paba
-
Innlegg
88 -
Ble med
-
Besøkte siden sist
Innholdstype
Profiler
Forum
Hendelser
Blogger
Om forumet
Innlegg skrevet av paba
-
-
Får også feilmelding 1067 når jeg forsøker å starte Cryptographic Services, under Tjenester (lokal).
-
Ser ikke ut til at HitmanPro virker uten nettkontakt.
Det vil ikke hjelpe å kjøre systemgjenoppsetting tilbake til august?
-
Hva står 64-bit for?
-
ESET programmet hjapl nok ikke heller. Er ikke trådløst nett/internett nå heller.
Hvordan lager jeg en oppstarts USB minnepenn.
-
TDSSKiller finner ingen trussler.
-
Problemene startet rundt 8-9 september.
-
Vet ikke om jeg har nevnt det, men problemene startet med veldig treg oppstart av programmer, og fikk så meldingen:
Peer Networking Grouping har sluttet å virke, etterfulgt av feil 1067, da jeg forsøkte å gå inn og restarte PNG.
-
Da prøver jeg først TDSSKiller, og så ESET-programmet etter det.
-
Farbar search logg:
Farbar Recovery Scan Tool (x64) Version: 18-09-2012
Ran by SYSTEM at 2012-09-20 09:50:09
Running from I:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\SysWOW64\services.exe
[2012-09-15 11:54] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
====== End Of Search ======
Jeg har fortsatt ikke nettverk/internett.
Er snart eneste mulighet å slette alt på maskinen og få den satt opp på nytt? Vil da problemene bli borte? Hvor gjør de eventuelt det? PC ble kjøpt hos Elkjøp.
-
Farbar logg:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2012
Ran by SYSTEM at 19-09-2012 18:02:03
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6489704 2010-09-21] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-08-30] (EasyBits Software AS)
HKU\Anne Grete\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\Anne Grete\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1083264 2012-01-10] (Nokia)
HKU\Anne Grete\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5663616 2012-09-06] (SUPERAntiSpyware.com)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
==================== Services (Whitelisted) ===================
2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
==================== Drivers (Whitelisted) =====================
3 cxbu0x64; C:\Windows\System32\Drivers\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)
3 elxstor; C:\Windows\System32\Drivers\elxstor.sys [530496 2009-07-13] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-09-19 18:01 - 2012-09-19 18:02 - 00000000 ____D C:\FRST
2012-09-18 10:25 - 2012-09-18 10:25 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d75f531b-4e49-4c12-9cd2-fd3808b8949e.job
2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 71fa4109-7868-477d-ad8a-908d347e106a.job
2012-09-18 07:01 - 2012-09-18 07:01 - 00023748 ____A C:\ComboFix.txt
2012-09-18 04:55 - 2012-09-18 04:55 - 00000000 ____D C:\Users\Anne Grete\Desktop\Ny mappe
2012-09-17 12:40 - 2012-09-17 12:32 - 04731392 ____A (AVAST Software) C:\Users\Anne Grete\Desktop\aswMBR.exe
2012-09-15 11:54 - 2009-07-13 17:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2012-09-15 10:52 - 2012-09-15 10:52 - 00000488 ____A C:\Windows\WindowsUpdate.log
2012-09-15 08:48 - 2012-09-15 08:34 - 00165376 ____A C:\Users\Anne Grete\Desktop\SystemLook_x64.exe
2012-09-15 08:31 - 2012-09-19 07:41 - 00001512 ____A C:\Windows\setupact.log
2012-09-15 08:31 - 2012-09-18 09:28 - 00004504 ____A C:\Windows\PFRO.log
2012-09-15 08:31 - 2012-09-15 08:31 - 00000000 ____A C:\Windows\setuperr.log
2012-09-15 00:29 - 2012-09-17 12:33 - 04751448 ____R (Swearware) C:\Users\Anne Grete\Desktop\ComboFix.exe
2012-09-14 23:32 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-14 23:32 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-14 23:32 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-14 23:32 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-14 23:32 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-14 23:32 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-14 23:32 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-14 23:32 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-14 23:31 - 2012-09-18 07:01 - 00000000 ____D C:\Qoobox
2012-09-14 23:31 - 2012-09-18 06:59 - 00000000 ____D C:\Windows\erdnt
2012-09-14 22:29 - 2012-09-16 12:48 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-14 22:29 - 2012-09-07 07:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-10 11:20 - 2012-09-16 12:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-10 11:20 - 2012-09-10 11:20 - 00000000 ____D C:\Users\Anne Grete\AppData\Roaming\Malwarebytes
2012-09-10 11:20 - 2012-09-10 11:20 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-10 10:56 - 2012-09-18 10:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-09-10 10:56 - 2012-09-10 10:56 - 00000000 ____D C:\Users\Anne Grete\AppData\Roaming\SUPERAntiSpyware.com
2012-09-10 10:56 - 2012-09-10 10:56 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-09-08 10:33 - 2012-09-11 11:13 - 00000000 ____D C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-09-05 04:30 - 2012-09-05 04:30 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-05 04:30 - 2012-09-05 04:30 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-08-23 12:50 - 2012-08-23 12:50 - 00010274 ____A C:\Users\Anne Grete\Downloads\Chokladkaka _ Recept.htm
2012-08-23 12:50 - 2012-08-23 12:50 - 00007229 ____A C:\Users\Anne Grete\Downloads\Oreokake _ Recept.htm
2012-08-23 12:50 - 2012-08-23 12:50 - 00000000 ____D C:\Users\Anne Grete\Downloads\Filer_for_Oreokake _ Recept
2012-08-23 12:50 - 2012-08-23 12:50 - 00000000 ____D C:\Users\Anne Grete\Downloads\Filer_for_Chokladkaka _ Recept
2012-08-23 04:06 - 2012-08-23 04:06 - 00000000 ____D C:\Users\Anne Grete\AppData\Local\Macromedia
2012-08-23 04:03 - 2012-09-16 12:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-23 04:03 - 2012-08-23 10:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-23 04:03 - 2012-08-23 04:03 - 00000000 ____D C:\Windows\System32\Macromed
2012-08-22 05:10 - 2012-09-05 04:30 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-08-22 05:07 - 2012-08-22 05:07 - 00894952 ____A (Oracle Corporation) C:\Users\Anne Grete\Downloads\jxpiinstall(2).exe
==================== 3 Months Modified Files ==================
2012-09-19 07:49 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-19 07:49 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-19 07:42 - 2012-08-16 22:47 - 00000996 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-19 07:41 - 2012-09-15 08:31 - 00001512 ____A C:\Windows\setupact.log
2012-09-19 07:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-18 10:25 - 2012-09-18 10:25 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d75f531b-4e49-4c12-9cd2-fd3808b8949e.job
2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 71fa4109-7868-477d-ad8a-908d347e106a.job
2012-09-18 09:28 - 2012-09-15 08:31 - 00004504 ____A C:\Windows\PFRO.log
2012-09-18 07:01 - 2012-09-18 07:01 - 00023748 ____A C:\ComboFix.txt
2012-09-18 06:59 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-17 12:33 - 2012-09-15 00:29 - 04751448 ____R (Swearware) C:\Users\Anne Grete\Desktop\ComboFix.exe
2012-09-17 12:32 - 2012-09-17 12:40 - 04731392 ____A (AVAST Software) C:\Users\Anne Grete\Desktop\aswMBR.exe
2012-09-16 12:52 - 2012-08-23 04:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-16 12:48 - 2012-09-14 22:29 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-16 11:12 - 2009-07-13 21:08 - 00032542 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-16 01:57 - 2012-08-16 22:47 - 00001000 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-15 11:48 - 2011-06-01 12:05 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-15 10:52 - 2012-09-15 10:52 - 00000488 ____A C:\Windows\WindowsUpdate.log
2012-09-15 08:34 - 2012-09-15 08:48 - 00165376 ____A C:\Users\Anne Grete\Desktop\SystemLook_x64.exe
2012-09-15 08:31 - 2012-09-15 08:31 - 00000000 ____A C:\Windows\setuperr.log
2012-09-07 10:11 - 2012-08-10 08:09 - 00000352 ____A C:\Windows\Tasks\HPCeeScheduleForAnne Grete.job
2012-09-07 07:04 - 2012-09-14 22:29 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-05 04:30 - 2012-09-05 04:30 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-05 04:30 - 2012-09-05 04:30 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-05 04:30 - 2012-08-22 05:10 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-05 04:30 - 2012-04-12 10:53 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-05 04:30 - 2012-04-12 10:53 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-05 04:30 - 2010-10-23 03:21 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-05 00:58 - 2012-08-16 22:51 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-09-04 08:25 - 2011-04-27 11:58 - 00000350 ____A C:\Windows\Tasks\HPCeeScheduleForANNEGRETE-HP$.job
2012-08-23 12:50 - 2012-08-23 12:50 - 00010274 ____A C:\Users\Anne Grete\Downloads\Chokladkaka _ Recept.htm
2012-08-23 12:50 - 2012-08-23 12:50 - 00007229 ____A C:\Users\Anne Grete\Downloads\Oreokake _ Recept.htm
2012-08-23 10:52 - 2012-08-23 04:03 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-23 10:52 - 2011-07-13 23:55 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-22 05:07 - 2012-08-22 05:07 - 00894952 ____A (Oracle Corporation) C:\Users\Anne Grete\Downloads\jxpiinstall(2).exe
2012-08-15 23:32 - 2009-07-13 20:45 - 00426408 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-30 03:32 - 2012-07-30 03:32 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-07-18 09:31 - 2012-08-14 09:57 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-06 12:06 - 2012-08-15 12:21 - 00552448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-06 12:06 - 2012-08-15 12:21 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2012-07-04 14:04 - 2012-08-14 09:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:01 - 2012-08-14 09:57 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:01 - 2012-08-14 09:57 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:26 - 2012-08-14 09:57 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:23 - 2012-08-14 09:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 20:55 - 2012-08-15 12:19 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-15 12:19 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-15 12:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-15 12:19 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-15 12:19 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-15 12:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-15 12:19 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-15 12:19 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-15 12:19 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-15 12:19 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-15 12:19 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-15 12:19 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-15 12:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-15 12:19 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-15 12:19 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-15 12:19 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-15 12:19 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-15 12:19 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-15 12:19 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-15 12:19 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 12:19 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-15 12:19 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 12:19 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-15 12:19 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 12:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-15 12:19 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 12:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 12:19 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-08-15 12:17:43
Restore point made on: 2012-08-22 05:10:16
Restore point made on: 2012-08-29 11:52:04
Restore point made on: 2012-09-05 04:29:43
Restore point made on: 2012-09-08 10:33:27
Restore point made on: 2012-09-08 10:36:31
Restore point made on: 2012-09-08 10:37:53
Restore point made on: 2012-09-10 07:51:10
Restore point made on: 2012-09-10 07:52:22
Restore point made on: 2012-09-10 13:54:08
Restore point made on: 2012-09-14 22:08:01
Restore point made on: 2012-09-14 22:09:14
Restore point made on: 2012-09-15 00:25:32
==================== Memory info ===========================
Percentage of memory in use: 19%
Total physical RAM: 3957.86 MB
Available physical RAM: 3191.94 MB
Total Pagefile: 3956.01 MB
Available Pagefile: 3189.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:444.62 GB) (Free:375.56 GB) NTFS ==>[system with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:20.85 GB) (Free:3.03 GB) NTFS ==>[system with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
6 Drive i: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:838.45 GB) NTFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Disknr. Status Str. Ledig Dyn GPT
-------- ------------- ------- ------- --- ---
Disk 0 Tilkoblet 465 G byte 0 byte
Disk 1 Intet medium 0 byte 0 byte
Disk 2 Tilkoblet 931 G byte 0 byte
Forlater DiskPart...
Partitions of Disk 0:
===============
Disk 0 er n† den valgte disken.
Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 199 M 1024 K byte
Partisjon 2 Prim‘r 444 G 200 M byte
Partisjon 3 Prim‘r 20 G 444 G byte
Partisjon 4 Prim‘r 103 M 465 G byte
Forlater DiskPart...
==================================================================================
Disk: 0
Disk 0 er n† den valgte disken.
Partisjonen 1 er n† den valgte partisjonen.
Partisjon 1
Type : 07
Skjult: Nei
Aktiv : Ja
Forskyvning i byte: 1048576
Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 1 Y SYSTEM NTFS Partisjon 199 M OK
Forlater DiskPart...
=========================================================
Disk: 0
Disk 0 er n† den valgte disken.
Partisjonen 2 er n† den valgte partisjonen.
Partisjon 2
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning i byte: 209715200
Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 2 C NTFS Partisjon 444 G OK
Forlater DiskPart...
=========================================================
Disk: 0
Disk 0 er n† den valgte disken.
Partisjonen 3 er n† den valgte partisjonen.
Partisjon 3
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning i byte: 477611687936
Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 3 E RECOVERY NTFS Partisjon 20 G OK
Forlater DiskPart...
=========================================================
Disk: 0
Disk 0 er n† den valgte disken.
Partisjonen 4 er n† den valgte partisjonen.
Partisjon 4
Type : 0C
Skjult: Nei
Aktiv : Nei
Forskyvning i byte: 499998785536
Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 4 F HP_TOOLS FAT32 Partisjon 103 M OK
Forlater DiskPart...
=========================================================
Partitions of Disk 2:
===============
Disk 2 er n† den valgte disken.
Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 931 G 31 K byte
Forlater DiskPart...
==================================================================================
Disk: 2
Disk 2 er n† den valgte disken.
Partisjonen 1 er n† den valgte partisjonen.
Partisjon 1
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning i byte: 32256
Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 6 I Iomega HDD NTFS Partisjon 931 G OK
Forlater DiskPart...
=========================================================
Last Boot: 2012-09-16 00:07
==================== End Of Log =============================
-
Combofix logg, kjørt i sikker modus
ComboFix 12-09-16.01 - Anne Grete 18.09.2012 14:58:00.8.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.3958.3322 [GMT 2:00]
Kjører fra: c:\users\Anne Grete\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Opprettet nytt gjenopprettingspunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Services.exe . . . er infisert!!
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2012-08-18 til 2012-09-18 )))))))))))))))))))))))))))))))))
.
.
2012-09-18 14:59 . 2012-09-18 14:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-15 19:54 . 2009-07-14 01:39 328704 ----a-w- c:\windows\SysWow64\services.exe
2012-09-15 06:29 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-10 19:20 . 2012-09-10 19:20 -------- d-----w- c:\users\Anne Grete\AppData\Roaming\Malwarebytes
2012-09-10 19:20 . 2012-09-10 19:20 -------- d-----w- c:\programdata\Malwarebytes
2012-09-10 19:20 . 2012-09-16 20:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-10 18:56 . 2012-09-10 18:56 -------- d-----w- c:\users\Anne Grete\AppData\Roaming\SUPERAntiSpyware.com
2012-09-10 18:56 . 2012-09-10 22:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-10 18:56 . 2012-09-10 18:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-08 18:33 . 2012-09-11 19:13 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-09-05 12:30 . 2012-09-05 12:30 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-23 12:06 . 2012-08-23 12:06 -------- d-----w- c:\users\Anne Grete\AppData\Local\Macromedia
2012-08-23 12:03 . 2012-08-23 18:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-23 12:03 . 2012-08-23 12:03 -------- d-----w- c:\windows\system32\Macromed
2012-08-22 13:11 . 2012-08-22 13:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-22 13:10 . 2012-09-05 12:30 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-05 12:30 . 2010-10-23 11:21 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-23 18:52 . 2011-07-14 07:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-30 11:32 . 2012-07-30 11:32 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-07-18 17:31 . 2012-08-14 17:57 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:06 . 2012-08-15 20:21 552448 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-06 20:06 . 2012-08-15 20:21 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-07-04 22:04 . 2012-08-14 17:57 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:01 . 2012-08-14 17:57 58880 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:01 . 2012-08-14 17:57 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:23 . 2012-08-14 17:57 41472 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 20:19 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 20:19 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 20:19 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 20:19 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 20:19 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 20:19 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 20:19 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 20:19 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 20:19 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 20:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 20:19 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 20:19 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 20:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 20:19 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 20:19 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 20:19 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 20:19 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 20:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 20:19 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((( SnapShot@2012-09-16_08.28.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-09-16 07:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-18 12:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-16 07:32 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-18 12:28 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-16 07:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-18 12:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-23 11:01 . 2012-09-17 20:26 57810 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-18 12:31 40198 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-04-26 20:14 . 2012-09-16 07:19 16282 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2724727176-3469311930-917037092-1000_UserData.bin
+ 2011-04-26 20:14 . 2012-09-18 12:31 16282 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2724727176-3469311930-917037092-1000_UserData.bin
+ 2012-09-17 15:34 . 2012-09-17 15:34 1892 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-09-15 19:46 . 2012-09-15 19:46 1892 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-09-17 20:23 . 2012-09-18 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-15 21:55 . 2012-09-16 07:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-17 20:23 . 2012-09-18 12:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-15 21:55 . 2012-09-16 07:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-09-15 18:24 391644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-16 20:03 391644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-09-08 13:25 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-09-16 08:39 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-09 203264]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
R2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250056]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-09 7767552]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-09 279040]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-29 31088]
R3 cxbu0x64;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0x64.sys [2011-09-06 177920]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-11 99384]
R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-09-11 1014624]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-11-01 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-11-01 171008]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-29 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 18:52]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 06:46]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 06:46]
.
2012-09-07 c:\windows\Tasks\HPCeeScheduleForAnne Grete.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-09-04 c:\windows\Tasks\HPCeeScheduleForANNEGRETE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
------- Tilleggsskanning -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Anne Grete\AppData\Roaming\Mozilla\Firefox\Profiles\4vl8xzu2.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tidspunkt ferdig: 2012-09-18 17:01:42
ComboFix-quarantined-files.txt 2012-09-18 15:01
ComboFix2.txt 2012-09-16 08:33
.
Pre-Run: 403 311 575 040 byte ledig
Post-Run: 403 219 881 984 byte ledig
.
- - End Of File - - 6328548B615BEA53B22E2563DF0F0287
Får ikke startet Superantispyware, er ingen oppstartfil å starte den fra.
-
Malwarebytes log:
Databaseversjon: v2012.09.07.13
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Anne Grete :: ANNEGRETE-HP [administrator]
Beskyttelse: Aktivert
16.09.2012 22:56:25
mbam-log-2012-09-16 (22-56-25).txt
Skanntype: Full skann (C:\|D:\|Q:\|)
Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM
Deaktiverte skanninnstillinger: P2P
Objekter skannet: 422238
Tid tilbakelagt: 1 time®, 2 minutt(er), 15 sekund(er)
Minneprosesser oppdaget: 0
(Ingen skadelige objekter funnet)
Minnemoduler oppdaget: 0
(Ingen skadelige objekter funnet)
Registernøkler oppdaget: 0
(Ingen skadelige objekter funnet)
Registerverdier oppdaget: 0
(Ingen skadelige objekter funnet)
Registerfiler oppdaget: 0
(Ingen skadelige objekter funnet)
Mapper oppdaget: 0
(Ingen skadelige objekter funnet)
Filer oppdaget 0
(Ingen skadelige objekter funnet)
(klar)
aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-17 22:40:58
-----------------------------
22:40:58.241 OS Version: Windows x64 6.1.7600
22:40:58.242 Number of processors: 4 586 0x2505
22:40:58.243 ComputerName: ANNEGRETE-HP UserName: Anne Grete
22:41:02.473 Initialize success
22:41:25.514 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:41:25.519 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3
22:41:25.530 Disk 0 MBR read successfully
22:41:25.534 Disk 0 MBR scan
22:41:25.539 Disk 0 unknown MBR code
22:41:25.553 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:41:25.570 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 455286 MB offset 409600
22:41:25.609 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21350 MB offset 932835328
22:41:25.633 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
22:41:25.676 Disk 0 scanning C:\Windows\system32\drivers
22:41:34.769 Service scanning
22:41:54.750 Modules scanning
22:41:54.766 Disk 0 trace - called modules:
22:41:54.833 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:41:54.845 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004beb060]
22:41:54.855 3 CLASSPNP.SYS[fffff88001b3e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004984050]
22:41:54.864 Scan finished successfully
22:53:15.804 Disk 0 MBR has been saved successfully to "F:\Pål\Ny mappe (2)\Ny mappe\MBR.dat"
22:53:15.816 The log file has been saved successfully to "F:\Pål\Ny mappe (2)\Ny mappe\aswMBR.txt"
Jeg sliter med å få startet combofix...
Har ikke trådløst nettverk eller internett.
-
Her er logg fra combofix. Det tok lang tid!
ComboFix 12-09-14.03 - Anne Grete 15.09.2012 21:54:09.5.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.3958.2906 [GMT 2:00]
Kjører fra: c:\users\Anne Grete\Desktop\ComboFix.exe
Command switches brukt :: c:\users\Anne Grete\Desktop\cfscript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Opprettet nytt gjenopprettingspunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Services.exe . . . er infisert!!
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\system32\services.exe
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2012-08-16 til 2012-09-16 )))))))))))))))))))))))))))))))))
.
.
2012-09-15 21:54 . 2012-09-15 21:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-15 19:54 . 2009-07-14 01:39 328704 ----a-w- c:\windows\SysWow64\services.exe
2012-09-15 06:29 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-10 19:20 . 2012-09-10 19:20 -------- d-----w- c:\users\Anne Grete\AppData\Roaming\Malwarebytes
2012-09-10 19:20 . 2012-09-10 19:20 -------- d-----w- c:\programdata\Malwarebytes
2012-09-10 19:20 . 2012-09-15 06:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-10 18:56 . 2012-09-10 18:56 -------- d-----w- c:\users\Anne Grete\AppData\Roaming\SUPERAntiSpyware.com
2012-09-10 18:56 . 2012-09-10 22:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-10 18:56 . 2012-09-10 18:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-08 18:33 . 2012-09-11 19:13 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-09-05 12:30 . 2012-09-05 12:30 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-23 12:06 . 2012-08-23 12:06 -------- d-----w- c:\users\Anne Grete\AppData\Local\Macromedia
2012-08-23 12:03 . 2012-08-23 18:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-23 12:03 . 2012-08-23 12:03 -------- d-----w- c:\windows\system32\Macromed
2012-08-22 13:11 . 2012-08-22 13:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-22 13:10 . 2012-09-05 12:30 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-05 12:30 . 2010-10-23 11:21 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-23 18:52 . 2011-07-14 07:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-30 11:32 . 2012-07-30 11:32 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-07-18 17:31 . 2012-08-14 17:57 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:06 . 2012-08-15 20:21 552448 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-06 20:06 . 2012-08-15 20:21 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-07-04 22:04 . 2012-08-14 17:57 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:01 . 2012-08-14 17:57 58880 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:01 . 2012-08-14 17:57 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:23 . 2012-08-14 17:57 41472 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 20:19 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 20:19 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 20:19 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 20:19 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 20:19 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 20:19 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 20:19 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 20:19 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 20:19 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 20:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 20:19 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 20:19 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 20:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 20:19 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 20:19 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 20:19 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 20:19 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 20:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 20:19 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-08-30 61112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 250056]
R3 cxbu0x64;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0x64.sys [2011-09-06 177920]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-11 99384]
R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 136176]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-11-01 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-11-01 171008]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-29 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-09 203264]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-09 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-09 279040]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-29 31088]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-09-11 1014624]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-23 18:52]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 06:46]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-17 06:46]
.
2012-09-07 c:\windows\Tasks\HPCeeScheduleForAnne Grete.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-09-04 c:\windows\Tasks\HPCeeScheduleForANNEGRETE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Tilleggsskanning -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Anne Grete\AppData\Roaming\Mozilla\Firefox\Profiles\4vl8xzu2.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - TOMME PEKERE FJERNET - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2012-09-16 10:33:04 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2012-09-16 08:33
.
Pre-Run: 407 230 894 080 byte ledig
Post-Run: 404 788 965 376 byte ledig
.
- - End Of File - - C540E44AA8355DEEDE98B10ED1D84DE2
-
Ok. Kjører da combofix. Får igjen samme feilmelding etter:
Fullført Niva_50
System file is infected...
Lar maskinen stå til det skjer noe. Er neppe tilbake her før i morgen.
-
Samme feilmeldingen om avast antivirus kommer opp når jeg har kjørt uninstal programmet. Det var vel versjon 7 av avast som var på maskinen?
-
Nå virker det som det meste har låst seg, får heller ikke åpnet combofix...
-
Her er loggfilen fra Systemlook
SystemLook 30.07.11 by jpshortstuff
Log created at 19:35 on 15/09/2012 by AG
Administrator - Elevation successful
========== filefind ==========
Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
-= EOF =-
-
Feilmeldingen fra combofix er at følgende kjøretidsscannere er aktive:
antivirus: avast! Antivirus
antispyware: avast! Anitivirus
-
Skrudde av pc da combofix ikke kom videre. Får samme melding som over: System file is infected
Når jeg starter combofix så kommer det opp en advarsel som tyder på at ikke alle filer av Avast er fjernet.
Jeg avinstallerte Avast før jeg kjørte combofix.
-
Når jeg kjører Combofix så kommer det til Fullført Niva_50.
Da står det:
System file is infected!! Attempting to restore "C:Windows\system32\Services.exe"
Så har Combofix stått i en halv time uten at noe mer skjer.
-
Får også samme feil der ja.
Skal jeg avinsallere avast før jeg kjører combofix?
Blir borte på dagen jeg og, men poster så raskt jeg kan.
Takk for hjelpen så lenge.
-
Har avinstallert java programmene.
Når jeg forsøker å starte MBAM fra start-meny finnes ikke noen måte å åpne programmet på, heller ikke for SuperAntiSpyware. Er det en innstilling som er endret?
Lastet derfor ned MBAM på en annen maskin og innstallerte det igjen. Får da startet programmet og kjørt hurtigscan. Her er loggen:
Malwarebytes Anti-Malware (Prøveversjon) 1.65.0.1400
Databaseversjon: v2012.09.07.13
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Anne Grete :: ANNEGRETE-HP [administrator]
Beskyttelse: Deaktivert
15.09.2012 08:30:03
mbam-log-2012-09-15 (08-30-03).txt
Skanntype: Hurtigsøk
Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM
Deaktiverte skanninnstillinger: P2P
Objekter skannet: 195363
Tid tilbakelagt: 4 minutt(er), 14 sekund(er)
Minneprosesser oppdaget: 0
(Ingen skadelige objekter funnet)
Minnemoduler oppdaget: 0
(Ingen skadelige objekter funnet)
Registernøkler oppdaget: 0
(Ingen skadelige objekter funnet)
Registerverdier oppdaget: 0
(Ingen skadelige objekter funnet)
Registerfiler oppdaget: 0
(Ingen skadelige objekter funnet)
Mapper oppdaget: 0
(Ingen skadelige objekter funnet)
Filer oppdaget 1
C:\Users\Anne Grete\Downloads\installer_ccleaner.exe (PUP.BundleInstaller.BT) -> Satt i karantene og slettet vellykket.
(klar)
-
OTL Extras logfile created on: 9/14/2012 10:18:15 PM - Run 1
OTL by OldTimer - Version 3.2.61.4 Folder = F:\Pål
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy
3.87 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 60.18% Memory free
7.73 Gb Paging File | 6.06 Gb Available in Paging File | 78.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.62 Gb Total Space | 378.77 Gb Free Space | 85.19% Space Free | Partition Type: NTFS
Drive D: | 20.85 Gb Total Space | 3.03 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 838.51 Gb Free Space | 90.02% Space Free | Partition Type: NTFS
Computer Name: ANNEGRETE-HP | User Name: Anne Grete | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22E4445E-6008-43A8-AAF4-FA7EC3A877D6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2C98394F-4DB2-4B9C-B1EB-876A03CD608E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F26834D-8F1B-41D5-9004-FD646F58C1F9}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F5E124B-D497-4223-8A0A-D6AEEFBD71B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3CBADABF-782C-44D4-815F-D75E2505E9AC}" = rport=138 | protocol=17 | dir=out | app=system |
"{3D7FADA1-AAC4-4878-89D0-73BC8BDAE830}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{42B7BB1C-8B60-4609-86DB-CA918F55C6BF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5686D38E-BD9B-4761-A78D-9A60A5666411}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{5EEEF5E7-19D8-43FE-B921-8615A51C60DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{610A3AF9-8D04-4A8E-AC37-C518F01D8566}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{734F9DE2-0864-4818-90CA-9EC3B8A32EB1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8052E680-0ABA-46AC-80E9-5ACCC4E2A824}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{85F90ED0-727E-47E9-8D5A-ECF18EC12C48}" = rport=139 | protocol=6 | dir=out | app=system |
"{93853802-C109-4215-9688-BA68E5DD0A6C}" = lport=138 | protocol=17 | dir=in | app=system |
"{955B422D-723B-41F4-9526-E88E54D21AD3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{980242C6-94E2-4C70-B9E6-983D89AABBC0}" = lport=137 | protocol=17 | dir=in | app=system |
"{A025180F-AFB7-497E-A98A-67312A4C36F6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B1261D2A-0A80-4B0D-94C2-E2DD96FBDB52}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3B7D9CA-60FD-446A-A180-8DFD09A0464F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BEC8E119-5A4C-4071-AF34-19F0374AB5AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BEE796AD-5CB7-45D7-9C63-526797E8C6AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0EAE609-A416-46C8-87DE-038173C2EC6A}" = lport=139 | protocol=6 | dir=in | app=system |
"{CA472083-9F64-4F9F-8AD4-AA8E65E0B0C3}" = rport=137 | protocol=17 | dir=out | app=system |
"{CB42E684-EF4B-4493-8DD5-6EEAF0DB3181}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA914815-0BB0-4D1E-9A97-DCB6B753A016}" = lport=445 | protocol=6 | dir=in | app=system |
"{ECD500B2-8F78-4510-845B-D872AD407C55}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032D9930-A7F9-44C2-8E73-DA653CF7E059}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{06EFA5C8-0416-41EE-B7D1-03A34BAE204E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19CC46E4-651D-4B57-957B-E539BF417FC3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1F41637A-8C67-4A88-A639-F1CB39CC56FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2294742B-DD36-4D43-A138-AED3F438BF48}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2891414D-09D4-457C-AAEE-E04D1C611899}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2E854B73-41D8-4B3A-91AA-9190675AD9BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{38527B09-4916-4568-9D15-C4D4EF11D61D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3DBBA599-D595-42B7-8F30-140612208261}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F52822C-AA70-45B6-BF8F-0CC80BAAF175}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4800D933-18F4-4427-B4A8-4229A980CBE2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{483C8E16-D8C9-48E9-87BC-1AA95A041089}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{4EB3DF37-773D-41B4-A509-D9ADC3D646FD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5063A8E5-F3B3-4CC9-8F70-B62022D32BC4}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{653C01E4-D379-48B3-844B-F55A0CC7A9C4}" = protocol=1 | dir=out | [email protected],-28544 |
"{68BCF5CB-6019-4662-9BEB-BB1FB18DBCE5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6ADF5E5D-CDBD-47AA-996E-B36BBDD28DAD}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{6CA2FB35-C1A1-4202-9A1C-2C7074179705}" = protocol=58 | dir=out | [email protected],-28546 |
"{75ADE02E-5028-4709-BB3C-14DBCF2A9C3E}" = protocol=58 | dir=in | [email protected],-28545 |
"{7EC72D95-859D-41BC-BCE2-E4F96266B39F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80D425B6-A792-4963-9CDE-5F59D38818B8}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{82D5A7E8-63AF-4F92-B4E5-B99455B1AE9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A22424F4-5EF3-44E1-A4D4-6EE17538068D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4FE2D58-FC3C-4E01-AC83-15D8C560C5AB}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{B335DFCB-FB87-4117-B5EC-BF09C512E12C}" = protocol=6 | dir=out | app=system |
"{D2BDA949-2783-4131-AD78-DBE678FFE9DD}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{E0A6C0FE-E339-4D51-B73F-13513BAE64C9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{E7071699-0E67-49CE-96D0-19BEA862DE92}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EAE92C88-665E-422C-A265-0781F1F74DB1}" = protocol=1 | dir=in | [email protected],-28543 |
"{F6AB5A72-076B-4989-A102-AAF205F3E91B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FABC516C-7700-48D8-BB60-A1716F87A49D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{012B2B85-8467-5FD2-3CE4-654E5CAE0465}" = ATI Catalyst Install Manager
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java 6 Update 21 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{3B357E6A-6872-55BF-7138-3E3E5B8E8B31}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0414-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2010
"{90140000-006D-0414-1000-0000000FF1CE}" = Microsoft Office Klikk og bruk 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-driverpakke - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{030830B5-EFFD-259E-976E-3427B7501B1D}" = CCC Help Russian
"{043C6EDA-8D23-B061-871E-9CCFD051549A}" = CCC Help Dutch
"{0448FD25-955D-8981-CC45-1B77C0D19759}" = Catalyst Control Center Graphics Previews Vista
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{097121BB-8CBF-C51E-012A-D11C14804560}" = CCC Help German
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19C6E405-321A-4907-A0EA-1CAA354155DF}" = HP Software Framework
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1C71DC57-1388-4C1C-AB2F-2B9C0EF83409}" = Windows Live UX Platform Language Pack
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2385DA7C-F545-4E66-A968-D464F0519425}" = HP Documentation
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2E9A465A-5F28-9B29-6300-C6A8CC5D3425}" = CCC Help Japanese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EDBDE63-4B37-39D1-8149-85D4DB36660A}" = CCC Help Norwegian
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{52DE3AF0-1C26-4258-9A04-9AEBF3E145F7}" = Catalyst Control Center - Branding
"{52E215CA-367C-7E66-251A-1ADBB70818B7}" = CCC Help Chinese Traditional
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{58410CF4-C71D-24C4-7877-22ED75979A11}" = CCC Help Turkish
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5E61D9EE-5833-2FF1-72CC-2AC24154F777}" = CCC Help Italian
"{6200E68A-E24F-AABB-C647-7C16024BC68C}" = ccc-core-static
"{6383BBD2-0C54-CC45-FF1E-92ACBAE3756E}" = CCC Help Finnish
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{70262548-73B2-2F5B-22F9-A4CADDFBE535}" = CCC Help Korean
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{738A8CB9-A5D9-8291-47F1-67E0F376EBC5}" = CCC Help Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{85895DD3-93E3-068F-E0EF-4BF4C5F58B4B}" = CCC Help English
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{876AAEC7-C8A3-D7B8-FC54-F3A3CE84A38A}" = CCC Help Thai
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7547F0-F60F-7509-B72E-144D85E95979}" = CCC Help Swedish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{90140000-0015-0414-0000-0000000FF1CE}" = Microsoft Office Access MUI (Norwegian (Bokmål)) 2010
"{90140000-0015-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0414-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010
"{90140000-0016-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010
"{90140000-0018-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0414-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010
"{90140000-0019-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0414-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010
"{90140000-001A-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0414-0000-0000000FF1CE}" = Microsoft Office Word MUI (Norwegian (Bokmål)) 2010
"{90140000-001B-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010
"{90140000-001F-0414-0000-0000000FF1CE}_Office14.SingleImage_{F3137115-1D72-46BE-9D42-B5DE61971F2A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010
"{90140000-001F-0814-0000-0000000FF1CE}_Office14.SingleImage_{751049E8-D99F-4DE1-9FC2-71DE06655678}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0414-1000-0000000FF1CE}_Office14.SingleImage_{BBFE07A3-B32C-4D6E-B5CA-9F420106EC9D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0414-0000-0000000FF1CE}" = Microsoft Office Proofing (Norwegian (Bokmål)) 2010
"{90140000-002C-0414-0000-0000000FF1CE}_Office14.SingleImage_{66FC3637-893A-4837-A32C-0DD98E7F8444}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0414-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010
"{90140000-006E-0414-0000-0000000FF1CE}_Office14.SingleImage_{C166254D-5FB6-4D3F-8509-3575387141B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0414-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010
"{90140000-00A1-0414-0000-0000000FF1CE}_Office14.SingleImage_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938ECF04-8B25-5E9D-F859-2C7DA65E3A61}" = Catalyst Control Center Localization All
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B345F22-06DE-59AD-EDDD-A24B5C2E905D}" = Catalyst Control Center InstallProxy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A10AB1B4-C48A-7D69-BEB9-AE1C9820A9E2}" = CCC Help Portuguese
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC364A5F-DE07-099B-32C7-F614BDB2BE9D}" = CCC Help Greek
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AE907051-AC9D-CF3D-CA29-B4D288576C34}" = CCC Help Danish
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B6DEB30E-67CA-2FE7-237F-256357B4E221}" = CCC Help French
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C134EDA5-8CDE-0361-43CE-BFA29D5A11B4}" = CCC Help Chinese Standard
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C818CC64-542B-34F9-FD46-829877196610}" = CCC Help Czech
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E13A083C-F810-241D-5B7C-46D9DD9D61B8}" = CCC Help Spanish
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9618EB0-D09E-496B-A425-689271F5571B}" = Windows Live UX Platform Language Pack
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF682D1C-591D-48B5-9803-628DA622C281}" = HP Quick Launch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EE283A-4851-43D4-887C-1932D55DE740}" = Windows Live UX Platform Language Pack
"{F5968D0E-8DEC-E16F-A9AB-61301E375302}" = CCC Help Polish
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{FDBF8F00-C9EF-9CEF-E1BF-6CDAD1E32E3E}" = Catalyst Control Center Graphics Previews Common
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"EasyBits Magic Desktop" = Magic Desktop
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Brukerhåndbok" = Epson Stylus SX210_SX410_TX210_TX410 Håndbok
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Mozilla Firefox 10.0.2 (x86 nb-NO)" = Mozilla Firefox 10.0.2 (x86 nb-NO)
"My HP Game Console" = HP Game Console
"Nokia Suite" = Nokia Suite
"Office14.Click2Run" = Microsoft Office Klikk og bruk 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZumoDrive" = HP CloudDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/26/2012 10:26:47 AM | Computer Name = AnneGrete-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Kan ikke trekke ut tredjeparts rotliste fra automatisk oppdatert cab-fil
på <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
med feil Et nødvendig sertifikat er ikke i gyldighetsperioden ved godkjenning mot
gjeldende systemklokke eller tidsstempelet i den signerte filen. .
Error - 4/26/2012 10:26:48 AM | Computer Name = AnneGrete-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Kan ikke trekke ut tredjeparts rotliste fra automatisk oppdatert cab-fil
på <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
med feil Et nødvendig sertifikat er ikke i gyldighetsperioden ved godkjenning mot
gjeldende systemklokke eller tidsstempelet i den signerte filen. .
Error - 4/26/2012 10:26:48 AM | Computer Name = AnneGrete-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Kan ikke trekke ut tredjeparts rotliste fra automatisk oppdatert cab-fil
på <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
med feil Et nødvendig sertifikat er ikke i gyldighetsperioden ved godkjenning mot
gjeldende systemklokke eller tidsstempelet i den signerte filen. .
Error - 4/26/2012 10:26:49 AM | Computer Name = AnneGrete-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Kan ikke trekke ut tredjeparts rotliste fra automatisk oppdatert cab-fil
på <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
med feil Et nødvendig sertifikat er ikke i gyldighetsperioden ved godkjenning mot
gjeldende systemklokke eller tidsstempelet i den signerte filen. .
Error - 4/26/2012 10:26:50 AM | Computer Name = AnneGrete-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Kan ikke trekke ut tredjeparts rotliste fra automatisk oppdatert cab-fil
på <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
med feil Et nødvendig sertifikat er ikke i gyldighetsperioden ved godkjenning mot
gjeldende systemklokke eller tidsstempelet i den signerte filen. .
Error - 4/26/2012 1:16:58 PM | Computer Name = AnneGrete-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 4/26/2012 3:19:33 PM | Computer Name = AnneGrete-HP | Source = Application Virtualization Client | ID = 3134
Description = {tid=79C} Kan ikke initialisere PerfMon-tjenesten for Application Virtualization
Client (feil 0x80070002).
Error - 4/26/2012 3:19:45 PM | Computer Name = AnneGrete-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Kan ikke trekke ut tredjeparts rotliste fra automatisk oppdatert cab-fil
på <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
med feil Et nødvendig sertifikat er ikke i gyldighetsperioden ved godkjenning mot
gjeldende systemklokke eller tidsstempelet i den signerte filen. .
Error - 4/27/2012 7:24:58 AM | Computer Name = AnneGrete-HP | Source = Application Virtualization Client | ID = 3134
Description = {tid=8CC} Kan ikke initialisere PerfMon-tjenesten for Application Virtualization
Client (feil 0x80070002).
Error - 4/27/2012 7:25:11 AM | Computer Name = AnneGrete-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Kan ikke trekke ut tredjeparts rotliste fra automatisk oppdatert cab-fil
på <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
med feil Et nødvendig sertifikat er ikke i gyldighetsperioden ved godkjenning mot
gjeldende systemklokke eller tidsstempelet i den signerte filen. .
[ Hewlett-Packard Events ]
Error - 9/10/2012 7:35:22 AM | Computer Name = AnneGrete-HP | Source = HPSFMsgr.exe | ID = 2000
Description =
Error - 9/10/2012 10:32:01 AM | Computer Name = AnneGrete-HP | Source = HPSFMsgr.exe | ID = 2000
Description =
Error - 9/10/2012 10:33:02 AM | Computer Name = AnneGrete-HP | Source = HPSFMsgr.exe | ID = 2000
Description =
Error - 9/10/2012 12:05:37 PM | Computer Name = AnneGrete-HP | Source = HPSFMsgr.exe | ID = 2000
Description =
Error - 9/10/2012 12:06:38 PM | Computer Name = AnneGrete-HP | Source = HPSFMsgr.exe | ID = 2000
Description =
Error - 9/10/2012 12:58:15 PM | Computer Name = AnneGrete-HP | Source = HPSFMsgr.exe | ID = 2000
Description =
Error - 9/10/2012 12:59:15 PM | Computer Name = AnneGrete-HP | Source = HPSFMsgr.exe | ID = 2000
Description =
Error - 9/10/2012 1:53:01 PM | Computer Name = AnneGrete-HP | Source = HPSFMsgr.exe | ID = 2000
Description =
Error - 9/10/2012 1:54:01 PM | Computer Name = AnneGrete-HP | Source = HPSFMsgr.exe | ID = 2000
Description =
Error - 9/10/2012 3:43:16 PM | Computer Name = AnneGrete-HP | Source = HPSFMsgr.exe | ID = 2000
Description =
[ HP Wireless Assistant Events ]
Error - 9/11/2012 1:54:53 PM | Computer Name = AnneGrete-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Kallet ble avbrutt av meldingsfilteret.
(Unntak fra HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) ved System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) ved System.Management.ManagementScope.InitializeGuts(Object
o) ved System.Management.ManagementScope.Initialize() ved System.Management.ManagementObject.Initialize(Boolean
getObject) ved System.Management.ManagementBaseObject.get_Properties() ved
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) ved
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 9/11/2012 1:56:53 PM | Computer Name = AnneGrete-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Kallet ble avbrutt av meldingsfilteret.
(Unntak fra HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) ved System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) ved System.Management.ManagementScope.InitializeGuts(Object
o) ved System.Management.ManagementScope.Initialize() ved System.Management.ManagementObject.Initialize(Boolean
getObject) ved System.Management.ManagementBaseObject.get_Properties() ved
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) ved
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 9/11/2012 2:09:27 PM | Computer Name = AnneGrete-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Det eksterne prosedyrekallet
(RPC) mislyktes og ble ikke utført. (Unntak fra HRESULT: 0x800706BF) ved System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) ved System.Management.ManagementScope.InitializeGuts(Object
o) ved System.Management.ManagementScope.Initialize() ved System.Management.ManagementObject.Initialize(Boolean
getObject) ved System.Management.ManagementBaseObject.get_Properties() ved
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) ved
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 9/11/2012 2:09:55 PM | Computer Name = AnneGrete-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 ved HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) ved HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 9/11/2012 3:09:18 PM | Computer Name = AnneGrete-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException (0x800706BA): RPC-serveren
er ikke tilgjengelig. (Unntak fra HRESULT: 0x800706BA) ved System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) ved System.Management.SinkForEventQuery.Cancel()
ved System.Management.ManagementEventWatcher.Stop() ved System.Management.ManagementEventWatcher.Finalize()
Error - 9/11/2012 3:17:46 PM | Computer Name = AnneGrete-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Det eksterne prosedyrekallet
(RPC) mislyktes og ble ikke utført. (Unntak fra HRESULT: 0x800706BF) ved System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) ved System.Management.ManagementScope.InitializeGuts(Object
o) ved System.Management.ManagementScope.Initialize() ved System.Management.ManagementObject.Initialize(Boolean
getObject) ved System.Management.ManagementBaseObject.get_Properties() ved
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) ved
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 9/12/2012 11:13:52 AM | Computer Name = AnneGrete-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Det eksterne prosedyrekallet
(RPC) mislyktes og ble ikke utført. (Unntak fra HRESULT: 0x800706BF) ved System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) ved System.Management.ManagementScope.InitializeGuts(Object
o) ved System.Management.ManagementScope.Initialize() ved System.Management.ManagementObject.Initialize(Boolean
getObject) ved System.Management.ManagementBaseObject.get_Properties() ved
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) ved
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 9/12/2012 11:14:07 AM | Computer Name = AnneGrete-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 ved HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) ved HPPA_Service.CurrentConfiguration.ReloadRadioList()
Error - 9/12/2012 3:05:06 PM | Computer Name = AnneGrete-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException ved System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) ved System.Management.ManagementObject.Initialize(Boolean
getObject) ved System.Management.ManagementBaseObject.get_Properties() ved
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) ved
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 9/14/2012 2:55:09 PM | Computer Name = AnneGrete-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Det eksterne prosedyrekallet
(RPC) mislyktes og ble ikke utført. (Unntak fra HRESULT: 0x800706BF) ved System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) ved System.Management.ManagementScope.InitializeGuts(Object
o) ved System.Management.ManagementScope.Initialize() ved System.Management.ManagementObject.Initialize(Boolean
getObject) ved System.Management.ManagementBaseObject.get_Properties() ved
System.Management.ManagementBaseObject.GetPropertyValue(String propertyName) ved
HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
[ System Events ]
Error - 9/14/2012 3:59:01 PM | Computer Name = AnneGrete-HP | Source = Service Control Manager | ID = 7009
Description = Det oppstod et tidsavbrudd (30000 millisekunder) under venting på
at tjenesten Windows Search skal koble til.
Error - 9/14/2012 3:59:01 PM | Computer Name = AnneGrete-HP | Source = Service Control Manager | ID = 7000
Description = Tjenesten Windows Search kan ikke starte på grunn av følgende feil:
%%1053
Error - 9/14/2012 3:59:03 PM | Computer Name = AnneGrete-HP | Source = Service Control Manager | ID = 7009
Description = Det oppstod et tidsavbrudd (30000 millisekunder) under venting på
at tjenesten Windows Search skal koble til.
Error - 9/14/2012 3:59:03 PM | Computer Name = AnneGrete-HP | Source = Service Control Manager | ID = 7000
Description = Tjenesten Windows Search kan ikke starte på grunn av følgende feil:
%%1053
Error - 9/14/2012 3:59:03 PM | Computer Name = AnneGrete-HP | Source = Service Control Manager | ID = 7009
Description = Det oppstod et tidsavbrudd (30000 millisekunder) under venting på
at tjenesten Windows Search skal koble til.
Error - 9/14/2012 3:59:03 PM | Computer Name = AnneGrete-HP | Source = Service Control Manager | ID = 7000
Description = Tjenesten Windows Search kan ikke starte på grunn av følgende feil:
%%1053
Error - 9/14/2012 3:59:05 PM | Computer Name = AnneGrete-HP | Source = Service Control Manager | ID = 7009
Description = Det oppstod et tidsavbrudd (30000 millisekunder) under venting på
at tjenesten Windows Search skal koble til.
Error - 9/14/2012 3:59:05 PM | Computer Name = AnneGrete-HP | Source = Service Control Manager | ID = 7000
Description = Tjenesten Windows Search kan ikke starte på grunn av følgende feil:
%%1053
Error - 9/14/2012 3:59:06 PM | Computer Name = AnneGrete-HP | Source = Service Control Manager | ID = 7009
Description = Det oppstod et tidsavbrudd (30000 millisekunder) under venting på
at tjenesten Windows Search skal koble til.
Error - 9/14/2012 3:59:06 PM | Computer Name = AnneGrete-HP | Source = Service Control Manager | ID = 7000
Description = Tjenesten Windows Search kan ikke starte på grunn av følgende feil:
%%1053
< End of report >
-
OTL logfile created on: 9/14/2012 10:18:15 PM - Run 1
OTL by OldTimer - Version 3.2.61.4 Folder = F:\Pål
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy
3.87 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 60.18% Memory free
7.73 Gb Paging File | 6.06 Gb Available in Paging File | 78.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.62 Gb Total Space | 378.77 Gb Free Space | 85.19% Space Free | Partition Type: NTFS
Drive D: | 20.85 Gb Total Space | 3.03 Gb Free Space | 14.55% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 838.51 Gb Free Space | 90.02% Space Free | Partition Type: NTFS
Computer Name: ANNEGRETE-HP | User Name: Anne Grete | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/09/14 21:41:23 | 000,599,552 | ---- | M] (OldTimer Tools) -- F:\Pål\OTL.exe
PRC - [2012/07/03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
PRC - [2012/01/10 19:36:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/01/04 14:32:06 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/09/29 03:08:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/28 21:59:06 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/10/01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2012/01/10 19:38:40 | 000,423,808 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/01/10 19:38:38 | 000,058,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/01/10 19:38:34 | 000,095,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2012/01/10 19:38:32 | 000,272,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/01/10 19:38:00 | 000,384,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll
MOD - [2012/01/10 19:38:00 | 000,165,248 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll
MOD - [2012/01/10 19:37:58 | 002,557,312 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/01/10 19:37:56 | 000,346,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/01/10 19:37:54 | 010,843,520 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/01/10 19:37:48 | 000,196,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/01/10 19:37:46 | 001,294,208 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/01/10 19:37:44 | 000,682,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/01/10 19:37:42 | 000,919,936 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/01/10 19:37:40 | 000,517,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/01/10 19:37:38 | 008,172,928 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/01/10 19:37:36 | 002,252,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/01/10 19:37:34 | 002,288,512 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/01/10 19:37:32 | 000,422,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/01/10 19:37:22 | 000,202,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
MOD - [2012/01/10 19:37:20 | 000,034,688 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
MOD - [2012/01/10 19:37:18 | 000,032,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
MOD - [2012/01/10 19:36:38 | 000,388,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll
MOD - [2012/01/10 19:36:24 | 000,437,632 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2012/01/10 19:36:02 | 001,037,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll
MOD - [2012/01/10 19:35:06 | 000,758,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/01/05 17:00:24 | 000,112,640 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2010/09/28 22:12:00 | 001,696,824 | ---- | M] () -- C:\Users\Anne Grete\AppData\Roaming\PictureMover\NO-NO\Presentation.dll
MOD - [2010/09/28 21:59:20 | 012,286,008 | ---- | M] () -- C:\Users\Anne Grete\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2010/08/16 23:21:30 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/08/16 23:21:30 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/08/16 23:21:30 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/07/03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/10 00:26:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/06 04:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 23:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/25 01:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/08/23 20:52:52 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/29 03:08:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/19 03:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/18 00:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/12 00:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/30 13:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/07/03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/05/11 07:34:12 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 11:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/11/01 11:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 11:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/11/01 11:07:24 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/06 12:10:28 | 000,177,920 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/29 09:55:54 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/09/13 20:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/11 04:20:28 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/09/10 00:45:34 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/09 23:52:50 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/07 21:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 15:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/13 19:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/23 03:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/07/14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/9
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/9
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://no.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://no.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/9
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/9
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://no.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://no.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/9
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://no.search.yah...psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://no.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1456
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/11 21:12:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_6.0 [2012/02/05 14:31:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/06 20:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/02/05 14:31:28 | 000,000,000 | ---D | M]
[2011/04/28 22:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne Grete\AppData\Roaming\mozilla\Extensions
[2012/05/03 12:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne Grete\AppData\Roaming\mozilla\Firefox\Profiles\4vl8xzu2.default\extensions
[2012/04/12 20:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/04/12 20:53:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/09/11 21:12:39 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/03/06 20:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/06 20:18:02 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/03/06 20:18:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/06 20:18:02 | 000,001,218 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bok-NO.xml
[2012/03/06 20:18:02 | 000,000,968 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qxl-NO.xml
[2012/03/06 20:18:02 | 000,001,203 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\telefonkatalogen-NO.xml
[2012/03/06 20:18:02 | 000,001,176 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-NO.xml
[2012/03/06 20:18:02 | 000,001,192 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-NO.xml
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\Anne Grete\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [EPSON SX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCE.EXE /FU "C:\Windows\TEMP\E_S4637.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd til OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd til OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{787284E1-98B0-4DF3-AF31-E335D347BF89}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD4A3CB1-4B41-4D2F-BF69-0A21F51BEE52}: DhcpNameServer = 40.6.1.100
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/10 21:20:51 | 000,000,000 | ---D | C] -- C:\Users\Anne Grete\AppData\Roaming\Malwarebytes
[2012/09/10 21:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/10 21:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/10 21:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/10 20:56:52 | 000,000,000 | ---D | C] -- C:\Users\Anne Grete\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/10 20:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/10 20:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/10 20:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/08 20:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/08/23 14:06:12 | 000,000,000 | ---D | C] -- C:\Users\Anne Grete\AppData\Local\Macromedia
[2012/08/23 14:03:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/08/22 15:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/17 08:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
========== Files - Modified Within 30 Days ==========
[2012/09/14 21:00:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 21:00:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 20:57:11 | 000,000,996 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/14 20:52:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/14 20:52:15 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 20:57:11 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/12 20:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/07 20:11:03 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAnne Grete.job
[2012/09/05 10:58:33 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/04 18:25:12 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForANNEGRETE-HP$.job
[2012/08/16 10:09:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/16 09:32:21 | 000,426,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/08/23 14:03:07 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/17 08:51:23 | 000,002,340 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/17 08:47:21 | 000,001,000 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/17 08:47:19 | 000,000,996 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/01 20:09:30 | 000,001,854 | ---- | C] () -- C:\Users\Anne Grete\AppData\Roaming\GhostObjGAFix.xml
[2011/06/07 20:25:28 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/06/07 20:25:28 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/06/07 20:25:28 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/06/07 20:25:28 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/06/07 20:25:28 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/06/07 20:25:28 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/06/07 20:25:28 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/06/07 20:25:28 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/06/07 20:25:28 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/06/07 20:25:28 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011/06/07 20:25:28 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/06/07 20:25:28 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/06/07 20:25:28 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/06/07 20:25:28 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/06/07 20:25:28 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/06/07 20:25:28 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011/06/07 20:25:28 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011/06/07 20:25:28 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/06/07 20:25:28 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/04/30 18:32:06 | 003,091,608 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/10 10:49:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/10 10:47:46 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/02/10 10:43:02 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/02/10 10:43:02 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2011/02/10 10:39:14 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/23 13:26:22 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/10/23 13:19:17 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/09/21 20:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
========== LOP Check ==========
[2012/02/05 14:43:17 | 000,000,000 | ---D | M] -- C:\Users\Anne Grete\AppData\Roaming\Nokia
[2012/02/05 14:43:17 | 000,000,000 | ---D | M] -- C:\Users\Anne Grete\AppData\Roaming\Nokia Suite
[2012/02/05 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\Anne Grete\AppData\Roaming\PC Suite
[2011/04/26 22:27:21 | 000,000,000 | ---D | M] -- C:\Users\Anne Grete\AppData\Roaming\PictureMover
[2011/04/30 22:12:06 | 000,000,000 | ---D | M] -- C:\Users\Anne Grete\AppData\Roaming\SoftGrid Client
[2011/04/30 21:54:34 | 000,000,000 | ---D | M] -- C:\Users\Anne Grete\AppData\Roaming\TP
[2012/09/14 21:36:23 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
Hjelp til å rette opp feilmelding 1067 og 1068
i Maskinen fungerer ikke
Skrevet · Endret av paba
FRST logg:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2012
Ran by SYSTEM at 20-09-2012 20:53:43
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6489704 2010-09-21] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-08-30] (EasyBits Software AS)
HKU\Anne Grete\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\Anne Grete\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1083264 2012-01-10] (Nokia)
HKU\Anne Grete\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5663616 2012-09-06] (SUPERAntiSpyware.com)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -&--#62; C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
==================== Services (Whitelisted) ===================
2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]
==================== Drivers (Whitelisted) =====================
3 cxbu0x64; C:\Windows\System32\Drivers\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)
3 elxstor; C:\Windows\System32\Drivers\elxstor.sys [530496 2009-07-13] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 84520207; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========
2012-09-20 06:46 - 2012-09-20 06:46 - 00001893 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-09-20 06:46 - 2012-09-20 06:46 - 00000000 ____D C:\Program Files\HitmanPro
2012-09-20 06:45 - 2012-09-20 06:45 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-09-20 02:31 - 2012-09-20 02:33 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2012-09-19 18:01 - 2012-09-19 18:02 - 00000000 ____D C:\FRST
2012-09-18 10:25 - 2012-09-18 10:25 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d75f531b-4e49-4c12-9cd2-fd3808b8949e.job
2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 71fa4109-7868-477d-ad8a-908d347e106a.job
2012-09-18 07:01 - 2012-09-18 07:01 - 00023748 ____A C:\ComboFix.txt
2012-09-18 04:55 - 2012-09-18 04:55 - 00000000 ____D C:\Users\Anne Grete\Desktop\Ny mappe
2012-09-17 12:40 - 2012-09-17 12:32 - 04731392 ____A (AVAST Software) C:\Users\Anne Grete\Desktop\aswMBR.exe
2012-09-15 11:54 - 2009-07-13 17:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2012-09-15 10:52 - 2012-09-15 10:52 - 00000488 ____A C:\Windows\WindowsUpdate.log
2012-09-15 08:48 - 2012-09-15 08:34 - 00165376 ____A C:\Users\Anne Grete\Desktop\SystemLook_x64.exe
2012-09-15 08:31 - 2012-09-20 07:24 - 00002072 ____A C:\Windows\setupact.log
2012-09-15 08:31 - 2012-09-18 09:28 - 00004504 ____A C:\Windows\PFRO.log
2012-09-15 08:31 - 2012-09-15 08:31 - 00000000 ____A C:\Windows\setuperr.log
2012-09-15 00:29 - 2012-09-17 12:33 - 04751448 ____R (Swearware) C:\Users\Anne Grete\Desktop\ComboFix.exe
2012-09-14 23:32 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-14 23:32 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-14 23:32 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-14 23:32 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-14 23:32 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-14 23:32 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-14 23:32 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-14 23:32 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-14 23:31 - 2012-09-18 07:01 - 00000000 ____D C:\Qoobox
2012-09-14 23:31 - 2012-09-18 06:59 - 00000000 ____D C:\Windows\erdnt
2012-09-14 22:29 - 2012-09-16 12:48 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-14 22:29 - 2012-09-07 07:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-10 11:20 - 2012-09-16 12:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-10 11:20 - 2012-09-10 11:20 - 00000000 ____D C:\Users\Anne Grete\AppData\Roaming\Malwarebytes
2012-09-10 11:20 - 2012-09-10 11:20 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-10 10:56 - 2012-09-18 10:25 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-09-10 10:56 - 2012-09-10 10:56 - 00000000 ____D C:\Users\Anne Grete\AppData\Roaming\SUPERAntiSpyware.com
2012-09-10 10:56 - 2012-09-10 10:56 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-09-08 10:33 - 2012-09-11 11:13 - 00000000 ____D C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-09-05 04:30 - 2012-09-05 04:30 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-05 04:30 - 2012-09-05 04:30 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-08-23 12:50 - 2012-08-23 12:50 - 00010274 ____A C:\Users\Anne Grete\Downloads\Chokladkaka _ Recept.htm
2012-08-23 12:50 - 2012-08-23 12:50 - 00007229 ____A C:\Users\Anne Grete\Downloads\Oreokake _ Recept.htm
2012-08-23 12:50 - 2012-08-23 12:50 - 00000000 ____D C:\Users\Anne Grete\Downloads\Filer_for_Oreokake _ Recept
2012-08-23 12:50 - 2012-08-23 12:50 - 00000000 ____D C:\Users\Anne Grete\Downloads\Filer_for_Chokladkaka _ Recept
2012-08-23 04:06 - 2012-08-23 04:06 - 00000000 ____D C:\Users\Anne Grete\AppData\Local\Macromedia
2012-08-23 04:03 - 2012-09-20 09:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-23 04:03 - 2012-08-23 10:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-23 04:03 - 2012-08-23 04:03 - 00000000 ____D C:\Windows\System32\Macromed
2012-08-22 05:10 - 2012-09-05 04:30 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-08-22 05:07 - 2012-08-22 05:07 - 00894952 ____A (Oracle Corporation) C:\Users\Anne Grete\Downloads\jxpiinstall(2).exe
==================== 3 Months Modified Files ==================
2012-09-20 09:52 - 2012-08-23 04:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-20 08:57 - 2012-08-16 22:47 - 00001000 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-20 07:32 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-20 07:32 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-20 07:29 - 2012-08-16 22:47 - 00000996 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-20 07:29 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-20 07:27 - 2009-07-13 21:08 - 00032542 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-20 07:24 - 2012-09-15 08:31 - 00002072 ____A C:\Windows\setupact.log
2012-09-20 06:46 - 2012-09-20 06:46 - 00001893 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-09-18 10:25 - 2012-09-18 10:25 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d75f531b-4e49-4c12-9cd2-fd3808b8949e.job
2012-09-18 10:25 - 2012-09-18 10:25 - 00000520 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 71fa4109-7868-477d-ad8a-908d347e106a.job
2012-09-18 09:28 - 2012-09-15 08:31 - 00004504 ____A C:\Windows\PFRO.log
2012-09-18 07:01 - 2012-09-18 07:01 - 00023748 ____A C:\ComboFix.txt
2012-09-18 06:59 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-17 12:33 - 2012-09-15 00:29 - 04751448 ____R (Swearware) C:\Users\Anne Grete\Desktop\ComboFix.exe
2012-09-17 12:32 - 2012-09-17 12:40 - 04731392 ____A (AVAST Software) C:\Users\Anne Grete\Desktop\aswMBR.exe
2012-09-16 12:48 - 2012-09-14 22:29 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-15 11:48 - 2011-06-01 12:05 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-09-15 10:52 - 2012-09-15 10:52 - 00000488 ____A C:\Windows\WindowsUpdate.log
2012-09-15 08:34 - 2012-09-15 08:48 - 00165376 ____A C:\Users\Anne Grete\Desktop\SystemLook_x64.exe
2012-09-15 08:31 - 2012-09-15 08:31 - 00000000 ____A C:\Windows\setuperr.log
2012-09-07 10:11 - 2012-08-10 08:09 - 00000352 ____A C:\Windows\Tasks\HPCeeScheduleForAnne Grete.job
2012-09-07 07:04 - 2012-09-14 22:29 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-05 04:30 - 2012-09-05 04:30 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-09-05 04:30 - 2012-09-05 04:30 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-05 04:30 - 2012-08-22 05:10 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-05 04:30 - 2012-04-12 10:53 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-05 04:30 - 2012-04-12 10:53 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-05 04:30 - 2010-10-23 03:21 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-05 00:58 - 2012-08-16 22:51 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-09-04 08:25 - 2011-04-27 11:58 - 00000350 ____A C:\Windows\Tasks\HPCeeScheduleForANNEGRETE-HP$.job
2012-08-23 12:50 - 2012-08-23 12:50 - 00010274 ____A C:\Users\Anne Grete\Downloads\Chokladkaka _ Recept.htm
2012-08-23 12:50 - 2012-08-23 12:50 - 00007229 ____A C:\Users\Anne Grete\Downloads\Oreokake _ Recept.htm
2012-08-23 10:52 - 2012-08-23 04:03 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-23 10:52 - 2011-07-13 23:55 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-22 05:07 - 2012-08-22 05:07 - 00894952 ____A (Oracle Corporation) C:\Users\Anne Grete\Downloads\jxpiinstall(2).exe
2012-08-15 23:32 - 2009-07-13 20:45 - 00426408 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-30 03:32 - 2012-07-30 03:32 - 00203104 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys
2012-07-18 09:31 - 2012-08-14 09:57 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-06 12:06 - 2012-08-15 12:21 - 00552448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-06 12:06 - 2012-08-15 12:21 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2012-07-04 14:04 - 2012-08-14 09:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:01 - 2012-08-14 09:57 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:01 - 2012-08-14 09:57 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:26 - 2012-08-14 09:57 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:23 - 2012-08-14 09:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-28 20:55 - 2012-08-15 12:19 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-15 12:19 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-15 12:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-15 12:19 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-15 12:19 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-15 12:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-15 12:19 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-15 12:19 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-15 12:19 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-15 12:19 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-15 12:19 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-15 12:19 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-15 12:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-15 12:19 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-15 12:19 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-15 12:19 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-15 12:19 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-15 12:19 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-15 12:19 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-15 12:19 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 12:19 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-15 12:19 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 12:19 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-15 12:19 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 12:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-15 12:19 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 12:19 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 12:19 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe =&--#62; MD5 is legit
C:\Windows\System32\wininit.exe =&--#62; MD5 is legit
C:\Windows\SysWOW64\wininit.exe =&--#62; MD5 is legit
C:\Windows\explorer.exe =&--#62; MD5 is legit
C:\Windows\SysWOW64\explorer.exe =&--#62; MD5 is legit
C:\Windows\System32\svchost.exe =&--#62; MD5 is legit
C:\Windows\SysWOW64\svchost.exe =&--#62; MD5 is legit
C:\Windows\System32\services.exe =&--#62; MD5 is legit
C:\Windows\System32\User32.dll =&--#62; MD5 is legit
C:\Windows\SysWOW64\User32.dll =&--#62; MD5 is legit
C:\Windows\System32\userinit.exe =&--#62; MD5 is legit
C:\Windows\SysWOW64\userinit.exe =&--#62; MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys =&--#62; MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile =&--#62; OK
HKLM\...\exefile\DefaultIcon: %1 =&--#62; OK
HKLM\...\exefile\open\command: "%1" %* =&--#62; OK
==================== Restore Points =========================
Restore point made on: 2012-09-10 07:51:10
Restore point made on: 2012-09-10 07:52:22
Restore point made on: 2012-09-10 13:54:08
Restore point made on: 2012-09-14 22:08:01
Restore point made on: 2012-09-14 22:09:14
Restore point made on: 2012-09-15 00:25:32
==================== Memory info ===========================
Percentage of memory in use: 19%
Total physical RAM: 3957.86 MB
Available physical RAM: 3200.23 MB
Total Pagefile: 3956.01 MB
Available Pagefile: 3203.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:444.62 GB) (Free:380.34 GB) NTFS ==&--#62;[system with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:20.85 GB) (Free:3.03 GB) NTFS ==&--#62;[system with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
6 Drive i: (Iomega HDD) (Fixed) (Total:931.51 GB) (Free:838.44 GB) NTFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==&--#62;[system with boot components (obtained from reading drive)]
Disknr. Status Str. Ledig Dyn GPT
-------- ------------- ------- ------- --- ---
Disk 0 Tilkoblet 465 G byte 0 byte
Disk 1 Intet medium 0 byte 0 byte
Disk 2 Tilkoblet 931 G byte 0 byte
Forlater DiskPart...
Partitions of Disk 0:
===============
Disk 0 er n† den valgte disken.
Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 199 M 1024 K byte
Partisjon 2 Prim‘r 444 G 200 M byte
Partisjon 3 Prim‘r 20 G 444 G byte
Partisjon 4 Prim‘r 103 M 465 G byte
Forlater DiskPart...
==================================================================================
Disk: 0
Disk 0 er n† den valgte disken.
Partisjonen 1 er n† den valgte partisjonen.
Partisjon 1
Type : 07
Skjult: Nei
Aktiv : Ja
Forskyvning i byte: 1048576
Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 1 Y SYSTEM NTFS Partisjon 199 M OK
Forlater DiskPart...
=========================================================
Disk: 0
Disk 0 er n† den valgte disken.
Partisjonen 2 er n† den valgte partisjonen.
Partisjon 2
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning i byte: 209715200
Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 2 C NTFS Partisjon 444 G OK
Forlater DiskPart...
=========================================================
Disk: 0
Disk 0 er n† den valgte disken.
Partisjonen 3 er n† den valgte partisjonen.
Partisjon 3
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning i byte: 477611687936
Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 3 E RECOVERY NTFS Partisjon 20 G OK
Forlater DiskPart...
=========================================================
Disk: 0
Disk 0 er n† den valgte disken.
Partisjonen 4 er n† den valgte partisjonen.
Partisjon 4
Type : 0C
Skjult: Nei
Aktiv : Nei
Forskyvning i byte: 499998785536
Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 4 F HP_TOOLS FAT32 Partisjon 103 M OK
Forlater DiskPart...
=========================================================
Partitions of Disk 2:
===============
Disk 2 er n† den valgte disken.
Partisjonsnr. Type Str. Forskyvning
------------- ---------------- ------- -----------
Partisjon 1 Prim‘r 931 G 31 K byte
Forlater DiskPart...
==================================================================================
Disk: 2
Disk 2 er n† den valgte disken.
Partisjonen 1 er n† den valgte partisjonen.
Partisjon 1
Type : 07
Skjult: Nei
Aktiv : Nei
Forskyvning i byte: 32256
Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volum 6 I Iomega HDD NTFS Partisjon 931 G OK
Forlater DiskPart...
=========================================================
Last Boot: 2012-09-16 00:07
==================== End Of Log =============================
Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-09-2012
Ran by SYSTEM at 2012-09-20 20:55:09 Run:1
Running from I:\
==============================================
========================= Folder: C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} ========================
2012-09-08 10:33 - 2012-09-08 10:32 - 0021494 ____A () C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}\0x0409.ini
2012-09-08 10:33 - 2012-09-08 10:33 - 47848756 ____A () C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}\HP Support Assistant.msi
====== End of Folder: ======
==== End of Fixlog ====
Håper at jeg gjorde det riktig med notepad-fila.