 on 11/07/2012 by Mank70

Administrator - Elevation successful

========== dir ==========

C:\ProgramData\IBUpdaterService - Parameters: "(none)"

---Files---

repository.xml --a---- 3596 bytes [15:11 09/07/2012] [15:11 09/07/2012]

---Folders---

None found.

C:\0ebca1d037f143b46736e586b3ec8b - Parameters: "(none)"

---Files---

None found.

---Folders---

Sandbox d------ [13:53 09/07/2012]

-= EOF =-

Link to comment
Share on other sites

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas

Om det kommer upp något meddelande, t ex att ett rootkit har hittats, från ComboFix skriv ner det och skriv det sedan i ditt svar.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Link to comment
Share on other sites

Det stod ingenting om ngt rootkit eller ngt annat. Detta är texten som lämnades:

ComboFix 12-07-12.02 - Mank70 2012-07-12 13:39:55.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8151.6140 [GMT 2:00]

Körs från: c:\users\Mank70\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Mank70\AppData\Local\Temp\{912F698F-3990-43C0-87D8-3917736BB774}\fpb.tmp

.

.

(((((((((((((((((((((((( Filer skapade från 2012-06-12 till 2012-07-12 ))))))))))))))))))))))))))))))

.

.

2012-07-11 22:05 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-07-11 22:05 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-11 13:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 10:35 . 2012-07-11 10:35 -------- d-----w- c:\users\Mank70\AppData\Roaming\Malwarebytes

2012-07-11 10:35 . 2012-07-11 10:35 -------- d-----w- c:\programdata\Malwarebytes

2012-07-11 10:35 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-11 10:35 . 2012-07-11 10:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-09 16:53 . 2012-02-11 11:08 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{657BA206-C594-4B71-AC0D-6D8FCFC2B281}\gapaengine.dll

2012-07-09 16:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-09 16:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-07-09 16:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-07-09 16:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-09 16:51 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-07-09 16:51 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-07-09 16:51 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-07-09 16:50 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-09 16:50 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-07-09 16:47 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F8AD044-29E9-46C9-A717-07EE333CCEA4}\mpengine.dll

2012-07-09 15:11 . 2012-07-09 15:11 -------- d-----w- c:\programdata\IBUpdaterService

2012-07-09 13:53 . 2012-07-09 13:54 -------- d-----w- C:\0ebca1d037f143b46736e586b3ec8b

2012-07-09 13:40 . 2012-07-09 13:45 -------- d-----w- c:\users\Mank70\AppData\Local\ElevatedDiagnostics

2012-07-05 08:18 . 2012-02-11 11:08 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-07-03 11:02 . 2012-07-03 11:02 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-06-17 18:57 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-09 20:42 . 2012-04-05 06:24 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-09 20:42 . 2011-11-25 17:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-28 1242448]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]

"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]

"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]

"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-18 1088920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-11-28 410184]

R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-11-28 341832]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-11-28 16008]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-25 1255736]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-11-28 22408]

S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-11-28 66328]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-19 702976]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]

.

.

--- Övriga tjänster/drivrutiner i minnet ---

.

*NewlyCreated* - WS2IFSL

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]

"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: Interfaces\{575E171D-DDF1-4DB7-AEDE-6ABC6CA8B4EB}: NameServer = 130.244.127.162,212.247.250.254

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

.

.

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]

@="131473"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andra processer som körs ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

.

**************************************************************************

.

Sluttid: 2012-07-12 13:47:49 - datorn startades om.

ComboFix-quarantined-files.txt 2012-07-12 11:47

.

Före genomsökningen: 644 445 216 768 byte ledigt

Efter genomsökningen: 644 549 283 840 byte ledigt

.

- - End Of File - - CEE9FEBF91642C3269F6F6508A89C3A2

Link to comment
Share on other sites

1.

Kopiera alla rader i rutan:

Killall::
ClearJavaCache::
DDS::
2012-07-09 15:11:33 -------- d-----w- C:\ProgramData\IBUpdaterService
2012-07-09 13:53:57 -------- d-----w- C:\0ebca1d037f143b46736e586b3ec8b

och klistra in i Anteckningar. Kontrollera att det är 5 rader.

Spara filen på Skrivbordet med namnet CFScript.

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut samt en ny DDS-logg.

2.

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe.

Klicka på Start Scan.

Om några malicious hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Om några suspicious hittas så välj Skip och klicka på Continue. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

3.

Spara aswMBR på skrivbordet: http://public.avast.com/~gmerek/aswMBR.exe

Starta om datorn och låt bli att starta några program.

Dubbel-klicka på aswMBR.exe för att köra programmet.

Klicka på Scan-knappen för att börja genomsökningen.

När den är klar så spara (Save) loggen på skrivbordet.

Klistra in loggen i ditt svar här.

4.

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

Avbocka alternativet Remove found threats

Bocka för Scan Archives

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

Klicka på Scan

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

Link to comment
Share on other sites

1.

SystemLook 30.07.11 by jpshortstuff

Log created at 13:12 on 11/07/2012 by Mank70

Administrator - Elevation successful

========== dir ==========

C:\ProgramData\IBUpdaterService - Parameters: "(none)"

---Files---

repository.xml --a---- 3596 bytes [15:11 09/07/2012] [15:11 09/07/2012]

---Folders---

None found.

C:\0ebca1d037f143b46736e586b3ec8b - Parameters: "(none)"

---Files---

None found.

---Folders---

Sandbox d------ [13:53 09/07/2012]

-= EOF =-

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Mank70 at 14:10:49 on 2012-07-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8151.6133 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Logitech\G35\G35.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.se/

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

TCP: Interfaces\{575E171D-DDF1-4DB7-AEDE-6ABC6CA8B4EB} : NameServer = 130.244.127.162,212.247.250.254

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{53707962-6F74-2D53-2644-206D7942484F}

{9CB65201-89C4-402c-BA80-02D8C59F9B1D}

{ba14329e-9550-4989-b3f2-9732e92d17cc}

{FE063DB1-4EC0-403e-8DD8-394C54984B2C}

{ba14329e-9550-4989-b3f2-9732e92d17cc}

{FE063DB9-4EC0-403e-8DD8-394C54984B2C}

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-11 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-25 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys --> C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSCamd64.sys [?]

S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSRamd64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-13 12:07:34 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-12 11:39:18 98816 ----a-w- C:\Windows\sed.exe

2012-07-12 11:39:18 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-12 11:39:18 256000 ----a-w- C:\Windows\PEV.exe

2012-07-12 11:39:18 208896 ----a-w- C:\Windows\MBR.exe

2012-07-11 22:05:24 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-07-11 22:05:24 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-07-11 13:02:04 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 10:35:32 -------- d-----w- C:\Users\Mank70\AppData\Roaming\Malwarebytes

2012-07-11 10:35:24 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-11 10:35:24 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-11 10:35:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-09 16:53:34 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{657BA206-C594-4B71-AC0D-6D8FCFC2B281}\gapaengine.dll

2012-07-09 16:51:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-07-09 16:51:11 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-07-09 16:50:57 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-07-09 16:50:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-07-09 16:47:58 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F8AD044-29E9-46C9-A717-07EE333CCEA4}\mpengine.dll

2012-07-09 15:11:33 -------- d-----w- C:\ProgramData\IBUpdaterService

2012-07-09 13:53:57 -------- d-----w- C:\0ebca1d037f143b46736e586b3ec8b

2012-07-09 13:40:18 -------- d-----w- C:\Users\Mank70\AppData\Local\ElevatedDiagnostics

2012-07-05 08:18:51 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-17 18:57:30 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.

==================== Find3M ====================

.

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-09 20:42:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-09 20:42:46 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 14:11:42,76 ===============

2.

14:12:57.0069 3756 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35

14:12:57.0444 3756 ============================================================

14:12:57.0444 3756 Current date / time: 2012/07/13 14:12:57.0444

14:12:57.0444 3756 SystemInfo:

14:12:57.0444 3756

14:12:57.0444 3756 OS Version: 6.1.7601 ServicePack: 1.0

14:12:57.0444 3756 Product type: Workstation

14:12:57.0444 3756 ComputerName: MANK70-DATOR

14:12:57.0444 3756 UserName: Mank70

14:12:57.0444 3756 Windows directory: C:\Windows

14:12:57.0444 3756 System windows directory: C:\Windows

14:12:57.0444 3756 Running under WOW64

14:12:57.0444 3756 Processor architecture: Intel x64

14:12:57.0444 3756 Number of processors: 8

14:12:57.0444 3756 Page size: 0x1000

14:12:57.0444 3756 Boot type: Normal boot

14:12:57.0444 3756 ============================================================

14:12:58.0817 3756 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:12:58.0848 3756 ============================================================

14:12:58.0848 3756 \Device\Harddisk0\DR0:

14:12:58.0848 3756 MBR partitions:

14:12:58.0848 3756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

14:12:58.0848 3756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72FBC1C1

14:12:58.0848 3756 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72FEE9C1, BlocksNum 0x1717000

14:12:58.0848 3756 ============================================================

14:12:58.0879 3756 C: <-> \Device\Harddisk0\DR0\Partition1

14:12:58.0926 3756 D: <-> \Device\Harddisk0\DR0\Partition2

14:12:58.0926 3756 ============================================================

14:12:58.0926 3756 Initialize success

14:12:58.0926 3756 ============================================================

14:13:00.0579 4600 ============================================================

14:13:00.0595 4600 Scan started

14:13:00.0595 4600 Mode: Manual;

14:13:00.0595 4600 ============================================================

14:13:00.0829 4600 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

14:13:00.0829 4600 1394ohci - ok

14:13:00.0876 4600 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

14:13:00.0891 4600 ACPI - ok

14:13:00.0907 4600 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

14:13:00.0907 4600 AcpiPmi - ok

14:13:01.0079 4600 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

14:13:01.0079 4600 AdobeARMservice - ok

14:13:01.0157 4600 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

14:13:01.0203 4600 adp94xx - ok

14:13:01.0235 4600 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

14:13:01.0266 4600 adpahci - ok

14:13:01.0313 4600 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

14:13:01.0313 4600 adpu320 - ok

14:13:01.0359 4600 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

14:13:01.0359 4600 AeLookupSvc - ok

14:13:01.0422 4600 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

14:13:01.0437 4600 AFD - ok

14:13:01.0469 4600 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

14:13:01.0469 4600 agp440 - ok

14:13:01.0500 4600 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

14:13:01.0500 4600 ALG - ok

14:13:01.0515 4600 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

14:13:01.0515 4600 aliide - ok

14:13:01.0547 4600 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

14:13:01.0547 4600 amdide - ok

14:13:01.0562 4600 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

14:13:01.0562 4600 AmdK8 - ok

14:13:01.0593 4600 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

14:13:01.0593 4600 AmdPPM - ok

14:13:01.0640 4600 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

14:13:01.0640 4600 amdsata - ok

14:13:01.0687 4600 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

14:13:01.0687 4600 amdsbs - ok

14:13:01.0703 4600 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

14:13:01.0703 4600 amdxata - ok

14:13:01.0734 4600 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

14:13:01.0734 4600 AppID - ok

14:13:01.0749 4600 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

14:13:01.0749 4600 AppIDSvc - ok

14:13:01.0812 4600 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

14:13:01.0812 4600 Appinfo - ok

14:13:01.0843 4600 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

14:13:01.0843 4600 arc - ok

14:13:01.0859 4600 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

14:13:01.0859 4600 arcsas - ok

14:13:01.0890 4600 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

14:13:01.0890 4600 AsyncMac - ok

14:13:01.0937 4600 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

14:13:01.0937 4600 atapi - ok

14:13:02.0015 4600 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:13:02.0046 4600 AudioEndpointBuilder - ok

14:13:02.0061 4600 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

14:13:02.0061 4600 AudioSrv - ok

14:13:02.0124 4600 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

14:13:02.0124 4600 AxInstSV - ok

14:13:02.0171 4600 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

14:13:02.0202 4600 b06bdrv - ok

14:13:02.0249 4600 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

14:13:02.0249 4600 b57nd60a - ok

14:13:02.0295 4600 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

14:13:02.0295 4600 BDESVC - ok

14:13:02.0311 4600 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

14:13:02.0311 4600 Beep - ok

14:13:02.0405 4600 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

14:13:02.0436 4600 BFE - ok

14:13:02.0529 4600 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

14:13:02.0576 4600 BITS - ok

14:13:02.0639 4600 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

14:13:02.0639 4600 blbdrive - ok

14:13:02.0654 4600 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

14:13:02.0654 4600 bowser - ok

14:13:02.0670 4600 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

14:13:02.0670 4600 BrFiltLo - ok

14:13:02.0670 4600 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

14:13:02.0670 4600 BrFiltUp - ok

14:13:02.0717 4600 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

14:13:02.0717 4600 BridgeMP - ok

14:13:02.0732 4600 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

14:13:02.0748 4600 Browser - ok

14:13:02.0779 4600 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

14:13:02.0795 4600 Brserid - ok

14:13:02.0810 4600 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

14:13:02.0810 4600 BrSerWdm - ok

14:13:02.0810 4600 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:13:02.0810 4600 BrUsbMdm - ok

14:13:02.0810 4600 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

14:13:02.0810 4600 BrUsbSer - ok

14:13:02.0826 4600 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

14:13:02.0826 4600 BTHMODEM - ok

14:13:02.0873 4600 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

14:13:02.0873 4600 bthserv - ok

14:13:02.0904 4600 catchme - ok

14:13:02.0919 4600 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

14:13:02.0919 4600 cdfs - ok

14:13:02.0966 4600 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

14:13:02.0982 4600 cdrom - ok

14:13:02.0997 4600 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:13:03.0013 4600 CertPropSvc - ok

14:13:03.0044 4600 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

14:13:03.0044 4600 circlass - ok

14:13:03.0091 4600 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

14:13:03.0091 4600 CLFS - ok

14:13:03.0153 4600 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:13:03.0153 4600 clr_optimization_v2.0.50727_32 - ok

14:13:03.0216 4600 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:13:03.0216 4600 clr_optimization_v2.0.50727_64 - ok

14:13:03.0294 4600 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:13:03.0294 4600 clr_optimization_v4.0.30319_32 - ok

14:13:03.0356 4600 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:13:03.0356 4600 clr_optimization_v4.0.30319_64 - ok

14:13:03.0387 4600 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

14:13:03.0387 4600 CmBatt - ok

14:13:03.0419 4600 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

14:13:03.0419 4600 cmdide - ok

14:13:03.0497 4600 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

14:13:03.0497 4600 CNG - ok

14:13:03.0543 4600 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

14:13:03.0543 4600 Compbatt - ok

14:13:03.0575 4600 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

14:13:03.0575 4600 CompositeBus - ok

14:13:03.0590 4600 COMSysApp - ok

14:13:03.0637 4600 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

14:13:03.0637 4600 crcdisk - ok

14:13:03.0684 4600 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

14:13:03.0684 4600 CryptSvc - ok

14:13:03.0762 4600 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:13:03.0777 4600 DcomLaunch - ok

14:13:03.0824 4600 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

14:13:03.0840 4600 defragsvc - ok

14:13:03.0887 4600 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

14:13:03.0887 4600 DfsC - ok

14:13:03.0933 4600 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

14:13:03.0949 4600 Dhcp - ok

14:13:03.0965 4600 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

14:13:03.0965 4600 discache - ok

14:13:03.0980 4600 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

14:13:03.0980 4600 Disk - ok

14:13:04.0027 4600 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

14:13:04.0027 4600 Dnscache - ok

14:13:04.0074 4600 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

14:13:04.0089 4600 dot3svc - ok

14:13:04.0136 4600 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

14:13:04.0136 4600 DPS - ok

14:13:04.0152 4600 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

14:13:04.0152 4600 drmkaud - ok

14:13:04.0230 4600 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

14:13:04.0245 4600 DXGKrnl - ok

14:13:04.0261 4600 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

14:13:04.0277 4600 EapHost - ok

14:13:04.0433 4600 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

14:13:04.0511 4600 ebdrv - ok

14:13:04.0635 4600 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

14:13:04.0635 4600 EFS - ok

14:13:04.0729 4600 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

14:13:04.0745 4600 ehRecvr - ok

14:13:04.0776 4600 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

14:13:04.0776 4600 ehSched - ok

14:13:04.0869 4600 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

14:13:04.0885 4600 elxstor - ok

14:13:04.0901 4600 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

14:13:04.0901 4600 ErrDev - ok

14:13:04.0979 4600 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

14:13:04.0994 4600 EventSystem - ok

14:13:05.0041 4600 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

14:13:05.0041 4600 exfat - ok

14:13:05.0072 4600 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

14:13:05.0072 4600 fastfat - ok

14:13:05.0166 4600 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

14:13:05.0166 4600 Fax - ok

14:13:05.0181 4600 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

14:13:05.0181 4600 fdc - ok

14:13:05.0197 4600 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

14:13:05.0197 4600 fdPHost - ok

14:13:05.0213 4600 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

14:13:05.0213 4600 FDResPub - ok

14:13:05.0228 4600 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

14:13:05.0228 4600 FileInfo - ok

14:13:05.0244 4600 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

14:13:05.0244 4600 Filetrace - ok

14:13:05.0259 4600 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

14:13:05.0259 4600 flpydisk - ok

14:13:05.0291 4600 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

14:13:05.0291 4600 FltMgr - ok

14:13:05.0400 4600 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

14:13:05.0431 4600 FontCache - ok

14:13:05.0493 4600 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:13:05.0493 4600 FontCache3.0.0.0 - ok

14:13:05.0525 4600 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

14:13:05.0525 4600 FsDepends - ok

14:13:05.0571 4600 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

14:13:05.0571 4600 Fs_Rec - ok

14:13:05.0618 4600 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

14:13:05.0618 4600 fvevol - ok

14:13:05.0634 4600 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

14:13:05.0634 4600 gagp30kx - ok

14:13:05.0743 4600 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

14:13:05.0759 4600 GameConsoleService - ok

14:13:05.0837 4600 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

14:13:05.0852 4600 gpsvc - ok

14:13:05.0868 4600 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

14:13:05.0868 4600 hcw85cir - ok

14:13:05.0915 4600 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

14:13:05.0915 4600 HDAudBus - ok

14:13:05.0946 4600 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

14:13:05.0946 4600 HECIx64 - ok

14:13:05.0961 4600 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

14:13:05.0961 4600 HidBatt - ok

14:13:05.0977 4600 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

14:13:05.0977 4600 HidBth - ok

14:13:05.0993 4600 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

14:13:05.0993 4600 HidIr - ok

14:13:06.0024 4600 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

14:13:06.0024 4600 hidserv - ok

14:13:06.0039 4600 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

14:13:06.0039 4600 HidUsb - ok

14:13:06.0071 4600 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

14:13:06.0086 4600 hkmsvc - ok

14:13:06.0117 4600 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

14:13:06.0117 4600 HomeGroupListener - ok

14:13:06.0164 4600 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

14:13:06.0164 4600 HomeGroupProvider - ok

14:13:06.0195 4600 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

14:13:06.0195 4600 HpSAMD - ok

14:13:06.0273 4600 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

14:13:06.0289 4600 HTTP - ok

14:13:06.0289 4600 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

14:13:06.0305 4600 hwpolicy - ok

14:13:06.0336 4600 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

14:13:06.0336 4600 i8042prt - ok

14:13:06.0398 4600 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys

14:13:06.0398 4600 iaStor - ok

14:13:06.0476 4600 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

14:13:06.0476 4600 IAStorDataMgrSvc - ok

14:13:06.0539 4600 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

14:13:06.0554 4600 iaStorV - ok

14:13:06.0663 4600 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:13:06.0663 4600 idsvc - ok

14:13:06.0710 4600 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

14:13:06.0710 4600 iirsp - ok

14:13:06.0788 4600 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

14:13:06.0804 4600 IKEEXT - ok

14:13:06.0960 4600 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys

14:13:06.0975 4600 IntcAzAudAddService - ok

14:13:07.0116 4600 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

14:13:07.0116 4600 intelide - ok

14:13:07.0147 4600 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

14:13:07.0147 4600 intelppm - ok

14:13:07.0178 4600 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

14:13:07.0178 4600 IPBusEnum - ok

14:13:07.0225 4600 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:13:07.0225 4600 IpFilterDriver - ok

14:13:07.0303 4600 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

14:13:07.0303 4600 iphlpsvc - ok

14:13:07.0334 4600 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

14:13:07.0334 4600 IPMIDRV - ok

14:13:07.0350 4600 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

14:13:07.0350 4600 IPNAT - ok

14:13:07.0365 4600 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

14:13:07.0365 4600 IRENUM - ok

14:13:07.0381 4600 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

14:13:07.0381 4600 isapnp - ok

14:13:07.0428 4600 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

14:13:07.0443 4600 iScsiPrt - ok

14:13:07.0459 4600 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

14:13:07.0459 4600 kbdclass - ok

14:13:07.0475 4600 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

14:13:07.0475 4600 kbdhid - ok

14:13:07.0506 4600 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:13:07.0506 4600 KeyIso - ok

14:13:07.0553 4600 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

14:13:07.0553 4600 KSecDD - ok

14:13:07.0568 4600 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

14:13:07.0584 4600 KSecPkg - ok

14:13:07.0599 4600 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

14:13:07.0599 4600 ksthunk - ok

14:13:07.0646 4600 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

14:13:07.0677 4600 KtmRm - ok

14:13:07.0724 4600 LADF_CaptureOnly (ce4347e2d90db2e5517b6f2bc720a862) C:\Windows\system32\DRIVERS\ladfGSCamd64.sys

14:13:07.0740 4600 LADF_CaptureOnly - ok

14:13:07.0787 4600 LADF_RenderOnly (85a9d21d3ae2ea963e111cb150895877) C:\Windows\system32\DRIVERS\ladfGSRamd64.sys

14:13:07.0802 4600 LADF_RenderOnly - ok

14:13:07.0849 4600 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

14:13:07.0865 4600 LanmanServer - ok

14:13:07.0896 4600 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

14:13:07.0896 4600 LanmanWorkstation - ok

14:13:07.0927 4600 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys

14:13:07.0927 4600 LGBusEnum - ok

14:13:07.0974 4600 LGSHidFilt (158d22b9ea55c5d7449add199015715e) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys

14:13:07.0974 4600 LGSHidFilt - ok

14:13:07.0989 4600 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys

14:13:07.0989 4600 LGVirHid - ok

14:13:08.0083 4600 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

14:13:08.0083 4600 LightScribeService - ok

14:13:08.0130 4600 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

14:13:08.0130 4600 lltdio - ok

14:13:08.0177 4600 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

14:13:08.0192 4600 lltdsvc - ok

14:13:08.0223 4600 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

14:13:08.0223 4600 lmhosts - ok

14:13:08.0255 4600 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

14:13:08.0255 4600 LSI_FC - ok

14:13:08.0270 4600 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

14:13:08.0270 4600 LSI_SAS - ok

14:13:08.0301 4600 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

14:13:08.0301 4600 LSI_SAS2 - ok

14:13:08.0317 4600 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

14:13:08.0333 4600 LSI_SCSI - ok

14:13:08.0348 4600 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

14:13:08.0348 4600 luafv - ok

14:13:08.0411 4600 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

14:13:08.0411 4600 MBAMProtector - ok

14:13:08.0473 4600 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

14:13:08.0489 4600 MBAMService - ok

14:13:08.0520 4600 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

14:13:08.0520 4600 Mcx2Svc - ok

14:13:08.0535 4600 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

14:13:08.0535 4600 megasas - ok

14:13:08.0551 4600 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

14:13:08.0567 4600 MegaSR - ok

14:13:08.0613 4600 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:13:08.0613 4600 MMCSS - ok

14:13:08.0629 4600 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

14:13:08.0629 4600 Modem - ok

14:13:08.0676 4600 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

14:13:08.0676 4600 monitor - ok

14:13:08.0707 4600 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

14:13:08.0707 4600 mouclass - ok

14:13:08.0723 4600 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

14:13:08.0723 4600 mouhid - ok

14:13:08.0769 4600 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

14:13:08.0769 4600 mountmgr - ok

14:13:08.0847 4600 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

14:13:08.0847 4600 MpFilter - ok

14:13:08.0894 4600 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

14:13:08.0894 4600 mpio - ok

14:13:08.0925 4600 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

14:13:08.0925 4600 mpsdrv - ok

14:13:09.0003 4600 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

14:13:09.0019 4600 MpsSvc - ok

14:13:09.0081 4600 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

14:13:09.0081 4600 MRxDAV - ok

14:13:09.0128 4600 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:13:09.0128 4600 mrxsmb - ok

14:13:09.0159 4600 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:13:09.0175 4600 mrxsmb10 - ok

14:13:09.0206 4600 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:13:09.0206 4600 mrxsmb20 - ok

14:13:09.0237 4600 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

14:13:09.0237 4600 msahci - ok

14:13:09.0253 4600 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

14:13:09.0253 4600 msdsm - ok

14:13:09.0300 4600 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

14:13:09.0300 4600 MSDTC - ok

14:13:09.0315 4600 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

14:13:09.0331 4600 Msfs - ok

14:13:09.0347 4600 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

14:13:09.0347 4600 mshidkmdf - ok

14:13:09.0362 4600 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

14:13:09.0362 4600 msisadrv - ok

14:13:09.0393 4600 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

14:13:09.0409 4600 MSiSCSI - ok

14:13:09.0409 4600 msiserver - ok

14:13:09.0440 4600 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

14:13:09.0440 4600 MSKSSRV - ok

14:13:09.0518 4600 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

14:13:09.0518 4600 MsMpSvc - ok

14:13:09.0534 4600 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

14:13:09.0534 4600 MSPCLOCK - ok

14:13:09.0549 4600 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

14:13:09.0549 4600 MSPQM - ok

14:13:09.0596 4600 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

14:13:09.0596 4600 MsRPC - ok

14:13:09.0612 4600 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

14:13:09.0612 4600 mssmbios - ok

14:13:09.0627 4600 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

14:13:09.0627 4600 MSTEE - ok

14:13:09.0643 4600 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

14:13:09.0643 4600 MTConfig - ok

14:13:09.0659 4600 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

14:13:09.0659 4600 Mup - ok

14:13:09.0705 4600 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

14:13:09.0705 4600 napagent - ok

14:13:09.0752 4600 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

14:13:09.0768 4600 NativeWifiP - ok

14:13:09.0924 4600 NBService (89844c3d3a7aae8999e229c88e452633) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

14:13:09.0939 4600 NBService - ok

14:13:10.0017 4600 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

14:13:10.0033 4600 NDIS - ok

14:13:10.0064 4600 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

14:13:10.0064 4600 NdisCap - ok

14:13:10.0080 4600 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

14:13:10.0080 4600 NdisTapi - ok

14:13:10.0111 4600 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

14:13:10.0111 4600 Ndisuio - ok

14:13:10.0158 4600 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

14:13:10.0158 4600 NdisWan - ok

14:13:10.0205 4600 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

14:13:10.0205 4600 NDProxy - ok

14:13:10.0205 4600 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

14:13:10.0205 4600 NetBIOS - ok

14:13:10.0251 4600 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

14:13:10.0251 4600 NetBT - ok

14:13:10.0283 4600 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:13:10.0283 4600 Netlogon - ok

14:13:10.0329 4600 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

14:13:10.0345 4600 Netman - ok

14:13:10.0376 4600 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

14:13:10.0392 4600 netprofm - ok

14:13:10.0470 4600 netr28x (44d4bd55191624c82a2745296ba42814) C:\Windows\system32\DRIVERS\netr28x.sys

14:13:10.0501 4600 netr28x - ok

14:13:10.0563 4600 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:13:10.0563 4600 NetTcpPortSharing - ok

14:13:10.0610 4600 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

14:13:10.0610 4600 nfrd960 - ok

14:13:10.0657 4600 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

14:13:10.0657 4600 NisDrv - ok

14:13:10.0735 4600 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

14:13:10.0751 4600 NisSrv - ok

14:13:10.0813 4600 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

14:13:10.0813 4600 NlaSvc - ok

14:13:10.0907 4600 NMIndexingService (8dd0cdb0c700992d10169d8769ef5f43) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

14:13:10.0907 4600 NMIndexingService - ok

14:13:10.0938 4600 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

14:13:10.0938 4600 Npfs - ok

14:13:10.0953 4600 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

14:13:10.0953 4600 nsi - ok

14:13:10.0985 4600 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

14:13:10.0985 4600 nsiproxy - ok

14:13:11.0109 4600 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

14:13:11.0125 4600 Ntfs - ok

14:13:11.0219 4600 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

14:13:11.0219 4600 Null - ok

14:13:11.0702 4600 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

14:13:11.0749 4600 nvlddmkm - ok

14:13:11.0843 4600 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

14:13:11.0843 4600 nvraid - ok

14:13:11.0858 4600 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

14:13:11.0874 4600 nvstor - ok

14:13:11.0967 4600 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe

14:13:11.0999 4600 nvsvc - ok

14:13:12.0186 4600 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

14:13:12.0233 4600 nvUpdatusService - ok

14:13:12.0311 4600 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

14:13:12.0311 4600 nv_agp - ok

14:13:12.0342 4600 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

14:13:12.0342 4600 ohci1394 - ok

14:13:12.0404 4600 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:13:12.0404 4600 p2pimsvc - ok

14:13:12.0482 4600 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

14:13:12.0498 4600 p2psvc - ok

14:13:12.0529 4600 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

14:13:12.0545 4600 Parport - ok

14:13:12.0591 4600 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

14:13:12.0591 4600 partmgr - ok

14:13:12.0607 4600 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

14:13:12.0623 4600 PcaSvc - ok

14:13:12.0638 4600 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

14:13:12.0638 4600 pci - ok

14:13:12.0669 4600 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

14:13:12.0669 4600 pciide - ok

14:13:12.0685 4600 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

14:13:12.0685 4600 pcmcia - ok

14:13:12.0701 4600 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

14:13:12.0701 4600 pcw - ok

14:13:12.0763 4600 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

14:13:12.0779 4600 PEAUTH - ok

14:13:12.0872 4600 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

14:13:12.0872 4600 PerfHost - ok

14:13:12.0997 4600 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

14:13:13.0044 4600 pla - ok

14:13:13.0122 4600 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

14:13:13.0137 4600 PlugPlay - ok

14:13:13.0169 4600 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

14:13:13.0169 4600 PNRPAutoReg - ok

14:13:13.0215 4600 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

14:13:13.0215 4600 PNRPsvc - ok

14:13:13.0309 4600 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

14:13:13.0325 4600 PolicyAgent - ok

14:13:13.0371 4600 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

14:13:13.0371 4600 Power - ok

14:13:13.0434 4600 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

14:13:13.0434 4600 PptpMiniport - ok

14:13:13.0481 4600 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

14:13:13.0481 4600 Processor - ok

14:13:13.0512 4600 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

14:13:13.0512 4600 ProfSvc - ok

14:13:13.0527 4600 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:13:13.0527 4600 ProtectedStorage - ok

14:13:13.0574 4600 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

14:13:13.0574 4600 Psched - ok

14:13:13.0715 4600 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

14:13:13.0746 4600 ql2300 - ok

14:13:13.0886 4600 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

14:13:13.0886 4600 ql40xx - ok

14:13:14.0136 4600 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

14:13:14.0151 4600 QWAVE - ok

14:13:14.0183 4600 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

14:13:14.0183 4600 QWAVEdrv - ok

14:13:14.0183 4600 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

14:13:14.0198 4600 RasAcd - ok

14:13:14.0229 4600 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:13:14.0229 4600 RasAgileVpn - ok

14:13:14.0261 4600 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

14:13:14.0261 4600 RasAuto - ok

14:13:14.0307 4600 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:13:14.0307 4600 Rasl2tp - ok

14:13:14.0370 4600 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

14:13:14.0401 4600 RasMan - ok

14:13:14.0432 4600 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

14:13:14.0432 4600 RasPppoe - ok

14:13:14.0495 4600 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

14:13:14.0510 4600 RasSstp - ok

14:13:14.0635 4600 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

14:13:14.0651 4600 rdbss - ok

14:13:14.0666 4600 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

14:13:14.0666 4600 rdpbus - ok

14:13:14.0713 4600 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:13:14.0713 4600 RDPCDD - ok

14:13:14.0791 4600 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

14:13:14.0791 4600 RDPENCDD - ok

14:13:14.0807 4600 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

14:13:14.0807 4600 RDPREFMP - ok

14:13:15.0087 4600 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

14:13:15.0087 4600 RDPWD - ok

14:13:15.0134 4600 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

14:13:15.0134 4600 rdyboost - ok

14:13:15.0181 4600 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

14:13:15.0181 4600 RemoteAccess - ok

14:13:15.0228 4600 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

14:13:15.0228 4600 RemoteRegistry - ok

14:13:15.0243 4600 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

14:13:15.0243 4600 RpcEptMapper - ok

14:13:15.0275 4600 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

14:13:15.0275 4600 RpcLocator - ok

14:13:15.0337 4600 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

14:13:15.0337 4600 RpcSs - ok

14:13:15.0368 4600 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

14:13:15.0368 4600 rspndr - ok

14:13:15.0399 4600 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys

14:13:15.0399 4600 RTL8167 - ok

14:13:15.0493 4600 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:13:15.0493 4600 SamSs - ok

14:13:15.0602 4600 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

14:13:15.0602 4600 sbp2port - ok

14:13:15.0649 4600 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

14:13:15.0649 4600 SCardSvr - ok

14:13:15.0680 4600 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

14:13:15.0680 4600 scfilter - ok

14:13:15.0789 4600 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

14:13:15.0821 4600 Schedule - ok

14:13:15.0852 4600 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

14:13:15.0852 4600 SCPolicySvc - ok

14:13:15.0899 4600 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

14:13:15.0899 4600 SDRSVC - ok

14:13:16.0055 4600 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

14:13:16.0070 4600 secdrv - ok

14:13:16.0101 4600 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

14:13:16.0117 4600 seclogon - ok

14:13:16.0164 4600 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

14:13:16.0164 4600 SENS - ok

14:13:16.0211 4600 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

14:13:16.0211 4600 SensrSvc - ok

14:13:16.0226 4600 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

14:13:16.0226 4600 Serenum - ok

14:13:16.0257 4600 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

14:13:16.0257 4600 Serial - ok

14:13:16.0304 4600 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

14:13:16.0304 4600 sermouse - ok

14:13:16.0398 4600 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

14:13:16.0398 4600 SessionEnv - ok

14:13:16.0445 4600 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

14:13:16.0460 4600 sffdisk - ok

14:13:16.0491 4600 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

14:13:16.0491 4600 sffp_mmc - ok

14:13:16.0507 4600 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

14:13:16.0507 4600 sffp_sd - ok

14:13:16.0507 4600 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

14:13:16.0523 4600 sfloppy - ok

14:13:16.0569 4600 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

14:13:16.0585 4600 SharedAccess - ok

14:13:16.0757 4600 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

14:13:16.0788 4600 ShellHWDetection - ok

14:13:16.0850 4600 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

14:13:16.0850 4600 SiSRaid2 - ok

14:13:16.0913 4600 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

14:13:16.0944 4600 SiSRaid4 - ok

14:13:16.0975 4600 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

14:13:16.0975 4600 Smb - ok

14:13:17.0006 4600 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

14:13:17.0006 4600 SNMPTRAP - ok

14:13:17.0022 4600 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

14:13:17.0022 4600 spldr - ok

14:13:17.0178 4600 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

14:13:17.0193 4600 Spooler - ok

14:13:17.0490 4600 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

14:13:17.0568 4600 sppsvc - ok

14:13:17.0849 4600 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

14:13:17.0849 4600 sppuinotify - ok

14:13:17.0942 4600 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

14:13:17.0958 4600 srv - ok

14:13:18.0005 4600 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

14:13:18.0020 4600 srv2 - ok

14:13:18.0051 4600 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

14:13:18.0051 4600 srvnet - ok

14:13:18.0083 4600 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

14:13:18.0098 4600 SSDPSRV - ok

14:13:18.0116 4600 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

14:13:18.0116 4600 SstpSvc - ok

14:13:18.0194 4600 Steam Client Service - ok

14:13:18.0272 4600 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

14:13:18.0288 4600 Stereo Service - ok

14:13:18.0319 4600 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

14:13:18.0319 4600 stexstor - ok

14:13:18.0382 4600 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

14:13:18.0413 4600 stisvc - ok

14:13:18.0444 4600 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

14:13:18.0444 4600 swenum - ok

14:13:18.0491 4600 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

14:13:18.0506 4600 swprv - ok

14:13:18.0709 4600 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

14:13:18.0725 4600 SysMain - ok

14:13:18.0896 4600 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

14:13:18.0896 4600 TabletInputService - ok

14:13:18.0928 4600 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

14:13:18.0959 4600 TapiSrv - ok

14:13:18.0990 4600 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

14:13:18.0990 4600 TBS - ok

14:13:19.0271 4600 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

14:13:19.0333 4600 Tcpip - ok

14:13:19.0676 4600 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

14:13:19.0692 4600 TCPIP6 - ok

14:13:19.0754 4600 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

14:13:19.0754 4600 tcpipreg - ok

14:13:19.0786 4600 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

14:13:19.0786 4600 TDPIPE - ok

14:13:19.0801 4600 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

14:13:19.0801 4600 TDTCP - ok

14:13:19.0848 4600 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

14:13:19.0848 4600 tdx - ok

14:13:19.0895 4600 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

14:13:19.0895 4600 TermDD - ok

14:13:19.0973 4600 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

14:13:20.0020 4600 TermService - ok

14:13:20.0066 4600 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

14:13:20.0066 4600 Themes - ok

14:13:20.0098 4600 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

14:13:20.0098 4600 THREADORDER - ok

14:13:20.0129 4600 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

14:13:20.0144 4600 TrkWks - ok

14:13:20.0191 4600 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

14:13:20.0191 4600 TrustedInstaller - ok

14:13:20.0222 4600 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:13:20.0222 4600 tssecsrv - ok

14:13:20.0254 4600 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

14:13:20.0254 4600 TsUsbFlt - ok

14:13:20.0316 4600 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

14:13:20.0332 4600 tunnel - ok

14:13:20.0347 4600 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

14:13:20.0347 4600 uagp35 - ok

14:13:20.0410 4600 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

14:13:20.0410 4600 udfs - ok

14:13:20.0441 4600 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

14:13:20.0441 4600 UI0Detect - ok

14:13:20.0472 4600 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

14:13:20.0472 4600 uliagpkx - ok

14:13:20.0503 4600 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

14:13:20.0503 4600 umbus - ok

14:13:20.0519 4600 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

14:13:20.0519 4600 UmPass - ok

14:13:20.0566 4600 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

14:13:20.0597 4600 upnphost - ok

14:13:20.0644 4600 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

14:13:20.0644 4600 usbaudio - ok

14:13:20.0675 4600 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

14:13:20.0675 4600 usbccgp - ok

14:13:20.0706 4600 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

14:13:20.0706 4600 usbcir - ok

14:13:20.0737 4600 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

14:13:20.0737 4600 usbehci - ok

14:13:20.0784 4600 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

14:13:20.0800 4600 usbhub - ok

14:13:20.0815 4600 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

14:13:20.0815 4600 usbohci - ok

14:13:20.0846 4600 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

14:13:20.0846 4600 usbprint - ok

14:13:20.0862 4600 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:13:20.0862 4600 USBSTOR - ok

14:13:20.0878 4600 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

14:13:20.0878 4600 usbuhci - ok

14:13:20.0893 4600 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

14:13:20.0909 4600 UxSms - ok

14:13:20.0924 4600 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

14:13:20.0924 4600 VaultSvc - ok

14:13:20.0956 4600 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

14:13:20.0956 4600 vdrvroot - ok

14:13:21.0034 4600 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

14:13:21.0065 4600 vds - ok

14:13:21.0112 4600 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

14:13:21.0112 4600 vga - ok

14:13:21.0127 4600 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

14:13:21.0127 4600 VgaSave - ok

14:13:21.0158 4600 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

14:13:21.0174 4600 vhdmp - ok

14:13:21.0205 4600 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

14:13:21.0205 4600 viaide - ok

14:13:21.0236 4600 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

14:13:21.0236 4600 volmgr - ok

14:13:21.0283 4600 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

14:13:21.0299 4600 volmgrx - ok

14:13:21.0330 4600 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

14:13:21.0330 4600 volsnap - ok

14:13:21.0408 4600 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

14:13:21.0424 4600 vsmraid - ok

14:13:21.0595 4600 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

14:13:21.0611 4600 VSS - ok

14:13:21.0782 4600 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

14:13:21.0782 4600 vwifibus - ok

14:13:21.0814 4600 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

14:13:21.0814 4600 vwififlt - ok

14:13:21.0845 4600 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

14:13:21.0845 4600 vwifimp - ok

14:13:21.0907 4600 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

14:13:21.0923 4600 W32Time - ok

14:13:21.0938 4600 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

14:13:21.0938 4600 WacomPen - ok

14:13:21.0985 4600 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:13:21.0985 4600 WANARP - ok

14:13:22.0001 4600 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

14:13:22.0001 4600 Wanarpv6 - ok

14:13:22.0313 4600 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

14:13:22.0344 4600 WatAdminSvc - ok

14:13:22.0516 4600 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

14:13:22.0531 4600 wbengine - ok

14:13:22.0781 4600 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

14:13:22.0796 4600 WbioSrvc - ok

14:13:22.0859 4600 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

14:13:22.0859 4600 wcncsvc - ok

14:13:22.0890 4600 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

14:13:22.0890 4600 WcsPlugInService - ok

14:13:22.0937 4600 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

14:13:22.0937 4600 Wd - ok

14:13:22.0999 4600 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

14:13:23.0015 4600 Wdf01000 - ok

14:13:23.0030 4600 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:13:23.0030 4600 WdiServiceHost - ok

14:13:23.0046 4600 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

14:13:23.0046 4600 WdiSystemHost - ok

14:13:23.0093 4600 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

14:13:23.0093 4600 WebClient - ok

14:13:23.0108 4600 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

14:13:23.0124 4600 Wecsvc - ok

14:13:23.0140 4600 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

14:13:23.0140 4600 wercplsupport - ok

14:13:23.0171 4600 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

14:13:23.0171 4600 WerSvc - ok

14:13:23.0233 4600 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

14:13:23.0233 4600 WfpLwf - ok

14:13:23.0249 4600 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

14:13:23.0249 4600 WIMMount - ok

14:13:23.0280 4600 WinDefend - ok

14:13:23.0296 4600 WinHttpAutoProxySvc - ok

14:13:23.0358 4600 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

14:13:23.0358 4600 Winmgmt - ok

14:13:23.0545 4600 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

14:13:23.0608 4600 WinRM - ok

14:13:23.0873 4600 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

14:13:23.0888 4600 Wlansvc - ok

14:13:23.0951 4600 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

14:13:23.0951 4600 WmiAcpi - ok

14:13:24.0044 4600 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

14:13:24.0044 4600 wmiApSrv - ok

14:13:24.0091 4600 WMPNetworkSvc - ok

14:13:24.0122 4600 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

14:13:24.0122 4600 WPCSvc - ok

14:13:24.0154 4600 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

14:13:24.0154 4600 WPDBusEnum - ok

14:13:24.0185 4600 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

14:13:24.0185 4600 ws2ifsl - ok

14:13:24.0216 4600 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

14:13:24.0216 4600 wscsvc - ok

14:13:24.0232 4600 WSearch - ok

14:13:24.0544 4600 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

14:13:24.0606 4600 wuauserv - ok

14:13:24.0934 4600 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

14:13:24.0934 4600 WudfPf - ok

14:13:24.0980 4600 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:13:24.0980 4600 WUDFRd - ok

14:13:25.0012 4600 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

14:13:25.0012 4600 wudfsvc - ok

14:13:25.0074 4600 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

14:13:25.0074 4600 WwanSvc - ok

14:13:25.0105 4600 MBR (0x1B8) (d6d2341f2259cc7c8d5580191a32a9b7) \Device\Harddisk0\DR0

14:13:25.0495 4600 \Device\Harddisk0\DR0 - ok

14:13:25.0495 4600 Boot (0x1200) (80934264636d45a8f73c3287524af7c0) \Device\Harddisk0\DR0\Partition0

14:13:25.0495 4600 \Device\Harddisk0\DR0\Partition0 - ok

14:13:25.0511 4600 Boot (0x1200) (6768be59c160c91b3899b8373abdbebd) \Device\Harddisk0\DR0\Partition1

14:13:25.0511 4600 \Device\Harddisk0\DR0\Partition1 - ok

14:13:25.0558 4600 Boot (0x1200) (eb037aa99de0f21941585c4bee95d490) \Device\Harddisk0\DR0\Partition2

14:13:25.0558 4600 \Device\Harddisk0\DR0\Partition2 - ok

14:13:25.0558 4600 ============================================================

14:13:25.0558 4600 Scan finished

14:13:25.0558 4600 ============================================================

14:13:25.0573 5004 Detected object count: 0

14:13:25.0573 5004 Actual detected object count: 0

14:13:49.0816 3388 Deinitialize success

3.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-13 14:15:24

-----------------------------

14:15:24.213 OS Version: Windows x64 6.1.7601 Service Pack 1

14:15:24.213 Number of processors: 8 586 0x1E05

14:15:24.213 ComputerName: MANK70-DATOR UserName: Mank70

14:15:26.616 Initialize success

14:16:14.463 AVAST engine defs: 12071300

14:16:16.397 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

14:16:16.413 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8

14:16:16.428 Disk 0 MBR read successfully

14:16:16.428 Disk 0 MBR scan

14:16:16.444 Disk 0 unknown MBR code

14:16:16.444 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

14:16:16.506 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941944 MB offset 206848

14:16:16.553 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11822 MB offset 1929308609

14:16:16.662 Disk 0 scanning C:\Windows\system32\drivers

14:16:27.754 Service scanning

14:16:53.945 Modules scanning

14:16:53.961 Disk 0 trace - called modules:

14:16:53.976 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

14:16:54.491 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007af6790]

14:16:54.491 3 CLASSPNP.SYS[fffff88001bd043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800781b050]

14:16:58.516 AVAST engine scan C:\Windows

14:17:03.523 Disk 0 MBR has been saved successfully to "C:\Users\Mank70\Desktop\MBR.dat"

14:17:03.523 The log file has been saved successfully to "C:\Users\Mank70\Desktop\aswMBR.txt"

4.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Link to comment
Share on other sites

ComboFix 12-07-14.01 - Mank70 2012-07-14 21:21:53.3.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8151.6126 [GMT 2:00]

Körs från: c:\users\Mank70\Desktop\ComboFix.exe

Kommandoväxlar som använts :: c:\users\Mank70\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((( Filer skapade från 2012-06-14 till 2012-07-14 ))))))))))))))))))))))))))))))

.

.

2012-07-14 19:25 . 2012-07-14 19:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-14 19:25 . 2012-07-14 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-11 22:05 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-07-11 22:05 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-11 13:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 10:35 . 2012-07-11 10:35 -------- d-----w- c:\users\Mank70\AppData\Roaming\Malwarebytes

2012-07-11 10:35 . 2012-07-11 10:35 -------- d-----w- c:\programdata\Malwarebytes

2012-07-11 10:35 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-11 10:35 . 2012-07-11 10:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-09 16:53 . 2012-02-11 11:08 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{657BA206-C594-4B71-AC0D-6D8FCFC2B281}\gapaengine.dll

2012-07-09 16:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-09 16:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-07-09 16:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-07-09 16:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-09 16:51 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-07-09 16:51 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-07-09 16:51 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-07-09 16:50 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-09 16:50 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-07-09 16:47 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F8AD044-29E9-46C9-A717-07EE333CCEA4}\mpengine.dll

2012-07-09 15:11 . 2012-07-09 15:11 -------- d-----w- c:\programdata\IBUpdaterService

2012-07-09 13:53 . 2012-07-09 13:54 -------- d-----w- C:\0ebca1d037f143b46736e586b3ec8b

2012-07-09 13:40 . 2012-07-09 13:45 -------- d-----w- c:\users\Mank70\AppData\Local\ElevatedDiagnostics

2012-07-05 08:18 . 2012-02-11 11:08 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-07-03 11:02 . 2012-07-03 11:02 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-06-17 18:57 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-09 20:42 . 2012-04-05 06:24 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-09 20:42 . 2011-11-25 17:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-04 11:06 . 2012-06-13 10:18 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-13 10:18 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-13 10:18 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40 . 2012-06-13 10:18 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:55 . 2012-06-13 10:18 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-13 10:18 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-13 10:18 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-13 10:18 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 05:37 . 2012-06-13 10:18 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 05:37 . 2012-06-13 10:18 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-24 05:37 . 2012-06-13 10:18 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36 . 2012-06-13 10:18 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36 . 2012-06-13 10:18 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-04-24 04:36 . 2012-06-13 10:18 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-12_11.44.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-23 12:51 . 2012-07-14 09:13 36644 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-14 09:13 25474 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-11-25 13:53 . 2012-07-14 09:13 11786 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3382149981-3805900502-4243604806-1000_UserData.bin

+ 2011-11-25 13:39 . 2012-07-14 19:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-11-25 13:39 . 2012-07-12 11:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-11-25 13:39 . 2012-07-14 19:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-11-25 13:39 . 2012-07-12 11:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-14 19:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-12 11:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-07-12 12:07 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2012-07-12 11:44 . 2012-07-12 11:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-14 19:26 . 2012-07-14 19:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-14 19:26 . 2012-07-14 19:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-12 11:44 . 2012-07-12 11:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-11-25 20:33 . 2012-07-13 11:01 273992 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

- 2009-07-14 05:01 . 2012-07-12 11:43 288976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-07-14 19:26 288976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-11-25 13:50 . 2012-07-14 19:26 4837211 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3382149981-3805900502-4243604806-1000-8192.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-28 1242448]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]

"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]

"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]

"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-18 1088920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-11-28 410184]

R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-11-28 341832]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-11-28 16008]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-25 1255736]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-11-28 22408]

S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-11-28 66328]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-19 702976]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]

.

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2012-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]

"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: Interfaces\{575E171D-DDF1-4DB7-AEDE-6ABC6CA8B4EB}: NameServer = 130.244.127.162,212.247.250.254

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

.

.

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]

@="131473"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andra processer som körs ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

.

**************************************************************************

.

Sluttid: 2012-07-14 21:30:28 - datorn startades om.

ComboFix-quarantined-files.txt 2012-07-14 19:30

ComboFix2.txt 2012-07-13 12:06

ComboFix3.txt 2012-07-12 11:47

.

Före genomsökningen: 645 261 389 824 byte ledigt

Efter genomsökningen: 645 504 188 416 byte ledigt

.

- - End Of File - - C4B5CD9A0D6D5719FFAF2DD9ABDCDB03

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Mank70 at 21:35:22 on 2012-07-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8151.6166 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Personal\bin\Personal.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Logitech\G35\G35.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.se/

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

TCP: Interfaces\{575E171D-DDF1-4DB7-AEDE-6ABC6CA8B4EB} : NameServer = 130.244.127.162,212.247.250.254

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{53707962-6F74-2D53-2644-206D7942484F}

{9CB65201-89C4-402c-BA80-02D8C59F9B1D}

{ba14329e-9550-4989-b3f2-9732e92d17cc}

{FE063DB1-4EC0-403e-8DD8-394C54984B2C}

{ba14329e-9550-4989-b3f2-9732e92d17cc}

{FE063DB9-4EC0-403e-8DD8-394C54984B2C}

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe

mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe

mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-11 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-25 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys --> C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSCamd64.sys [?]

S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSRamd64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-14 19:27:09 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-13 12:19:09 -------- d-----w- C:\Program Files (x86)\ESET

2012-07-13 12:19:06 -------- d--h--w- C:\Windows\AxInstSV

2012-07-12 11:39:18 98816 ----a-w- C:\Windows\sed.exe

2012-07-12 11:39:18 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-12 11:39:18 256000 ----a-w- C:\Windows\PEV.exe

2012-07-12 11:39:18 208896 ----a-w- C:\Windows\MBR.exe

2012-07-11 22:05:24 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-07-11 22:05:24 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-07-11 13:02:04 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 10:35:32 -------- d-----w- C:\Users\Mank70\AppData\Roaming\Malwarebytes

2012-07-11 10:35:24 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-11 10:35:24 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-11 10:35:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-09 16:53:34 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{657BA206-C594-4B71-AC0D-6D8FCFC2B281}\gapaengine.dll

2012-07-09 16:51:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-07-09 16:51:11 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-07-09 16:50:57 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-07-09 16:50:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-07-09 16:47:58 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F8AD044-29E9-46C9-A717-07EE333CCEA4}\mpengine.dll

2012-07-09 15:11:33 -------- d-----w- C:\ProgramData\IBUpdaterService

2012-07-09 13:53:57 -------- d-----w- C:\0ebca1d037f143b46736e586b3ec8b

2012-07-09 13:40:18 -------- d-----w- C:\Users\Mank70\AppData\Local\ElevatedDiagnostics

2012-07-05 08:18:51 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-06-17 18:57:30 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

.

==================== Find3M ====================

.

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-09 20:42:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-09 20:42:46 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 21:36:15,67 ===============

Jo, Esets hittade en infekterad fil. Den tidigare nämnda Asktoolbar.

Link to comment
Share on other sites

Det verkar inte ha hjälpt att du avinstallerade två toolbars för de är fortfarande kvar och ComboFix förstod sig inte på din CFScript. Vi får ta till OTL i stället.

Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL.

Under Output högt upp så välj Minimal Output.

Bocka för LOP Check och Purity Check.

Tryck på Run Scan och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du helst bifogar Extras.txt som en fil.

Är det fortfarande omöjligt att få ner uppdateringar i Windows Update?

Link to comment
Share on other sites

OTL Extras logfile created on: 2012-07-15 10:44:05 - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Mank70\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

7,96 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 73,44% Memory free

15,92 Gb Paging File | 13,35 Gb Available in Paging File | 83,87% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 919,87 Gb Total Space | 600,97 Gb Free Space | 65,33% Space Free | Partition Type: NTFS

Drive D: | 11,54 Gb Total Space | 11,46 Gb Free Space | 99,26% Space Free | Partition Type: NTFS

Computer Name: MANK70-DATOR | User Name: Mank70 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0A92F6A9-0A28-4ACA-9702-C7FEF6009325}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2B36477D-3050-4362-A989-D34F275C39DF}" = rport=137 | protocol=17 | dir=out | app=system |

"{37C960F5-6539-4CB5-86B4-7674EB6E9B33}" = lport=139 | protocol=6 | dir=in | app=system |

"{5B717FC7-6CAA-4EE5-93BC-3A9AA1E63A0C}" = lport=138 | protocol=17 | dir=in | app=system |

"{6476ABFE-0365-4FEF-9AB7-CF610819585A}" = lport=445 | protocol=6 | dir=in | app=system |

"{6F662408-3622-4AD6-80FA-1A8AE6A4872B}" = rport=445 | protocol=6 | dir=out | app=system |

"{8AC5C8E7-4ECE-424E-BC6F-3450BD2C6567}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{9D42069B-FEE9-4D07-AE17-3BCD305A69EE}" = rport=139 | protocol=6 | dir=out | app=system |

"{AA1E36F1-644E-4E55-A979-CB65F763A539}" = lport=137 | protocol=17 | dir=in | app=system |

"{CFC0EE5E-C3AB-4131-81DD-2BEA955C7C48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F9D85FDD-145E-4134-A17D-31614152AA9D}" = rport=138 | protocol=17 | dir=out | app=system |

"{FD7A0DA0-89B4-4FC3-A7C5-781CD822967B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{070B630C-4748-45E8-86A2-2C0BAE6BE781}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{0C568B5C-D26D-4A5B-994C-9FC76932A544}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{17270B99-B929-4822-8450-E89C8B9C2874}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{18980CDB-AD60-4FF9-8608-7F26160BA3C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{235F1D15-564E-4924-B0C9-F2A8BA49D598}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{2F310D58-DD74-4CB4-B452-A69212E6D7F2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{2FF246A8-2983-4EFA-A021-8399A4AF4EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{34B14B27-D3DA-40C1-8107-717B43DFD2DC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

"{378CBC17-0407-4141-87CE-198C475A12EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{407D9924-57C9-4601-A9E1-EFA08A5263E6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

"{49B12D15-68F0-43C4-8B72-4316F29DF211}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{5118FF9A-E009-44F3-94F9-B18215612C6D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{5CE88B03-D8C4-4FF8-AB60-6D15500278A6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{5F8EFBDA-B7C4-4740-9CC7-78B63657C0A4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{6AAD865D-06EF-41CB-BA14-3771E215D22D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{83DB60A2-A0F1-437C-898C-544207C5579D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{8FCC3607-D7C5-4F4E-9BCD-CED40257202C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{952B9CF9-DB9E-4CE2-B25F-F512CC08E98F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{9D46C6B3-A946-49B5-BFAA-FAE06A444C19}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{A1007F40-B0B0-4E0C-8CC2-2D4D8B50458E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{A23CA438-BDA9-40ED-A8DD-07A720E84B92}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"{A87B50CD-EC0B-49D3-B430-4314FC12E8FA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

"{A951C0C6-5FE2-465E-9AF1-7BF3A665C680}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

"{B4F53B7C-6488-46F2-BAAF-77F4222EFEED}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"{BAE54F11-5DA0-4718-A7F6-EE1CA41F2B6D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

"{C8E40113-F43F-49DD-AB0F-9DB8300492B4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |

"{CAD96D04-E6BE-4BCA-AF85-58F469AF4928}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{D1D2F7FD-0953-46BC-BE70-AEB6BE331389}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{D9DF041E-91CB-44CB-A70B-E5CE0E38C79C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{DB52E9CD-3CB4-4398-BB09-1B83C1E7313A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{E636B122-6141-4DBB-A698-588A1690C016}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{E8F45C32-838A-4251-ABC6-0282F7D5B99A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{EE83D10A-72E7-47CB-BD30-3AAD07CC9EB9}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{F3E0F2B8-F760-4C86-ABEF-47F193FC15AF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{F69BDCA6-C8ED-4B05-B2C7-E45AFC5E1788}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |

"TCP Query User{1A0427C8-B120-44B0-BB2B-1E079614302F}C:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe |

"TCP Query User{1ABFA41A-B5FB-4E43-954C-DFECF5B04E5C}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"TCP Query User{31E1B83D-A6C4-434A-95EF-DB9F45C67C52}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"TCP Query User{5F5CFBD9-E9BB-413D-8896-F4742DE5818F}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"TCP Query User{8D9C1E4F-CA87-4EFF-9DED-8012327F09F2}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"TCP Query User{CCB8653E-1DE8-44D0-B51C-27A8DA9E74A5}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"UDP Query User{09CF4292-4D6C-4277-A32A-73C545CA04C8}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"UDP Query User{93D91748-67DF-402C-A5D6-1444D6E2E559}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"UDP Query User{C31D4D3A-4877-4FEC-BBF6-E6D6EF1F644C}C:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe |

"UDP Query User{D2C534DA-5CDD-44C7-ADA5-4FDEFFE931C4}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"UDP Query User{E519FC14-1EA4-49BC-8D64-15CF1F9C33A7}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"UDP Query User{FFEB6710-E5BF-4565-BC2D-1B4DC50EA81B}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java 6 Update 29 (64-bit)

"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu

"{96CC6DCC-8EBA-3F85-899B-933F599C4142}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision drivrutin 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIAs kontrollpanel 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafikdrivrutin 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision drivrutin för styrenhet 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systemprogramvara 9.11.0621

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA-uppdatering 1.5.20

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client SV-SE Language Pack

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F8D02DBB-9B81-4192-9E85-219AD0447920}" = Microsoft Antimalware Service SV-SE Language Pack

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE

"Microsoft Security Client" = Microsoft Security Essentials

"PC-Doctor for Windows" = Hårdvarudiagnostikverktyg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{2C1B58D5-6549-472C-86B7-17BE57186628}" = Microsoft Works

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0

"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0020-041D-0000-0000000FF1CE}" = Compatibility Pack för Office 2007-systemet

"{95120000-00AF-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Swedish)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{AC76BA86-7AD7-1053-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Svenska

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FC98FBE9-E931-494C-8717-497185371053}" = Nero 7 Ultra Edition

"7-Zip" = 7-Zip 9.22beta

"8461-7759-5462-8226" = Vuze

"Diablo III" = Diablo III

"ESET Online Scanner" = ESET Online Scanner v3

"HP Remote Solution" = HP Remote Solution

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Personal" = BankID säkerhetsprogram 4.18.3

"WildTangent hp Master Uninstall" = HP Games

"VLC media player" = VLC media player 1.1.11

"Vuze_Remote Toolbar" = Vuze Remote Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2012-07-03 07:23:35 | Computer Name = Mank70-Dator | Source = Microsoft Security Client Setup | ID = 100

Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials

installation. An error has prevented the Security Essentials setup wizard from

completing successfully. Please restart your computer and try again. Error code:0x80070643.

(null)

Error - 2012-07-04 04:34:20 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2012-07-05 04:58:41 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2012-07-08 04:46:26 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2012-07-09 06:40:39 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2012-07-10 07:19:57 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000

Description = Felet uppstod i programmet med namn: b0vy5k7q.exe, version 1.0.15.15641,

tidsstämpel 0x4e21f2b1 , felet uppstod i modulen med namn: ntdll.dll, version 6.1.7601.17725,

tidsstämpel 0x4ec49b8f Undantagskod: 0xc0000005 Felförskjutning: 0x0003331f Process-ID:

0xcf0 Programmets starttid: 0x01cd5e8d8e29806d Sökväg till program: C:\Users\Mank70\AppData\Local\Microsoft\Windows\Temporary

Internet Files\Content.IE5\JYCUZSX4\b0vy5k7q.exe Sökväg till modul: C:\Windows\SysWOW64\ntdll.dll

Rapport-ID:

2da29a9c-ca81-11e1-bc76-406186960ff2

Error - 2012-07-10 07:22:21 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000

Description = Felet uppstod i programmet med namn: RootkitRevealer.exe, version

1.71.0.0, tidsstämpel 0x44e255aa , felet uppstod i modulen med namn: RootkitRevealer.exe,

version 1.71.0.0, tidsstämpel 0x44e255aa Undantagskod: 0xc0000005 Felförskjutning:

0x000040cd Process-ID: 0x119c Programmets starttid: 0x01cd5e8e40f643eb Sökväg till

program: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Sökväg till

modul: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Rapport-ID:

834d1dc7-ca81-11e1-bc76-406186960ff2

Error - 2012-07-10 07:24:33 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000

Description = Felet uppstod i programmet med namn: RootkitRevealer.exe, version

1.71.0.0, tidsstämpel 0x44e255aa , felet uppstod i modulen med namn: RootkitRevealer.exe,

version 1.71.0.0, tidsstämpel 0x44e255aa Undantagskod: 0xc0000005 Felförskjutning:

0x000040cd Process-ID: 0x1374 Programmets starttid: 0x01cd5e8e8dfb66ef Sökväg till

program: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Sökväg till

modul: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Rapport-ID:

d1f7615b-ca81-11e1-bc76-406186960ff2

Error - 2012-07-10 07:25:11 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000

Description = Felet uppstod i programmet med namn: RootkitRevealer.exe, version

1.71.0.0, tidsstämpel 0x44e255aa , felet uppstod i modulen med namn: RootkitRevealer.exe,

version 1.71.0.0, tidsstämpel 0x44e255aa Undantagskod: 0xc0000005 Felförskjutning:

0x000040cd Process-ID: 0x52c Programmets starttid: 0x01cd5e8ea50a46f7 Sökväg till

program: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Sökväg till

modul: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Rapport-ID:

e8a6819e-ca81-11e1-bc76-406186960ff2

Error - 2012-07-10 08:27:26 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

[ System Events ]

Error - 2012-05-04 02:04:13 | Computer Name = Mank70-Dator | Source = iaStor | ID = 262153

Description = Enheten \Device\Ide\iaStor0 har inte svarat inom den angivna tidsgränsen.

Error - 2012-05-04 16:50:11 | Computer Name = Mank70-Dator | Source = Microsoft Antimalware | ID = 2001

Description = %%860 stötte på ett fel när signaturer skulle uppdateras. Ny signaturversion:

Föregående signaturversion: 1.125.1048.0 Uppdateringskälla: %%859 Uppdateringsfas:

%%852 Källsökväg: http://www.microsoft.com Signaturtyp: %%800 Uppdateringstyp: %%803

Användare:

NT instans\SYSTEM Aktuell motorversion: Föregående motorversion: 1.1.8304.0 Felkod:

0x8024001e Felbeskrivning: Ett oväntat problem uppstod under sökningen efter uppdateringar.

Mer information om hur du installerar och felsöker uppdateringar finns i Hjälp

och support.

Error - 2012-05-17 01:15:44 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam

Client Service skulle ansluta.

Error - 2012-05-17 01:15:44 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7000

Description = Tjänsten Steam Client Service kunde inte startas på grund av följande

fel: %%1053

Error - 2012-05-19 04:34:12 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam

Client Service skulle ansluta.

Error - 2012-05-19 04:34:12 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7000

Description = Tjänsten Steam Client Service kunde inte startas på grund av följande

fel: %%1053

Error - 2012-05-20 05:06:49 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam

Client Service skulle ansluta.

Error - 2012-05-20 05:06:49 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7000

Description = Tjänsten Steam Client Service kunde inte startas på grund av följande

fel: %%1053

Error - 2012-06-08 14:23:59 | Computer Name = Mank70-Dator | Source = DCOM | ID = 10010

Description =

Error - 2012-06-11 04:46:23 | Computer Name = Mank70-Dator | Source = Microsoft Antimalware | ID = 2001

Description = %%860 stötte på ett fel när signaturer skulle uppdateras. Ny signaturversion:

Föregående signaturversion: 1.127.1680.0 Uppdateringskälla: %%859 Uppdateringsfas:

%%852 Källsökväg: http://www.microsoft.com Signaturtyp: %%800 Uppdateringstyp: %%803

Användare:

NT instans\SYSTEM Aktuell motorversion: Föregående motorversion: 1.1.8403.0 Felkod:

0x8024001e Felbeskrivning: Ett oväntat problem uppstod under sökningen efter uppdateringar.

Mer information om hur du installerar och felsöker uppdateringar finns i Hjälp

och support.

< End of report >

OTL Extras logfile created on: 2012-07-15 10:44:05 - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Mank70\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

7,96 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 73,44% Memory free

15,92 Gb Paging File | 13,35 Gb Available in Paging File | 83,87% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 919,87 Gb Total Space | 600,97 Gb Free Space | 65,33% Space Free | Partition Type: NTFS

Drive D: | 11,54 Gb Total Space | 11,46 Gb Free Space | 99,26% Space Free | Partition Type: NTFS

Computer Name: MANK70-DATOR | User Name: Mank70 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0A92F6A9-0A28-4ACA-9702-C7FEF6009325}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2B36477D-3050-4362-A989-D34F275C39DF}" = rport=137 | protocol=17 | dir=out | app=system |

"{37C960F5-6539-4CB5-86B4-7674EB6E9B33}" = lport=139 | protocol=6 | dir=in | app=system |

"{5B717FC7-6CAA-4EE5-93BC-3A9AA1E63A0C}" = lport=138 | protocol=17 | dir=in | app=system |

"{6476ABFE-0365-4FEF-9AB7-CF610819585A}" = lport=445 | protocol=6 | dir=in | app=system |

"{6F662408-3622-4AD6-80FA-1A8AE6A4872B}" = rport=445 | protocol=6 | dir=out | app=system |

"{8AC5C8E7-4ECE-424E-BC6F-3450BD2C6567}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{9D42069B-FEE9-4D07-AE17-3BCD305A69EE}" = rport=139 | protocol=6 | dir=out | app=system |

"{AA1E36F1-644E-4E55-A979-CB65F763A539}" = lport=137 | protocol=17 | dir=in | app=system |

"{CFC0EE5E-C3AB-4131-81DD-2BEA955C7C48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F9D85FDD-145E-4134-A17D-31614152AA9D}" = rport=138 | protocol=17 | dir=out | app=system |

"{FD7A0DA0-89B4-4FC3-A7C5-781CD822967B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{070B630C-4748-45E8-86A2-2C0BAE6BE781}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{0C568B5C-D26D-4A5B-994C-9FC76932A544}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{17270B99-B929-4822-8450-E89C8B9C2874}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{18980CDB-AD60-4FF9-8608-7F26160BA3C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{235F1D15-564E-4924-B0C9-F2A8BA49D598}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{2F310D58-DD74-4CB4-B452-A69212E6D7F2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{2FF246A8-2983-4EFA-A021-8399A4AF4EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{34B14B27-D3DA-40C1-8107-717B43DFD2DC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

"{378CBC17-0407-4141-87CE-198C475A12EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{407D9924-57C9-4601-A9E1-EFA08A5263E6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

"{49B12D15-68F0-43C4-8B72-4316F29DF211}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{5118FF9A-E009-44F3-94F9-B18215612C6D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{5CE88B03-D8C4-4FF8-AB60-6D15500278A6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{5F8EFBDA-B7C4-4740-9CC7-78B63657C0A4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{6AAD865D-06EF-41CB-BA14-3771E215D22D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{83DB60A2-A0F1-437C-898C-544207C5579D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{8FCC3607-D7C5-4F4E-9BCD-CED40257202C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{952B9CF9-DB9E-4CE2-B25F-F512CC08E98F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{9D46C6B3-A946-49B5-BFAA-FAE06A444C19}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{A1007F40-B0B0-4E0C-8CC2-2D4D8B50458E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{A23CA438-BDA9-40ED-A8DD-07A720E84B92}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"{A87B50CD-EC0B-49D3-B430-4314FC12E8FA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

"{A951C0C6-5FE2-465E-9AF1-7BF3A665C680}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

"{B4F53B7C-6488-46F2-BAAF-77F4222EFEED}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"{BAE54F11-5DA0-4718-A7F6-EE1CA41F2B6D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

"{C8E40113-F43F-49DD-AB0F-9DB8300492B4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |

"{CAD96D04-E6BE-4BCA-AF85-58F469AF4928}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{D1D2F7FD-0953-46BC-BE70-AEB6BE331389}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{D9DF041E-91CB-44CB-A70B-E5CE0E38C79C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{DB52E9CD-3CB4-4398-BB09-1B83C1E7313A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{E636B122-6141-4DBB-A698-588A1690C016}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{E8F45C32-838A-4251-ABC6-0282F7D5B99A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |

"{EE83D10A-72E7-47CB-BD30-3AAD07CC9EB9}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{F3E0F2B8-F760-4C86-ABEF-47F193FC15AF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |

"{F69BDCA6-C8ED-4B05-B2C7-E45AFC5E1788}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |

"TCP Query User{1A0427C8-B120-44B0-BB2B-1E079614302F}C:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe |

"TCP Query User{1ABFA41A-B5FB-4E43-954C-DFECF5B04E5C}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"TCP Query User{31E1B83D-A6C4-434A-95EF-DB9F45C67C52}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"TCP Query User{5F5CFBD9-E9BB-413D-8896-F4742DE5818F}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"TCP Query User{8D9C1E4F-CA87-4EFF-9DED-8012327F09F2}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"TCP Query User{CCB8653E-1DE8-44D0-B51C-27A8DA9E74A5}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"UDP Query User{09CF4292-4D6C-4277-A32A-73C545CA04C8}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"UDP Query User{93D91748-67DF-402C-A5D6-1444D6E2E559}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"UDP Query User{C31D4D3A-4877-4FEC-BBF6-E6D6EF1F644C}C:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe |

"UDP Query User{D2C534DA-5CDD-44C7-ADA5-4FDEFFE931C4}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"UDP Query User{E519FC14-1EA4-49BC-8D64-15CF1F9C33A7}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"UDP Query User{FFEB6710-E5BF-4565-BC2D-1B4DC50EA81B}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java 6 Update 29 (64-bit)

"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu

"{96CC6DCC-8EBA-3F85-899B-933F599C4142}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision drivrutin 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIAs kontrollpanel 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafikdrivrutin 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision drivrutin för styrenhet 285.62

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systemprogramvara 9.11.0621

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA-uppdatering 1.5.20

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client SV-SE Language Pack

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F8D02DBB-9B81-4192-9E85-219AD0447920}" = Microsoft Antimalware Service SV-SE Language Pack

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE

"Microsoft Security Client" = Microsoft Security Essentials

"PC-Doctor for Windows" = Hårdvarudiagnostikverktyg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{2C1B58D5-6549-472C-86B7-17BE57186628}" = Microsoft Works

"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0

"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0020-041D-0000-0000000FF1CE}" = Compatibility Pack för Office 2007-systemet

"{95120000-00AF-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Swedish)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{AC76BA86-7AD7-1053-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Svenska

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FC98FBE9-E931-494C-8717-497185371053}" = Nero 7 Ultra Edition

"7-Zip" = 7-Zip 9.22beta

"8461-7759-5462-8226" = Vuze

"Diablo III" = Diablo III

"ESET Online Scanner" = ESET Online Scanner v3

"HP Remote Solution" = HP Remote Solution

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Personal" = BankID säkerhetsprogram 4.18.3

"WildTangent hp Master Uninstall" = HP Games

"VLC media player" = VLC media player 1.1.11

"Vuze_Remote Toolbar" = Vuze Remote Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2012-07-03 07:23:35 | Computer Name = Mank70-Dator | Source = Microsoft Security Client Setup | ID = 100

Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials

installation. An error has prevented the Security Essentials setup wizard from

completing successfully. Please restart your computer and try again. Error code:0x80070643.

(null)

Error - 2012-07-04 04:34:20 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2012-07-05 04:58:41 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2012-07-08 04:46:26 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2012-07-09 06:40:39 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2012-07-10 07:19:57 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000

Description = Felet uppstod i programmet med namn: b0vy5k7q.exe, version 1.0.15.15641,

tidsstämpel 0x4e21f2b1 , felet uppstod i modulen med namn: ntdll.dll, version 6.1.7601.17725,

tidsstämpel 0x4ec49b8f Undantagskod: 0xc0000005 Felförskjutning: 0x0003331f Process-ID:

0xcf0 Programmets starttid: 0x01cd5e8d8e29806d Sökväg till program: C:\Users\Mank70\AppData\Local\Microsoft\Windows\Temporary

Internet Files\Content.IE5\JYCUZSX4\b0vy5k7q.exe Sökväg till modul: C:\Windows\SysWOW64\ntdll.dll

Rapport-ID:

2da29a9c-ca81-11e1-bc76-406186960ff2

Error - 2012-07-10 07:22:21 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000

Description = Felet uppstod i programmet med namn: RootkitRevealer.exe, version

1.71.0.0, tidsstämpel 0x44e255aa , felet uppstod i modulen med namn: RootkitRevealer.exe,

version 1.71.0.0, tidsstämpel 0x44e255aa Undantagskod: 0xc0000005 Felförskjutning:

0x000040cd Process-ID: 0x119c Programmets starttid: 0x01cd5e8e40f643eb Sökväg till

program: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Sökväg till

modul: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Rapport-ID:

834d1dc7-ca81-11e1-bc76-406186960ff2

Error - 2012-07-10 07:24:33 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000

Description = Felet uppstod i programmet med namn: RootkitRevealer.exe, version

1.71.0.0, tidsstämpel 0x44e255aa , felet uppstod i modulen med namn: RootkitRevealer.exe,

version 1.71.0.0, tidsstämpel 0x44e255aa Undantagskod: 0xc0000005 Felförskjutning:

0x000040cd Process-ID: 0x1374 Programmets starttid: 0x01cd5e8e8dfb66ef Sökväg till

program: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Sökväg till

modul: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Rapport-ID:

d1f7615b-ca81-11e1-bc76-406186960ff2

Error - 2012-07-10 07:25:11 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000

Description = Felet uppstod i programmet med namn: RootkitRevealer.exe, version

1.71.0.0, tidsstämpel 0x44e255aa , felet uppstod i modulen med namn: RootkitRevealer.exe,

version 1.71.0.0, tidsstämpel 0x44e255aa Undantagskod: 0xc0000005 Felförskjutning:

0x000040cd Process-ID: 0x52c Programmets starttid: 0x01cd5e8ea50a46f7 Sökväg till

program: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Sökväg till

modul: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Rapport-ID:

e8a6819e-ca81-11e1-bc76-406186960ff2

Error - 2012-07-10 08:27:26 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

[ System Events ]

Error - 2012-05-04 02:04:13 | Computer Name = Mank70-Dator | Source = iaStor | ID = 262153

Description = Enheten \Device\Ide\iaStor0 har inte svarat inom den angivna tidsgränsen.

Error - 2012-05-04 16:50:11 | Computer Name = Mank70-Dator | Source = Microsoft Antimalware | ID = 2001

Description = %%860 stötte på ett fel när signaturer skulle uppdateras. Ny signaturversion:

Föregående signaturversion: 1.125.1048.0 Uppdateringskälla: %%859 Uppdateringsfas:

%%852 Källsökväg: http://www.microsoft.com Signaturtyp: %%800 Uppdateringstyp: %%803

Användare:

NT instans\SYSTEM Aktuell motorversion: Föregående motorversion: 1.1.8304.0 Felkod:

0x8024001e Felbeskrivning: Ett oväntat problem uppstod under sökningen efter uppdateringar.

Mer information om hur du installerar och felsöker uppdateringar finns i Hjälp

och support.

Error - 2012-05-17 01:15:44 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam

Client Service skulle ansluta.

Error - 2012-05-17 01:15:44 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7000

Description = Tjänsten Steam Client Service kunde inte startas på grund av följande

fel: %%1053

Error - 2012-05-19 04:34:12 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam

Client Service skulle ansluta.

Error - 2012-05-19 04:34:12 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7000

Description = Tjänsten Steam Client Service kunde inte startas på grund av följande

fel: %%1053

Error - 2012-05-20 05:06:49 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam

Client Service skulle ansluta.

Error - 2012-05-20 05:06:49 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7000

Description = Tjänsten Steam Client Service kunde inte startas på grund av följande

fel: %%1053

Error - 2012-06-08 14:23:59 | Computer Name = Mank70-Dator | Source = DCOM | ID = 10010

Description =

Error - 2012-06-11 04:46:23 | Computer Name = Mank70-Dator | Source = Microsoft Antimalware | ID = 2001

Description = %%860 stötte på ett fel när signaturer skulle uppdateras. Ny signaturversion:

Föregående signaturversion: 1.127.1680.0 Uppdateringskälla: %%859 Uppdateringsfas:

%%852 Källsökväg: http://www.microsoft.com Signaturtyp: %%800 Uppdateringstyp: %%803

Användare:

NT instans\SYSTEM Aktuell motorversion: Föregående motorversion: 1.1.8403.0 Felkod:

0x8024001e Felbeskrivning: Ett oväntat problem uppstod under sökningen efter uppdateringar.

Mer information om hur du installerar och felsöker uppdateringar finns i Hjälp

och support.

< End of report > (Jag vet ej hur man sparar som fil).

Microsoft security essentials går inte att uppdatera- den klagar på min nätverksuppslutning. Windows går ej heller att uppdatera- jag får felmeddelandet- kod80070666

Link to comment
Share on other sites

OTL logfile created on: 2012-07-15 10:44:05 - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Mank70\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

7,96 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 73,44% Memory free

15,92 Gb Paging File | 13,35 Gb Available in Paging File | 83,87% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 919,87 Gb Total Space | 600,97 Gb Free Space | 65,33% Space Free | Partition Type: NTFS

Drive D: | 11,54 Gb Total Space | 11,46 Gb Free Space | 99,26% Space Free | Partition Type: NTFS

Computer Name: MANK70-DATOR | User Name: Mank70 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mank70\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)

PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)

PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)

PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe (Hewlett-Packard)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ()

PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()

MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll ()

MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ()

MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL ()

========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (NisSrv) -- c:\Program\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)

DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)

DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.)

DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)

DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/11

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B60729A2-1CD4-441A-8770-BCF7D800D4AA}

IE:64bit: - HKLM\..\SearchScopes\{B60729A2-1CD4-441A-8770-BCF7D800D4AA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/11

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {B60729A2-1CD4-441A-8770-BCF7D800D4AA}

IE - HKLM\..\SearchScopes\{B60729A2-1CD4-441A-8770-BCF7D800D4AA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {B60729A2-1CD4-441A-8770-BCF7D800D4AA}

IE - HKCU\..\SearchScopes\{B60729A2-1CD4-441A-8770-BCF7D800D4AA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Mank70\AppData\Local\RewardsArcade\498\Firefox

O1 HOSTS File: ([2012-07-14 21:27:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found

O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL File not found

O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL File not found

O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{575E171D-DDF1-4DB7-AEDE-6ABC6CA8B4EB}: NameServer = 130.244.127.162,212.247.250.254

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-07-15 10:42:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mank70\Desktop\OTL.exe

[2012-07-14 21:30:30 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012-07-14 21:27:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012-07-13 14:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012-07-13 14:19:06 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV

[2012-07-13 14:15:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Mank70\Desktop\aswMBR.exe

[2012-07-13 14:12:40 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mank70\Desktop\tdsskiller.exe

[2012-07-12 13:39:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012-07-12 13:39:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012-07-12 13:39:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012-07-12 13:39:13 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012-07-12 13:39:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012-07-12 13:37:09 | 004,579,346 | R--- | C] (Swearware) -- C:\Users\Mank70\Desktop\ComboFix.exe

[2012-07-12 00:05:24 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2012-07-12 00:05:24 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2012-07-11 14:59:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012-07-11 14:59:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012-07-11 14:59:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012-07-11 14:59:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012-07-11 14:59:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012-07-11 14:59:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012-07-11 14:59:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012-07-11 14:59:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012-07-11 14:59:24 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012-07-11 14:59:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012-07-11 14:59:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012-07-11 14:59:24 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012-07-11 14:59:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012-07-11 12:35:32 | 000,000,000 | ---D | C] -- C:\Users\Mank70\AppData\Roaming\Malwarebytes

[2012-07-11 12:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012-07-11 12:35:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012-07-11 12:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012-07-11 12:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012-07-11 11:18:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012-07-11 11:18:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2012-07-11 11:18:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012-07-11 11:18:47 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll

[2012-07-11 11:18:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012-07-10 19:36:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mank70\Desktop\dds.scr

[2012-07-09 19:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III

[2012-07-09 18:51:21 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012-07-09 18:51:21 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012-07-09 18:51:21 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012-07-09 18:51:12 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2012-07-09 18:51:11 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2012-07-09 18:51:11 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2012-07-09 18:50:57 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012-07-09 18:50:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2012-07-09 17:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService

[2012-07-09 17:02:35 | 000,000,000 | ---D | C] -- C:\Users\Mank70\Documents\Ny mapp

[2012-07-09 15:53:57 | 000,000,000 | ---D | C] -- C:\0ebca1d037f143b46736e586b3ec8b

[2012-07-09 15:40:18 | 000,000,000 | ---D | C] -- C:\Users\Mank70\AppData\Local\ElevatedDiagnostics

[2012-07-03 13:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

========== Files - Modified Within 30 Days ==========

[2012-07-15 10:42:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mank70\Desktop\OTL.exe

[2012-07-15 09:04:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012-07-15 09:04:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012-07-15 08:56:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012-07-15 08:56:36 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys

[2012-07-14 21:27:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012-07-14 21:20:50 | 004,579,346 | R--- | M] (Swearware) -- C:\Users\Mank70\Desktop\ComboFix.exe

[2012-07-13 14:17:03 | 000,000,512 | ---- | M] () -- C:\Users\Mank70\Desktop\MBR.dat

[2012-07-13 14:15:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Mank70\Desktop\aswMBR.exe

[2012-07-13 14:12:54 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mank70\Desktop\tdsskiller.exe

[2012-07-11 22:59:03 | 000,329,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012-07-11 13:08:09 | 000,165,376 | ---- | M] () -- C:\Users\Mank70\Desktop\SystemLook_x64.exe

[2012-07-11 12:35:28 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012-07-10 19:36:35 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mank70\Desktop\dds.scr

[2012-07-09 19:16:26 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk

========== Files Created - No Company Name ==========

[2012-07-13 14:17:03 | 000,000,512 | ---- | C] () -- C:\Users\Mank70\Desktop\MBR.dat

[2012-07-12 13:39:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012-07-12 13:39:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012-07-12 13:39:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012-07-12 13:39:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012-07-12 13:39:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012-07-11 13:08:09 | 000,165,376 | ---- | C] () -- C:\Users\Mank70\Desktop\SystemLook_x64.exe

[2012-07-11 12:35:28 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012-07-03 13:29:37 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012-02-09 16:36:41 | 000,000,314 | ---- | C] () -- C:\Users\Mank70\AppData\Roaming\wklnhst.dat

[2012-01-26 18:36:39 | 000,886,681 | ---- | C] () -- C:\Users\Mank70\AppData\Local\tmpDSC_0128.JPG

[2012-01-11 12:45:35 | 000,002,048 | -HS- | C] () -- C:\Users\Mank70\AppData\Local\{97784f56-152f-eded-999a-0ea970a7a1e5}\@

[2011-11-28 14:55:56 | 000,000,186 | ---- | C] () -- C:\Windows\wininit.ini

[2011-11-25 20:27:27 | 000,000,032 | ---- | C] () -- C:\Program Files\plugins-04041e-fe8.dat

[2011-11-25 17:16:54 | 001,492,470 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011-10-15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== LOP Check ==========

[2012-07-13 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\Mank70\AppData\Roaming\Azureus

[2011-11-28 16:04:43 | 000,000,000 | ---D | M] -- C:\Users\Mank70\AppData\Roaming\Leadertech

[2012-05-14 21:10:43 | 000,000,000 | ---D | M] -- C:\Users\Mank70\AppData\Roaming\Might & Magic Heroes VI

[2012-04-18 09:09:35 | 000,000,000 | ---D | M] -- C:\Users\Mank70\AppData\Roaming\Personal

[2011-11-25 20:25:59 | 000,000,000 | ---D | M] -- C:\Users\Mank70\AppData\Roaming\Systweak

[2012-02-09 16:38:06 | 000,000,000 | ---D | M] -- C:\Users\Mank70\AppData\Roaming\Template

[2012-05-31 10:19:02 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job

[2012-07-12 14:11:04 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Proghrammen avinstallerade.. stratar om datorn och provar..

Link to comment
Share on other sites

Problemet i antivirus programmet kvarstår. Dock så har jag tydligen inget att hämta med windows update då den säger att jag har allt det senaste..

Tror du att en återställning med skivorna till den tidpunkt datorn var ny skulle funka?

Jag är verkligen tacksam för din hjälp! :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...