Sidan 1 av 3 1 23
 
Verktyg Visningsval
2013-03-29, 03:17   #1

Hypn0tiC

Medlem

Registrerad: okt 2011

Qvo6.com HJÄLP


Tja, drog hem något program idag som tydligen la in något skit på datorn som gör alla startsidor (vad jag än ändrar) till Qvo6.com.. Scanern hittar ingenting och det är lagom drygt och O-legit att ha det så..

Tacksam för snabb hjälp!
Hypn0tiC är inte uppkopplad
2013-03-29, 09:00   #2

PibesiLL

Medlem

PibesiLLs avatar

Plats: Lund

Registrerad: dec 2009

http://blog.teesupport.com/qvo6-com-...edirect-virus/
PibesiLL är inte uppkopplad
2013-03-29, 10:39   #3

CeciliaB

Medlem

CeciliaBs avatar

Plats: Stockholm

Registrerad: nov 2011

Citat:
Ursprungligen inskrivet av Hypn0tiC Visa inlägg
Tja, drog hem något program idag som tydligen la in något skit på datorn som gör alla startsidor (vad jag än ändrar) till Qvo6.com.. Scanern hittar ingenting och det är lagom drygt och O-legit att ha det så..

Tacksam för snabb hjälp!
Med tanke på ryktet om den länkade webbplatsen skulle jag vara försiktig med att följa några råd där.
https://www.mywot.com/en/scorecard/blog.teesupport.com

Detta är en tillförlitlig webbplats:
http://www.bleepingcomputer.com/foru...-web-browsers/
Dessutom mycket enklare att följa förslagen där och köra två enkla program än att fixa i registret och riskera att göra något dumt.
CeciliaB är inte uppkopplad
2013-03-29, 11:51   #4

puttepysen

Medlem

Registrerad: nov 2011

har samma skit, får ju inte bort det... och alla guides verkar ju vara sen 2000, då man körde windows XP.
__________________
CPU: FX-8350 4.5 Ghz | Mobo: M5A97 R2.0 | Ram Corsair C10 1600 Mhz | Skärm: 1920x1080 27" | SSD: Kingston 120 GB | HDD: WDC 500 GB | GPU: Crossfire 6970 OC | HS: Corsair Vengeance 1500 | Ström: Corsair CX750 | Kylning: Corsair H80i Chassi: Corsair Carbide 330R | OS: Windows 7
puttepysen är inte uppkopplad
2013-03-29, 12:20   #5

Hypn0tiC

Medlem

Registrerad: okt 2011

Citat:
Ursprungligen inskrivet av CeciliaB Visa inlägg
Med tanke på ryktet om den länkade webbplatsen skulle jag vara försiktig med att följa några råd där.
https://www.mywot.com/en/scorecard/blog.teesupport.com

Detta är en tillförlitlig webbplats:
http://www.bleepingcomputer.com/foru...-web-browsers/
Dessutom mycket enklare att följa förslagen där och köra två enkla program än att fixa i registret och riskera att göra något dumt.

Ingenting funkar.. Hopplöst jävla virus
Hypn0tiC är inte uppkopplad
2013-03-29, 12:42   #6

CeciliaB

Medlem

CeciliaBs avatar

Plats: Stockholm

Registrerad: nov 2011

Om inte de två programmen hjälper så får vi kolla ordentligt.

Följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn och klistra in loggarna så kollar jag på dem senare och ser vad som behöver göras.
CeciliaB är inte uppkopplad
2013-03-29, 13:08   #7

puttepysen

Medlem

Registrerad: nov 2011

Citat:
Ursprungligen inskrivet av CeciliaB Visa inlägg
Om inte de två programmen hjälper så får vi kolla ordentligt.

Följ anvisningarna i tråden Till dig med virus eller andra skadliga program i datorn och klistra in loggarna så kollar jag på dem senare och ser vad som behöver göras.
* Bra att veta
Nyligen installerat Windows 7.
Sökt med MSE (Microsoft Security essentials)
Använt de 2 program du länkade förut
Inte använt spy programmet, utan bara installerat och avinstallerat
Pågående sökning med nod32
Smartsearch gav inga relaterade resultat till just qvo7

----- Den adress som är angiven som startsida i Google Chrome ---- http:// www.qvo6.com/? utm_source= b&utm_medium= mlv&from=mlv&uid= KINGSTONXSV300S37A120G_50026B732C0111CB&ts =1364330141 (utan alla mellanslag)

Det jag helst av allt vill är att den inte ska sätta sig som startsida oavsett webbläsare. men det går helt enkelt inte att byta, har jag valt att ny flik ska startas när jag öppnar en webbläsare så är det endå qvo6.com som visas.
Även provat med bestämd startsida, såsom aftonbladet.

DDS
Spoiler:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521
Run by Pata at 13:00:21 on 2013-03-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.16283.13075 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\ProgramData\eSafe\eGdpSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE
C:\Users\Pata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Pata\AppData\Roaming\Spotify\spotify.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Corsair USB Headset\customapp\program\CAHS.EXE
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spotify Web Helper] "C:\Users\Pata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Pata\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8F0F81B2-12BA-4B96-BF22-C8F08FA661D4} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [CAHS1Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CAHS1.dll,CMICtrlWnd
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [TNOD UP] "C:\Program Files\ESET\TNod User & Password Finder\TNODUP.exe" /i
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-12-21 213416]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-3-24 32400]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-13 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-13 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2013-3-24 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2013-3-24 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-3-24 149120]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [2013-3-24 1475744]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-12-21 1333424]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-12-21 139768]
R2 eSafeSvc;eSafe Service;C:\ProgramData\eSafe\eGdpSvc.exe [2013-3-26 969280]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-3-27 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 CorsairCAHS1;CA-HS1 Interface;C:\Windows\System32\drivers\CAHS164.sys [2013-3-25 1308160]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-17 66800]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-3-24 726160]
S2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-26 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 Tdsshbecr;Handelsbanken card reader;C:\Windows\System32\drivers\shbecr.sys [2008-9-23 50176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-26 57856]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-25 1255736]
.
=============== Created Last 30 ================
.
2013-03-29 11:00:26 -------- d-----w- C:\Users\Pata\AppData\Local\ESET
2013-03-29 10:58:02 -------- d-----w- C:\Program Files\ESET
2013-03-29 10:43:23 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2013-03-29 10:43:01 -------- d-----w- C:\Windows\46B04D534E344388B6EE80FAB66AEF9B.TMP
2013-03-29 10:42:50 -------- d-----w- C:\Windows\System32\appmgmt
2013-03-29 10:11:04 -------- d-----w- C:\Program Files (x86)\MSI Kombustor 2.5
2013-03-29 10:11:00 -------- d-----w- C:\Users\Pata\AppData\Local\Programs
2013-03-29 10:10:48 -------- d-----w- C:\Windows\SysWow64\directx
2013-03-29 10:10:38 -------- d-----w- C:\Program Files (x86)\MSI Afterburner
2013-03-29 10:02:38 -------- d-----w- C:\Windows\ERUNT
2013-03-29 10:02:28 -------- d-----w- C:\JRT
2013-03-29 09:51:54 -------- d-----w- C:\Program Files\Enigma Software Group
2013-03-29 09:51:31 -------- d-----w- C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP
2013-03-29 09:51:30 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-03-28 16:19:08 -------- d-----w- C:\Users\Pata\AppData\Roaming\LolClient
2013-03-28 15:22:57 -------- d-----w- C:\Users\Pata\AppData\Local\Logitech
2013-03-28 15:22:41 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-03-28 15:22:38 -------- d-----w- C:\Program Files\Logitech Gaming Software
2013-03-28 15:22:19 -------- d-----w- C:\Users\Pata\AppData\Roaming\Logishrd
2013-03-28 15:04:38 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-03-28 15:04:34 -------- d-----w- C:\Users\Pata\AppData\Local\PunkBuster
2013-03-28 15:03:20 -------- d-----w- C:\Users\Pata\AppData\Local\ESN
2013-03-28 15:03:19 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2013-03-28 15:02:24 -------- d-----w- C:\Fraps
2013-03-28 15:01:36 -------- d-----w- C:\ProgramData\EA Core
2013-03-28 15:01:35 -------- d-----w- C:\ProgramData\EA Logs
2013-03-27 23:33:09 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-03-27 22:12:04 -------- d-----w- C:\Users\Pata\Valley
2013-03-27 21:37:14 -------- d-----r- C:\Program Files (x86)\Skype
2013-03-27 21:37:02 -------- d-----w- C:\Users\Pata\AppData\Local\Spotify
2013-03-27 21:36:41 -------- d-----w- C:\Users\Pata\AppData\Roaming\Spotify
2013-03-27 20:59:57 -------- d-----w- C:\Users\Pata\AppData\Local\AMD
2013-03-27 20:59:52 -------- d-----w- C:\Users\Pata\AppData\Local\ATI
2013-03-27 20:59:48 0 ----a-w- C:\Windows\ativpsrm.bin
2013-03-27 20:59:10 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-03-27 20:59:09 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-03-27 20:59:08 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-03-27 20:59:08 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2013-03-27 20:58:59 -------- d-----w- C:\ProgramData\AMD
2013-03-27 20:58:30 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-03-27 20:58:22 -------- d-----w- C:\Program Files\ATI Technologies
2013-03-27 20:58:20 -------- d-----w- C:\Program Files\ATI
2013-03-27 20:57:40 -------- d-----w- C:\AMD
2013-03-27 20:48:00 -------- d-----w- C:\Program Files\Atiman Technologies
2013-03-27 20:47:57 -------- d-----w- C:\Windows\Atiman Technologies
2013-03-27 20:47:57 -------- d-----w- C:\Users\Pata\AppData\Roaming\Atmanun
2013-03-27 20:47:57 -------- d-----w- C:\Program Files (x86)\Atiman Technologies
2013-03-27 20:40:11 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-27 20:40:11 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-27 19:13:52 -------- d-----w- C:\Program Files (x86)\GPU-Z
2013-03-27 18:49:35 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2013-03-26 21:41:05 23680 ----a-w- C:\Windows\System32\drivers\IOMap64.sys
2013-03-26 20:51:50 -------- d-----w- C:\Users\Pata\Heaven
2013-03-26 20:50:48 -------- d-----w- C:\Program Files (x86)\Unigine
2013-03-26 20:35:46 -------- d-----w- C:\ProgramData\eSafe
2013-03-26 20:35:40 -------- d-----w- C:\Program Files (x86)\Phyxion.net
2013-03-26 20:35:10 -------- d-----w- C:\Users\Pata\AppData\Roaming\eIntaller
2013-03-26 20:21:11 -------- d-----w- C:\Program Files\Speccy
2013-03-26 19:33:51 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-03-26 19:32:41 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-03-26 19:32:41 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-03-26 19:32:41 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-03-26 19:32:41 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-03-26 19:32:41 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-03-26 19:32:41 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-03-26 19:32:41 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-03-26 19:32:35 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-03-26 19:32:35 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-03-26 19:24:06 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-03-26 19:24:05 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{485D1EBA-2CA2-488C-A911-14D889DC631E}\mpengine.dll
2013-03-25 19:08:39 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2013-03-25 19:05:29 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-03-24 23:53:42 -------- d-----w- C:\Windows\System32\SPReview
2013-03-24 23:53:06 -------- d-----w- C:\Windows\System32\EventProviders
2013-03-24 23:51:01 -------- d-----w- C:\Users\Pata\AppData\Roaming\Origin
2013-03-24 23:51:01 -------- d-----w- C:\Program Files (x86)\Origin Games
2013-03-24 23:50:57 -------- d-----w- C:\Users\Pata\AppData\Local\Origin
2013-03-24 23:50:25 -------- d-----w- C:\ProgramData\Origin
2013-03-24 23:50:25 -------- d-----w- C:\ProgramData\Electronic Arts
2013-03-24 23:50:20 -------- d-----w- C:\Program Files (x86)\Origin
2013-03-24 23:39:12 -------- d-----w- C:\Windows\SysWow64\Wat
2013-03-24 23:39:12 -------- d-----w- C:\Windows\System32\Wat
2013-03-24 23:03:55 8724480 ------w- C:\Windows\SysWow64\CAHS1.dll
2013-03-24 23:03:55 798208 ------w- C:\Windows\System32\CAHS1.exe
2013-03-24 23:03:55 401920 ------w- C:\Windows\System32\CAHS1.cpl
2013-03-24 23:03:55 200704 ------w- C:\Windows\SysWow64\cmpaHS1.dll
2013-03-24 23:03:55 143360 ------w- C:\Windows\VmixHS1.dll
2013-03-24 23:03:55 -------- d-----w- C:\Users\Pata\AppData\Roaming\Corsair
2013-03-24 23:03:55 -------- d-----w- C:\Program Files\Corsair USB Headset
2013-03-24 23:03:54 354304 ------w- C:\Windows\System32\CmiInstallResAll64.dll
2013-03-24 23:03:43 315392 ---ha-w- C:\Windows\system\fltrCAHS1.dll
2013-03-24 23:03:43 1308160 ---ha-w- C:\Windows\System32\drivers\CAHS164.sys
2013-03-24 22:42:20 -------- d-----w- C:\Users\Pata\.swt
2013-03-24 22:42:12 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-03-24 22:42:12 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-03-24 22:42:12 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-03-24 22:42:12 2560 ----a-w- C:\Windows\System32\drivers\sv-SE\wdf01000.sys.mui
2013-03-24 22:42:10 -------- d-----w- C:\Users\Pata\AppData\Roaming\Azureus
2013-03-24 22:42:06 -------- d-----w- C:\Program Files\Vuze
2013-03-24 22:35:07 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-03-24 22:32:50 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-24 22:27:01 -------- d-sh--w- C:\Windows\Installer
2013-03-24 22:26:13 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-03-24 22:26:13 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-03-24 22:26:13 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-03-24 22:26:13 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-03-24 22:26:13 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-03-24 22:23:59 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-03-24 22:22:17 -------- d-----w- C:\Users\Pata\AppData\Local\Google
2013-03-24 22:22:13 -------- d-----w- C:\Users\Pata\AppData\Local\Deployment
2013-03-24 22:22:13 -------- d-----w- C:\Users\Pata\AppData\Local\Apps
2013-03-24 22:19:56 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-03-24 22:19:56 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-03-24 22:19:56 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-03-24 22:19:56 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2013-03-24 22:19:56 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-03-24 22:19:56 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-03-24 22:19:51 77312 ----a-w- C:\Windows\System32\packager.dll
2013-03-24 22:19:51 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-03-24 22:19:19 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-03-24 22:19:19 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-03-24 22:19:19 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-03-24 22:16:50 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-03-24 22:16:49 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-03-24 22:16:48 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-03-24 22:16:48 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-03-24 22:15:58 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-03-24 22:15:58 726160 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-03-24 22:15:58 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-03-24 22:15:55 -------- d-----w- C:\Program Files (x86)\Realtek
2013-03-24 22:10:53 1048576 ----a-w- C:\Windows\PE_Rom.dll
2013-03-24 22:10:35 -------- d-----w- C:\ProgramData\ASUS OC Profiles
2013-03-24 22:09:39 46152 ----a-w- C:\Windows\SysWow64\drivers\ASUSFILTER.sys
2013-03-24 22:09:39 -------- d-----w- C:\Program Files\ASUS
2013-03-24 22:08:50 32400 ----a-w- C:\Windows\System32\drivers\ndisrd.sys
2013-03-24 22:08:18 14464 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys
2013-03-24 22:08:12 14848 ----a-w- C:\Windows\SysWow64\drivers\AiChargerPlus.sys
2013-03-24 22:08:06 184320 ----a-w- C:\Windows\SysWow64\drivers\UpdateHelper.dll
2013-03-24 22:02:01 -------- d-----w- C:\Windows\Panther
2013-03-18 21:29:16 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2013-03-18 21:29:12 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-03-18 21:22:52 5067264 ----a-w- C:\Windows\System32\amdsc64.dll
2013-03-18 21:22:48 4083200 ----a-w- C:\Windows\SysWow64\amdsc.dll
.
==================== Find3M ====================
.
2013-03-28 15:54:15 291088 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-03-28 15:54:06 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-03-28 15:09:07 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-03-24 23:56:25 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-03-24 23:56:25 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-02-26 06:55:24 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2013-02-26 06:55:22 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-01-17 20:15:12 66800 ----a-w- C:\Windows\System32\drivers\LGSHidFilt.Sys
2013-01-15 10:11:12 110080 ----a-w- C:\Windows\System32\DelayAPO.dll
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 13:00:29,42 ===============



Attach

Spoiler:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2013-03-24 23:06:04
System Uptime: 2013-03-29 11:11:50 (2 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | M5A97 R2.0
Processor: AMD FX(tm)-8350 Eight-Core Processor | Socket 942 | 4000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 52,457 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0,045 GiB free.
E: is FIXED (NTFS) - 466 GiB total, 164,73 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&15D9C317&0&3
Manufacturer: (USB-standardvärdstyrenhet)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&15D9C317&0&3
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: AODDriver4.2.0
Device ID: ROOT\LEGACY_AODDRIVER4.2.0\0000
Manufacturer:
Name: AODDriver4.2.0
PNP Device ID: ROOT\LEGACY_AODDRIVER4.2.0\0000
Service: AODDriver4.2.0
.
Class GUID:
Description: WinTV MiniStick
Device ID: USB\VID_2040&PID_5500\F048EDBB
Manufacturer:
Name: WinTV MiniStick
PNP Device ID: USB\VID_2040&PID_5500\F048EDBB
Service:
.
Class GUID:
Description: USB-styrenhet (Universal Serial Bus)
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&1C9B094&0&0038
Manufacturer:
Name: USB-styrenhet (Universal Serial Bus)
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&1C9B094&0&0038
Service:
.
Class GUID:
Description: USB-styrenhet (Universal Serial Bus)
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&312AFB2E&0&0028
Manufacturer:
Name: USB-styrenhet (Universal Serial Bus)
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_84881043&REV_00\4&312AFB2E&0&0028
Service:
.
==== System Restore Points ===================
.
RP35: 2013-03-28 00:32:51 - Windows Update
RP36: 2013-03-28 08:36:55 - DirectX har installerats
RP38: 2013-03-29 10:51:46 - Installed SpyHunter
RP40: 2013-03-29 11:42:26 - Removed SpyHunter
RP42: 2013-03-29 11:43:13 - Installed SpyHunter
RP44: 2013-03-29 11:57:56 - Installed ESET NOD32 Antivirus
RP46: 2013-03-29 11:58:51 - Removed SpyHunter
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
AI Suite II
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Application Profiles
Atiman Uninstaller 7.0.2
Battlefield 3™
Battlelog Web Plugins
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Corsair USB Headset
CPUID CPU-Z 1.63.0
Driver Sweeper version 3.2.0
eSafe Security Control 1.0.0.1982
ESET NOD32 Antivirus
ESN Sonar
Fraps
Google Chrome
Google Update Helper
Heaven Benchmark version 4.0
Logitech Gaming Software
Logitech Gaming Software 8.45
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile Language Pack - SVE
Microsoft .NET Framework 4 Client Profile SVE Language Pack
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSI Afterburner 2.3.1
MSI Kombustor 2.5.0
Origin
PunkBuster Services
Realtek Ethernet Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Skype™ 6.3
Speccy
Spotify
TechPowerUp GPU-Z
TNod User & Password Finder
Unigine Valley Benchmark version 1.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
WinRAR 4.20 (64-bit)
Vuze
.
==== End Of File ===========================

Senast redigerad av puttepysen 2013-03-29 klockan 13:25.
puttepysen är inte uppkopplad
2013-03-29, 14:02   #8

CeciliaB

Medlem

CeciliaBs avatar

Plats: Stockholm

Registrerad: nov 2011

All information om IE saknas i loggen, undrar vad det har hittat på.

Vad var det för program som åstadkom det här?
Har du möjlighet att ladda upp installationsfilen på http://www.virustotal.com?
Om det kommer upp en fråga om filen ska analyseras om så välj det alternativet. Vänta tills resultatet är klart. Klistra in länken (webbadressen) till resultatet här.

Spara RougueKiller på Skrivbordet.
http://www.sur-la-toile.com/RogueKiller/
Stäng av alla program.
Ta bort alla externa enheter, t ex USB-minnen och externa hårddiskar, utom tangentbord och mus. Låt dem vara bortkopplade medan rensningen pågår.

Kör RogueKiller (i Vista och Windows 7 högerklicka på programmet och välj "Kör som administratör). Om det inte går att köra så pröva flera gång, men om det fortfarande inte går så pröva med att döpa om programmet till winlogon.exe.

Vänta tills "Prescan" har avslutats.
Klicka på "Scan"-knappen uppe till höger.
Vänta tills skanningen är klar.
En rapport "RKreport.txt" ska då ha skapats på Skrivbordet. Klistra in innehållet i den i ditt svar.
CeciliaB är inte uppkopplad
2013-03-29, 15:07   #9

puttepysen

Medlem

Registrerad: nov 2011

Citat:
Ursprungligen inskrivet av CeciliaB Visa inlägg
All information om IE saknas i loggen, undrar vad det har hittat på.

Vad var det för program som åstadkom det här?
Har du möjlighet att ladda upp installationsfilen på http://www.virustotal.com?
Om det kommer upp en fråga om filen ska analyseras om så välj det alternativet. Vänta tills resultatet är klart. Klistra in länken (webbadressen) till resultatet här.

Spara RougueKiller på Skrivbordet.
http://www.sur-la-toile.com/RogueKiller/
Stäng av alla program.
Ta bort alla externa enheter, t ex USB-minnen och externa hårddiskar, utom tangentbord och mus. Låt dem vara bortkopplade medan rensningen pågår.

Kör RogueKiller (i Vista och Windows 7 högerklicka på programmet och välj "Kör som administratör). Om det inte går att köra så pröva flera gång, men om det fortfarande inte går så pröva med att döpa om programmet till winlogon.exe.

Vänta tills "Prescan" har avslutats.
Klicka på "Scan"-knappen uppe till höger.
Vänta tills skanningen är klar.
En rapport "RKreport.txt" ska då ha skapats på Skrivbordet. Klistra in innehållet i den i ditt svar.
Vilken installationsfil menar du?

Spoiler:
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Pata [Admin rights]
Mode : Scan -- Date : 03/29/2013 15:06:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] eGdpSvc.exe -- C:\ProgramData\eSafe\eGdpSvc.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: KINGSTON SV300S37A120G ATA Device +++++
--- User ---
[MBR] 0b171c0938619ae55333717146bf6e12
[BSP] 45bddf0e6ec6fcd6027b7b505ab52979 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AAKS-00V1A0 ATA Device +++++
--- User ---
[MBR] 8c8bb6e9a256db5fb0f8994fd48cf247
[BSP] 9d8dc14e6d000631151751922e8baf0e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476837 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03292013_02d1506.txt >>
RKreport[1]_S_03292013_02d1506.txt

puttepysen är inte uppkopplad
2013-03-29, 18:47   #10

CeciliaB

Medlem

CeciliaBs avatar

Plats: Stockholm

Registrerad: nov 2011

1.Installationsfilen för det program som drog in de skadliga filerna i datorn.

2. Återställ alla inställningar i Internet Explorer:
Kontrollpanelen - Visa efter: Små ikoner
Internet-alternativ - Avancerat - Återställ

3. Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.
Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html
Kör ComboFix och följ anvisningarna som visas.
Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.
Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/comb...x-ska-anvandas

Om det kommer upp något meddelande, t ex att ett rootkit har hittats, från ComboFix skriv ner det och skriv det sedan i ditt svar.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Om du börjar få mycket felmeddelanden, starta om datorn igen.

4. Spara OTL på Skrivbordet.
http://oldtimer.geekstogo.com/OTL.exe
Stäng alla program.
Kör OTL.

Tryck på Quick Scan och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. Klistra in dem i ditt svar.
CeciliaB är inte uppkopplad
2013-03-30, 01:42   #11

puttepysen

Medlem

Registrerad: nov 2011

Citat:
Ursprungligen inskrivet av CeciliaB Visa inlägg
1.Installationsfilen för det program som drog in de skadliga filerna i datorn.

2. Återställ alla inställningar i Internet Explorer:
Kontrollpanelen - Visa efter: Små ikoner
Internet-alternativ - Avancerat - Återställ

3. Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.
Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html
Kör ComboFix och följ anvisningarna som visas.
Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.
Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/comb...x-ska-anvandas

Om det kommer upp något meddelande, t ex att ett rootkit har hittats, från ComboFix skriv ner det och skriv det sedan i ditt svar.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

Om du börjar få mycket felmeddelanden, starta om datorn igen.

4. Spara OTL på Skrivbordet.
http://oldtimer.geekstogo.com/OTL.exe
Stäng alla program.
Kör OTL.

Tryck på Quick Scan och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. Klistra in dem i ditt svar.

Inte en aning om vilken fil som kan ha dragit med sig detta virus. Jag märker inte av detta virus i sig, men det är ju det att det lägger sig som en startsida i alla webbläsare. Jag har tidigare tagit bort filer med sökresultat i Regedit på just "Qvo6" innan jag skrev i den här tråden. Men det verkade ju kvarstå sig iallafall...

Combofix

Spoiler:
ComboFix 13-03-28.01 - Pata 2013-03-30 1:16.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.16283.14168 [GMT 1:00]
Körs från: c:\users\Pata\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\sysrestore.exe
c:\windows\SysWow64\local.txt
.
.
(((((((((((((((((((((((( Filer skapade från 2013-02-28 till 2013-03-30 ))))))))))))))))))))))))))))))
.
.
2013-03-30 00:19 . 2013-03-30 00:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-29 20:55 . 2013-03-29 20:55 -------- d-----w- c:\program files\PlayReady
2013-03-29 20:51 . 2012-10-23 09:55 78192 ----a-w- c:\windows\system32\drivers\hcw17b64.sys
2013-03-29 20:51 . 2010-08-02 01:52 339968 ----a-w- c:\windows\SysWow64\HcwSmsCt.dll
2013-03-29 20:51 . 2013-03-29 20:51 -------- d-----w- C:\Hauppauge
2013-03-29 16:09 . 2013-03-29 16:09 -------- d-----w- c:\program files (x86)\VideoLAN
2013-03-29 10:58 . 2013-03-29 11:02 -------- d-----w- c:\program files\ESET
2013-03-28 15:22 . 2013-03-28 15:22 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-03-28 15:22 . 2013-03-28 15:22 -------- d-----w- c:\program files\Logitech Gaming Software
2013-03-28 15:04 . 2013-03-29 12:33 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-03-28 15:03 . 2013-03-28 15:03 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2013-03-28 15:02 . 2013-03-28 15:02 -------- d-----w- C:\Fraps
2013-03-27 23:33 . 2013-03-27 23:33 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-03-27 21:37 . 2013-03-27 21:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-27 21:37 . 2013-03-27 21:37 -------- d-----r- c:\program files (x86)\Skype
2013-03-27 20:59 . 2013-03-27 20:59 0 ----a-w- c:\windows\ativpsrm.bin
2013-03-27 20:59 . 2013-03-27 20:59 -------- d-----w- c:\program files (x86)\AMD AVT
2013-03-27 20:59 . 2013-03-27 20:59 -------- d-----w- c:\program files (x86)\AMD APP
2013-03-27 20:59 . 2013-03-27 20:59 -------- d-----w- c:\program files\Common Files\ATI Technologies
2013-03-27 20:59 . 2013-03-27 20:59 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2013-03-27 20:58 . 2013-03-27 21:04 -------- d-----w- c:\program files (x86)\ATI Technologies
2013-03-27 20:58 . 2013-03-27 20:59 -------- d-----w- c:\program files\ATI Technologies
2013-03-27 20:58 . 2013-03-27 20:58 -------- d-----w- c:\program files\ATI
2013-03-27 20:57 . 2013-03-27 21:04 -------- d-----w- C:\AMD
2013-03-27 20:48 . 2013-03-27 20:48 -------- d-----w- c:\program files\Atiman Technologies
2013-03-27 20:47 . 2013-03-27 20:48 -------- d-----w- c:\windows\Atiman Technologies
2013-03-27 20:47 . 2013-03-27 20:47 -------- d-----w- c:\program files (x86)\Atiman Technologies
2013-03-27 20:40 . 2013-03-27 20:40 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-27 20:40 . 2013-03-27 20:40 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-27 20:40 . 2013-03-27 20:40 -------- d-----w- c:\windows\system32\Macromed
2013-03-27 19:13 . 2013-03-27 19:13 -------- d-----w- c:\program files (x86)\GPU-Z
2013-03-27 18:49 . 2010-02-18 08:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2013-03-26 21:41 . 2010-02-22 14:46 23680 ----a-w- c:\windows\system32\drivers\IOMap64.sys
2013-03-26 20:50 . 2013-03-27 22:06 -------- d-----w- c:\program files (x86)\Unigine
2013-03-26 20:35 . 2013-03-26 20:35 -------- d-----w- c:\program files (x86)\Phyxion.net
2013-03-26 20:21 . 2013-03-26 20:21 -------- d-----w- c:\program files\Speccy
2013-03-26 19:33 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-03-26 19:32 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-03-26 19:32 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-03-26 19:32 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-03-26 19:32 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-03-26 19:32 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-03-26 19:32 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-03-26 19:32 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-03-26 19:32 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-03-26 19:32 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-03-25 19:08 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-03-25 19:05 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-03-24 23:53 . 2013-03-24 23:53 -------- d-----w- c:\windows\system32\SPReview
2013-03-24 23:53 . 2013-03-24 23:53 -------- d-----w- c:\windows\system32\EventProviders
2013-03-24 23:51 . 2013-03-24 23:51 -------- d-----w- c:\program files (x86)\Origin Games
2013-03-24 23:50 . 2013-03-24 23:50 -------- d-----w- c:\program files (x86)\Origin
2013-03-24 23:43 . 2013-03-24 23:43 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-03-24 23:39 . 2013-03-24 23:39 -------- d-----w- c:\windows\SysWow64\Wat
2013-03-24 23:39 . 2013-03-24 23:39 -------- d-----w- c:\windows\system32\Wat
2013-03-24 23:37 . 2013-03-04 13:53 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-24 23:03 . 2013-03-24 23:03 -------- d-----w- c:\program files\Corsair USB Headset
2013-03-24 23:03 . 2011-07-08 14:01 8724480 ------w- c:\windows\SysWow64\CAHS1.dll
2013-03-24 23:03 . 2011-07-08 14:01 401920 ------w- c:\windows\system32\CAHS1.cpl
2013-03-24 23:03 . 2010-07-19 15:52 798208 ------w- c:\windows\system32\CAHS1.exe
2013-03-24 23:03 . 2009-04-02 15:59 143360 ------w- c:\windows\VmixHS1.dll
2013-03-24 23:03 . 2006-09-13 09:21 200704 ------w- c:\windows\SysWow64\cmpaHS1.dll
2013-03-24 23:03 . 2009-04-08 13:22 354304 ------w- c:\windows\system32\CmiInstallResAll64.dll
2013-03-24 23:03 . 2011-06-16 14:10 1308160 ---ha-w- c:\windows\system32\drivers\CAHS164.sys
2013-03-24 23:03 . 2004-04-14 10:28 315392 ---ha-w- c:\windows\system\fltrCAHS1.dll
2013-03-24 22:42 . 2012-07-26 07:45 2560 ----a-w- c:\windows\system32\drivers\sv-SE\wdf01000.sys.mui
2013-03-24 22:42 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-24 22:42 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-24 22:42 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-24 22:42 . 2013-03-24 22:42 -------- d-----w- c:\program files\Vuze
2013-03-24 22:35 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-03-24 22:32 . 2013-01-30 10:53 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-03-24 22:27 . 2013-03-29 23:37 -------- d-sh--w- c:\windows\Installer
2013-03-24 22:26 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-03-24 22:26 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-03-24 22:26 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-03-24 22:26 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-03-24 22:26 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-03-24 22:23 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-03-24 22:22 . 2013-03-24 22:24 -------- d-----w- c:\program files (x86)\Google
2013-03-24 22:19 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-03-24 22:19 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2013-03-24 22:19 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-03-24 22:19 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-03-24 22:19 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-03-24 22:19 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-03-24 22:19 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-03-24 22:19 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-03-24 22:19 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-03-24 22:19 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-03-24 22:19 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-03-24 22:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-03-24 22:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-03-24 22:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-03-24 22:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-03-24 22:16 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-03-24 22:16 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-03-24 22:16 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-03-24 22:16 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-03-24 22:16 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-03-24 22:15 . 2012-06-12 21:00 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2013-03-24 22:15 . 2012-06-12 21:00 726160 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2013-03-24 22:15 . 2012-06-12 21:00 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2013-03-24 22:15 . 2013-03-24 22:15 -------- d-----w- c:\program files (x86)\Realtek
2013-03-24 22:10 . 2013-03-30 00:14 1048576 ----a-w- c:\windows\PE_Rom.dll
2013-03-24 22:09 . 2013-03-24 22:09 -------- d-----w- c:\program files\ASUS
2013-03-24 22:09 . 2011-09-20 11:25 46152 ----a-w- c:\windows\SysWow64\drivers\ASUSFILTER.sys
2013-03-24 22:09 . 2013-03-24 22:09 -------- d-----w- c:\windows\SysWow64\Macromed
2013-03-24 22:08 . 2012-05-31 10:06 32400 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2013-03-24 22:08 . 2013-01-15 09:52 14464 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys
2013-03-24 22:08 . 2012-04-19 08:19 14848 ----a-w- c:\windows\SysWow64\drivers\AiChargerPlus.sys
2013-03-24 22:08 . 2008-12-02 19:05 184320 ----a-w- c:\windows\SysWow64\drivers\UpdateHelper.dll
2013-03-24 22:08 . 2013-03-27 20:04 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2013-03-24 22:07 . 2013-03-26 21:39 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2013-03-24 22:07 . 2013-03-27 20:04 -------- d-----w- c:\program files (x86)\ASUS
2013-03-24 22:07 . 2013-03-24 22:07 -------- d-----w- c:\windows\SysWow64\drivers\MFDLL
2013-03-24 22:07 . 2012-08-22 16:54 15232 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2013-03-24 22:07 . 2010-06-29 14:41 28672 ----a-w- c:\windows\SysWow64\AsIO.dll
2013-03-24 22:07 . 2008-01-04 12:34 11832 ------w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2013-03-24 22:07 . 2008-01-04 12:34 10216 ------w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2013-03-24 22:02 . 2013-03-24 22:06 -------- d-----w- c:\windows\Panther
2013-03-18 21:29 . 2013-03-18 21:29 54784 ----a-w- c:\windows\system32\OpenCL.dll
2013-03-18 21:29 . 2013-03-18 21:29 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-03-18 21:22 . 2013-03-18 21:22 5067264 ----a-w- c:\windows\system32\amdsc64.dll
2013-03-18 21:22 . 2013-03-18 21:22 4083200 ----a-w- c:\windows\SysWow64\amdsc.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-24 23:56 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-03-24 23:56 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-02-26 06:55 . 2013-02-26 06:55 71680 ----a-w- c:\windows\system32\frapsv64.dll
2013-02-26 06:55 . 2013-02-26 06:55 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2013-02-12 05:45 . 2013-03-25 19:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-25 19:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-25 19:06 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-25 19:06 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-25 19:06 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-25 19:06 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 20:15 . 2013-01-17 20:15 66800 ----a-w- c:\windows\system32\drivers\LGSHidFilt.Sys
2013-01-15 10:11 . 2013-01-15 10:11 110080 ----a-w- c:\windows\system32\DelayAPO.dll
2013-01-04 04:43 . 2013-03-24 22:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-03-24 3497552]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Spotify Web Helper"="c:\users\Pata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-03-27 1104280]
"Spotify"="c:\users\Pata\AppData\Roaming\Spotify\spotify.exe" [2013-03-27 4480920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2012-08-20 550272]
"ASUS WiFi GO! FileTransfer Execute"="c:\program files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe" [2012-07-12 1384608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-13 642728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 eSafeSvc;eSafe Service;c:\programdata\eSafe\eGdpSvc.exe [2013-03-26 969280]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys [2008-09-22 50176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-24 1255736]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-12-21 213416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-12-21 150616]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2012-05-31 32400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-13 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-13 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2013-03-24 920736]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2013-03-24 951936]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-03-24 149120]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [2013-03-24 1475744]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-12-21 1333424]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-12-21 139768]
S3 AiChargerPlus;AiChargerPlus;SysWow64\drivers\AiChargerPlus.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 CorsairCAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS164.sys [2011-06-16 1308160]
S3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17b64.sys [2012-10-23 78192]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2013-01-17 66800]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-06-12 726160]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-29 14:28 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2013-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-27 20:40]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24 22:22]
.
2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-24 22:22]
.
2013-03-29 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAHS1Sound"="c:\windows\Syswow64\CAHS1.dll" [2011-07-08 8724480]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-02-28 7468784]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-12-21 6326448]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM-Run-TNOD UP - c:\program files\ESET\TNod User & Password Finder\TNODUP.exe
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2013-03-30 01:20:30
ComboFix-quarantined-files.txt 2013-03-30 00:20
.
Före genomsökningen: 49 029 025 792 byte ledigt
Efter genomsökningen: 48 914 825 216 byte ledigt
.
- - End Of File - - 26C3DE888307C4D53DDD291C32FED9C1


Otl kommer i Dubbel och trippelpost, Förlåt mig sweclockers men det stödjer inte att har för mycket text i ett och samma inlägg.
puttepysen är inte uppkopplad
2013-03-30, 01:44   #12

puttepysen

Medlem

Registrerad: nov 2011

Otl: Otl

Spoiler:
OTL logfile created on: 2013-03-30 01:25:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pata\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

15,90 Gb Total Physical Memory | 13,51 Gb Available Physical Memory | 84,95% Memory free
31,80 Gb Paging File | 29,05 Gb Available in Paging File | 91,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 45,63 Gb Free Space | 40,86% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 46,24 Mb Free Space | 46,24% Space Free | Partition Type: NTFS
Drive E: | 465,66 Gb Total Space | 165,47 Gb Free Space | 35,53% Space Free | Partition Type: NTFS

Computer Name: PATADATA | User Name: Pata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-03-30 01:25:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pata\Desktop\OTL.exe
PRC - [2013-03-28 16:09:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013-03-25 00:50:53 | 003,497,552 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013-03-24 23:07:32 | 001,475,744 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
PRC - [2013-03-24 23:07:32 | 000,951,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
PRC - [2013-03-24 23:07:32 | 000,920,736 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
PRC - [2013-03-24 23:07:32 | 000,149,120 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
PRC - [2013-03-21 23:50:35 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013-01-14 16:37:50 | 001,406,776 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
PRC - [2012-12-21 13:08:56 | 001,333,424 | ---- | M] (ESET) -- C:\Program\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2012-08-08 18:17:52 | 003,101,056 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
PRC - [2012-08-07 13:42:12 | 001,504,640 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2012-08-03 16:40:52 | 001,112,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
PRC - [2012-07-12 17:36:08 | 001,384,608 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
PRC - [2012-05-03 12:17:36 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2012-03-13 12:34:12 | 002,935,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2012-02-02 15:20:32 | 000,889,984 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
PRC - [2011-09-28 16:29:46 | 000,905,216 | ---- | M] () -- C:\Program\Corsair USB Headset\Customapp\Program\CAHS.exe
PRC - [2011-09-08 21:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2010-11-20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


========== Modules (No Company Name) ==========

MOD - [2013-03-25 00:50:54 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2013-03-21 23:50:33 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
MOD - [2013-03-21 23:50:32 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
MOD - [2013-03-21 23:50:31 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013-03-21 23:49:41 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libglesv2.dll
MOD - [2013-03-21 23:49:40 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\libegl.dll
MOD - [2013-03-21 23:49:38 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2013-01-15 15:30:26 | 001,040,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
MOD - [2013-01-14 17:16:48 | 005,771,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzULIB.dll
MOD - [2013-01-14 16:37:50 | 001,406,776 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
MOD - [2012-08-15 14:42:40 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll
MOD - [2012-08-14 11:14:36 | 001,123,840 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
MOD - [2012-08-03 16:41:08 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
MOD - [2012-08-03 16:40:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
MOD - [2012-07-31 15:21:32 | 000,152,064 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll
MOD - [2012-07-20 09:39:40 | 001,047,040 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
MOD - [2012-07-10 17:55:30 | 001,625,600 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\WiFiGO.dll
MOD - [2012-06-19 12:56:22 | 001,305,600 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2012-05-28 21:27:04 | 001,622,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2012-05-25 10:33:10 | 000,883,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2012-03-21 12:07:44 | 000,972,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2012-02-06 21:08:30 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\pngio.dll
MOD - [2012-01-19 09:39:30 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll
MOD - [2011-10-14 20:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2011-09-28 16:29:46 | 000,905,216 | ---- | M] () -- C:\Program\Corsair USB Headset\Customapp\Program\CAHS.exe
MOD - [2011-09-26 19:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
MOD - [2011-09-19 20:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2011-07-21 09:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2011-07-12 19:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2011-04-19 14:56:58 | 000,143,360 | ---- | M] () -- C:\Program\Corsair USB Headset\Customapp\Program\VMixHS.dll
MOD - [2010-10-05 08:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2010-10-05 08:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll
MOD - [2010-10-05 08:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2010-09-23 11:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dll
MOD - [2010-08-23 10:17:40 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
MOD - [2010-06-21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll
MOD - [2010-02-25 14:01:30 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\Aszip.dll
MOD - [2009-08-12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012-09-13 23:18:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012-09-13 18:47:54 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-03-28 16:09:07 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013-03-27 21:40:11 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-03-26 21:35:46 | 000,969,280 | ---- | M] (eSafe Security Co., Ltd.) [Auto | Stopped] -- C:\ProgramData\eSafe\eGdpSvc.exe -- (eSafeSvc)
SRV - [2013-03-24 23:07:32 | 001,475,744 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2013-03-24 23:07:32 | 000,951,936 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)
SRV - [2013-03-24 23:07:32 | 000,920,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe -- (asComSvc)
SRV - [2013-03-24 23:07:32 | 000,149,120 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-12-21 13:08:56 | 001,333,424 | ---- | M] (ESET) [Auto | Running] -- C:\Program\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-01-17 21:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012-12-21 13:09:28 | 000,139,768 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2012-12-21 13:08:54 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012-12-21 13:08:18 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012-11-06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012-10-23 10:55:46 | 000,078,192 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw17b64.sys -- (hcw17bda)
DRV:64bit: - [2012-09-14 00:01:14 | 010,695,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-09-13 22:55:38 | 000,459,776 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-08-23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-08-23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-06-12 22:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012-05-31 11:06:14 | 000,032,400 | ---- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd)
DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-06-16 15:10:08 | 001,308,160 | -H-- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAHS164.sys -- (CorsairCAHS1)
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-02-18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009-11-24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009-11-24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008-09-23 00:24:00 | 000,050,176 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\shbecr.sys -- (Tdsshbecr)
DRV - [2012-04-09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0)
DRV - [2012-04-09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2013-03-29 11:58:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-03-29 11:58:03 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\Pata\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Pata\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: S\u00F6k p\u00E5 Google = C:\Users\Pata\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Pata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013-03-30 01:19:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [CAHS1Sound] C:\Windows\Syswow64\CAHS1.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [TNOD UP] "C:\Program Files\ESET\TNod User & Password Finder\TNODUP.exe" /i File not found
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Spotify] C:\Users\Pata\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Pata\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F0F81B2-12BA-4B96-BF22-C8F08FA661D4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-03-29 10:52:06 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-03-30 01:25:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pata\Desktop\OTL.exe
[2013-03-30 01:19:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013-03-30 01:15:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013-03-30 01:15:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013-03-30 01:15:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013-03-30 01:15:53 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013-03-30 01:15:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-03-30 01:15:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013-03-30 01:10:10 | 005,044,813 | R--- | C] (Swearware) -- C:\Users\Pata\Desktop\ComboFix.exe
[2013-03-29 21:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2013-03-29 21:51:35 | 000,339,968 | ---- | C] (Siano Mobile Silicon) -- C:\Windows\SysWow64\HcwSmsCt.dll
[2013-03-29 21:51:35 | 000,078,192 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw17b64.sys
[2013-03-29 21:51:33 | 000,000,000 | ---D | C] -- C:\Hauppauge
[2013-03-29 17:09:55 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\vlc
[2013-03-29 17:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013-03-29 17:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013-03-29 15:05:12 | 000,000,000 | ---D | C] -- C:\Users\Pata\Desktop\RK_Quarantine
[2013-03-29 12:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNod User & Password Finder
[2013-03-29 12:00:26 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\ESET
[2013-03-29 11:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013-03-29 11:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013-03-29 11:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013-03-29 11:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2013-03-29 11:42:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013-03-29 11:42:04 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\WinRAR
[2013-03-29 11:42:04 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013-03-29 11:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013-03-29 11:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013-03-29 11:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI Kombustor 2.5
[2013-03-29 11:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Kombustor 2.5
[2013-03-29 11:11:00 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\Programs
[2013-03-29 11:10:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013-03-29 11:10:45 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2013-03-29 11:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2013-03-29 11:02:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-03-29 11:02:28 | 000,000,000 | ---D | C] -- C:\JRT
[2013-03-29 10:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013-03-29 10:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013-03-28 17:19:08 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\LolClient
[2013-03-28 16:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013-03-28 16:22:57 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\Logitech
[2013-03-28 16:22:56 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Leadertech
[2013-03-28 16:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013-03-28 16:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013-03-28 16:22:19 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Logitech
[2013-03-28 16:22:19 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Logishrd
[2013-03-28 16:04:34 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\PunkBuster
[2013-03-28 16:04:31 | 000,000,000 | ---D | C] -- C:\Users\Pata\Documents\Battlefield 3
[2013-03-28 16:03:20 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\ESN
[2013-03-28 16:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2013-03-28 16:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013-03-28 16:02:24 | 000,000,000 | ---D | C] -- C:\Fraps
[2013-03-28 16:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013-03-28 16:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013-03-28 08:37:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013-03-28 08:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2013-03-27 23:12:04 | 000,000,000 | ---D | C] -- C:\Users\Pata\Valley
[2013-03-27 22:37:16 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Skype
[2013-03-27 22:37:14 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013-03-27 22:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013-03-27 22:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013-03-27 22:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013-03-27 22:37:02 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\Spotify
[2013-03-27 22:36:41 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Spotify
[2013-03-27 21:59:57 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\AMD
[2013-03-27 21:59:52 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\ATI
[2013-03-27 21:59:52 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\ATI
[2013-03-27 21:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013-03-27 21:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013-03-27 21:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013-03-27 21:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013-03-27 21:59:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013-03-27 21:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013-03-27 21:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2013-03-27 21:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013-03-27 21:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013-03-27 21:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013-03-27 21:57:40 | 000,000,000 | ---D | C] -- C:\AMD
[2013-03-27 21:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Atiman Technologies
[2013-03-27 21:47:57 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Atmanun
[2013-03-27 21:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atiman Technologies Inc
[2013-03-27 21:47:57 | 000,000,000 | ---D | C] -- C:\Windows\Atiman Technologies
[2013-03-27 21:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atiman Technologies
[2013-03-27 21:40:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013-03-27 20:13:52 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
[2013-03-27 20:13:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPU-Z
[2013-03-26 22:41:05 | 000,023,680 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\drivers\IOMap64.sys
[2013-03-26 21:51:50 | 000,000,000 | ---D | C] -- C:\Users\Pata\Heaven
[2013-03-26 21:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
[2013-03-26 21:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unigine
[2013-03-26 21:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013-03-26 21:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2013-03-26 21:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2013-03-26 21:35:10 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\eIntaller
[2013-03-26 21:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013-03-26 21:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013-03-25 00:53:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013-03-25 00:53:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013-03-25 00:52:20 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013-03-25 00:52:18 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013-03-25 00:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013-03-25 00:51:01 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Origin
[2013-03-25 00:50:57 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\Origin
[2013-03-25 00:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013-03-25 00:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013-03-25 00:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013-03-25 00:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013-03-25 00:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013-03-25 00:39:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013-03-25 00:39:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013-03-25 00:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2013-03-25 00:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2013-03-25 00:20:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013-03-25 00:03:55 | 008,724,480 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CAHS1.dll
[2013-03-25 00:03:55 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\cmpaHS1.dll
[2013-03-25 00:03:55 | 000,000,000 | ---D | C] -- C:\Program Files\Corsair USB Headset
[2013-03-25 00:03:55 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Corsair
[2013-03-25 00:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair
[2013-03-25 00:03:43 | 001,308,160 | -H-- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\CAHS164.sys
[2013-03-25 00:03:43 | 000,315,392 | -H-- | C] (C-Media Electronics Inc.) -- C:\Windows\System\fltrCAHS1.dll
[2013-03-24 23:42:33 | 000,000,000 | ---D | C] -- C:\Users\Pata\Documents\Vuze Downloads
[2013-03-24 23:42:20 | 000,000,000 | ---D | C] -- C:\Users\Pata\.swt
[2013-03-24 23:42:10 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Azureus
[2013-03-24 23:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2013-03-24 23:27:01 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013-03-24 23:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013-03-24 23:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013-03-24 23:22:17 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\Google
[2013-03-24 23:22:13 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\Deployment
[2013-03-24 23:22:13 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\Apps
[2013-03-24 23:17:57 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Macromedia
[2013-03-24 23:17:56 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Adobe
[2013-03-24 23:15:58 | 000,726,160 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013-03-24 23:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013-03-24 23:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
[2013-03-24 23:09:39 | 000,046,152 | ---- | C] (MCCI Corporation) -- C:\Windows\SysWow64\drivers\ASUSFILTER.sys
[2013-03-24 23:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2013-03-24 23:09:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013-03-24 23:09:19 | 000,000,000 | ---D | C] -- C:\Users\Pata\Documents\ASUS Remote GO!
[2013-03-24 23:08:50 | 000,032,400 | ---- | C] (NT Kernel Resources) -- C:\Windows\SysNative\drivers\ndisrd.sys
[2013-03-24 23:08:12 | 000,014,848 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\drivers\AiChargerPlus.sys
[2013-03-24 23:08:06 | 000,184,320 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\drivers\UpdateHelper.dll
[2013-03-24 23:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2013-03-24 23:08:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013-03-24 23:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013-03-24 23:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2013-03-24 23:07:32 | 000,028,672 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2013-03-24 23:07:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\MFDLL
[2013-03-24 23:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2013-03-24 23:06:13 | 000,000,000 | R--D | C] -- C:\Users\Pata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013-03-24 23:06:13 | 000,000,000 | R--D | C] -- C:\Users\Pata\Searches
[2013-03-24 23:06:13 | 000,000,000 | R--D | C] -- C:\Users\Pata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013-03-24 23:06:08 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Identities
[2013-03-24 23:06:07 | 000,000,000 | R--D | C] -- C:\Users\Pata\Contacts
[2013-03-24 23:06:06 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\VirtualStore
[2013-03-24 23:06:04 | 000,000,000 | --SD | C] -- C:\Users\Pata\AppData\Roaming\Microsoft
[2013-03-24 23:06:04 | 000,000,000 | R--D | C] -- C:\Users\Pata\Videos
[2013-03-24 23:06:04 | 000,000,000 | R--D | C] -- C:\Users\Pata\Saved Games
[2013-03-24 23:06:04 | 000,000,000 | R--D | C] -- C:\Users\Pata\Pictures
[2013-03-24 23:06:04 | 000,000,000 | R--D | C] -- C:\Users\Pata\Music
[2013-03-24 23:06:04 | 000,000,000 | R--D | C] -- C:\Users\Pata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013-03-24 23:06:04 | 000,000,000 | R--D | C] -- C:\Users\Pata\Links
[2013-03-24 23:06:04 | 000,000,000 | R--D | C] -- C:\Users\Pata\Favorites
[2013-03-24 23:06:04 | 000,000,000 | R--D | C] -- C:\Users\Pata\Downloads
[2013-03-24 23:06:04 | 000,000,000 | R--D | C] -- C:\Users\Pata\Documents
[2013-03-24 23:06:04 | 000,000,000 | R--D | C] -- C:\Users\Pata\Desktop
[2013-03-24 23:06:04 | 000,000,000 | R--D | C] -- C:\Users\Pata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\AppData\Local\Tidigare
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\AppData\Local\Temporary Internet Files
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\Start-meny
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\Skrivare
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\SendTo
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\Recent
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\Programdata
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\AppData\Local\Programdata
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\Nätverket
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\Documents\Mina videoklipp
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\Mina dokument
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\Documents\Mina bilder
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\Documents\Min musik
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\Mallar
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\Lokala inställningar
[2013-03-24 23:06:04 | 000,000,000 | -HSD | C] -- C:\Users\Pata\Cookies
[2013-03-24 23:06:04 | 000,000,000 | -H-D | C] -- C:\Users\Pata\AppData
[2013-03-24 23:06:04 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\Temp
[2013-03-24 23:06:04 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Local\Microsoft
[2013-03-24 23:06:04 | 000,000,000 | ---D | C] -- C:\Users\Pata\AppData\Roaming\Media Center Programs
[2013-03-24 23:06:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start-meny
[2013-03-24 23:06:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\Skrivbord
[2013-03-24 23:06:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\Programdata
[2013-03-24 23:06:03 | 000,000,000 | -HSD | C] -- C:\Program
[2013-03-24 23:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mina videoklipp
[2013-03-24 23:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Mina bilder
[2013-03-24 23:06:03 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Min musik
[2013-03-24 23:06:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\Mallar
[2013-03-24 23:06:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriter
[2013-03-24 23:06:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokument
[2013-03-24 23:06:03 | 000,000,000 | -HSD | C] -- C:\Program Files\Delade filer
[2013-03-24 23:06:03 | 000,000,000 | ---D | C] -- C:\Recovery
[2013-03-24 23:06:01 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013-03-24 23:02:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013-03-24 23:02:32 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013-03-24 23:02:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013-03-18 22:29:16 | 000,054,784 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013-03-18 22:29:12 | 000,050,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-03-30 01:25:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pata\Desktop\OTL.exe
[2013-03-30 01:21:40 | 000,025,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-03-30 01:21:40 | 000,025,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-03-30 01:20:01 | 000,000,000 | ---- | M] () -- C:\Windows\Path.idx
[2013-03-30 01:19:59 | 001,466,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-03-30 01:19:59 | 000,625,534 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2013-03-30 01:19:59 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-03-30 01:19:59 | 000,123,688 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2013-03-30 01:19:59 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-03-30 01:19:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013-03-30 01:14:56 | 001,048,576 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2013-03-30 01:14:26 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-03-30 01:14:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-03-30 01:14:19 | 4215,402,494 | -HS- | M] () -- C:\hiberfil.sys
[2013-03-30 01:10:47 | 005,044,813 | R--- | M] (Swearware) -- C:\Users\Pata\Desktop\ComboFix.exe
[2013-03-30 01:08:52 | 000,002,251 | ---- | M] () -- C:\Users\Pata\Desktop\Google Chrome.lnk
[2013-03-30 00:27:00 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-03-29 23:47:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-03-29 21:51:33 | 000,000,601 | ---- | M] () -- C:\Users\Public\Desktop\Install WinTV v7.x CD 2.7.lnk
[2013-03-29 18:00:00 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013-03-29 17:09:43 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013-03-29 17:09:43 | 000,000,027 | ---- | M] () -- C:\Program Files\plugins.dat
[2013-03-29 13:33:28 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013-03-29 13:33:28 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-03-29 13:33:07 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013-03-29 11:59:58 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013-03-29 11:17:35 | 002,128,896 | ---- | M] () -- C:\Users\Pata\AppData\Local\file__0.localstorage
[2013-03-29 10:52:06 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013-03-28 16:09:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-03-28 00:33:09 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013-03-28 00:33:09 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013-03-27 21:59:48 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013-03-27 21:47:06 | 000,000,679 | ---- | M] () -- C:\Windows\CAHS1.ini.imi
[2013-03-27 21:08:17 | 458,292,123 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013-03-27 20:12:23 | 000,002,846 | ---- | M] () -- C:\Users\Pata\Unigine_Heaven_Benchmark_4.0_test 1_2011.html
[2013-03-27 20:02:42 | 000,002,845 | ---- | M] () -- C:\Users\Pata\Unigine_Heaven_Benchmark_4.0_20130327_2002.html
[2013-03-25 20:04:56 | 000,267,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-03-25 00:03:55 | 000,013,521 | ---- | M] () -- C:\Windows\CAHS1.ini.cfl
[2013-03-25 00:03:55 | 000,000,587 | ---- | M] () -- C:\Windows\System\CAHS1.ini
[2013-03-25 00:03:55 | 000,000,132 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2013-03-24 23:20:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_M5A97 R2.0.alu
[2013-03-24 23:04:55 | 000,050,643 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013-03-24 23:04:55 | 000,050,643 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013-03-24 23:03:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013-03-18 22:29:16 | 000,054,784 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013-03-18 22:29:12 | 000,050,176 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-03-30 01:15:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013-03-30 01:15:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013-03-30 01:15:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013-03-30 01:15:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013-03-30 01:15:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-03-30 01:08:52 | 000,002,251 | ---- | C] () -- C:\Users\Pata\Desktop\Google Chrome.lnk
[2013-03-29 21:51:35 | 000,101,888 | ---- | C] () -- C:\Windows\SysNative\drivers\hcw17dvb.1b0
[2013-03-29 21:51:35 | 000,098,384 | ---- | C] () -- C:\Windows\SysNative\drivers\hcw17isd.1b0
[2013-03-29 21:51:33 | 000,000,601 | ---- | C] () -- C:\Users\Public\Desktop\Install WinTV v7.x CD 2.7.lnk
[2013-03-29 17:09:43 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013-03-29 17:09:43 | 000,000,027 | ---- | C] () -- C:\Program Files\plugins.dat
[2013-03-29 10:52:06 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013-03-29 10:50:48 | 000,000,490 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013-03-29 10:26:31 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013-03-28 16:04:38 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013-03-28 08:37:21 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-03-28 08:37:21 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013-03-28 08:37:21 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-03-28 00:33:09 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013-03-28 00:33:09 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013-03-27 22:37:02 | 000,001,748 | ---- | C] () -- C:\Users\Pata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013-03-27 21:59:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013-03-27 21:40:11 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-03-27 20:12:23 | 000,002,846 | ---- | C] () -- C:\Users\Pata\Unigine_Heaven_Benchmark_4.0_test 1_2011.html
[2013-03-27 20:02:42 | 000,002,845 | ---- | C] () -- C:\Users\Pata\Unigine_Heaven_Benchmark_4.0_20130327_2002.html
[2013-03-26 21:51:23 | 002,128,896 | ---- | C] () -- C:\Users\Pata\AppData\Local\file__0.localstorage
[2013-03-25 00:52:30 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013-03-25 00:52:16 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013-03-25 00:52:14 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013-03-25 00:52:14 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013-03-25 00:52:12 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2013-03-25 00:52:12 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013-03-25 00:20:48 | 458,292,123 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013-03-25 00:03:55 | 000,798,208 | ---- | C] () -- C:\Windows\SysNative\CAHS1.exe
[2013-03-25 00:03:55 | 000,401,920 | ---- | C] () -- C:\Windows\SysNative\CAHS1.cpl
[2013-03-25 00:03:55 | 000,143,360 | ---- | C] () -- C:\Windows\VmixHS1.dll
[2013-03-25 00:03:55 | 000,013,521 | ---- | C] () -- C:\Windows\CAHS1.ini.cfl
[2013-03-25 00:03:55 | 000,000,132 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2013-03-25 00:03:54 | 000,354,304 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2013-03-25 00:03:54 | 000,002,029 | ---- | C] () -- C:\Windows\CAHS1.ini.cfg
[2013-03-25 00:03:54 | 000,000,679 | ---- | C] () -- C:\Windows\CAHS1.ini.imi
[2013-03-25 00:03:54 | 000,000,638 | ---- | C] () -- C:\Windows\CAHS1.ini
[2013-03-25 00:03:54 | 000,000,587 | ---- | C] () -- C:\Windows\System\CAHS1.ini
[2013-03-24 23:42:16 | 000,001,794 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2013-03-24 23:42:13 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013-03-24 23:28:03 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013-03-24 23:22:18 | 000,000,990 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-03-24 23:22:18 | 000,000,986 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-03-24 23:20:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_M5A97 R2.0.alu
[2013-03-24 23:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\Path.idx
[2013-03-24 23:10:53 | 001,048,576 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2013-03-24 23:08:18 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2013-03-24 23:07:32 | 000,015,232 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2013-03-24 23:07:32 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013-03-24 23:07:32 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013-03-24 23:06:14 | 000,001,649 | ---- | C] () -- C:\Users\Pata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013-03-24 23:04:53 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013-03-24 23:04:52 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013-03-24 23:03:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013-03-24 23:02:32 | 4215,402,494 | -HS- | C] () -- C:\hiberfil.sys
[2012-09-28 20:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012-09-13 23:12:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-09-13 23:12:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-05-31 07:39:26 | 000,027,136 | ---- | C] () -- C:\Windows\setrestore.exe
[2012-05-02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-03-27 21:48:21 | 000,000,000 | ---D | M] -- C:\Users\Pata\AppData\Roaming\Atmanun
[2013-03-30 00:36:51 | 000,000,000 | ---D | M] -- C:\Users\Pata\AppData\Roaming\Azureus
[2013-03-25 00:03:55 | 000,000,000 | ---D | M] -- C:\Users\Pata\AppData\Roaming\Corsair
[2013-03-26 21:35:10 | 000,000,000 | ---D | M] -- C:\Users\Pata\AppData\Roaming\eIntaller
[2013-03-28 16:22:56 | 000,000,000 | ---D | M] -- C:\Users\Pata\AppData\Roaming\Leadertech
[2013-03-28 17:19:08 | 000,000,000 | ---D | M] -- C:\Users\Pata\AppData\Roaming\LolClient
[2013-03-25 01:01:58 | 000,000,000 | ---D | M] -- C:\Users\Pata\AppData\Roaming\Origin
[2013-03-30 01:14:34 | 000,000,000 | ---D | M] -- C:\Users\Pata\AppData\Roaming\Spotify

========== Purity Check ==========



< End of report >
puttepysen är inte uppkopplad
2013-03-30, 01:46   #13

puttepysen

Medlem

Registrerad: nov 2011

Otl: Extras

Spoiler:
OTL Extras logfile created on: 2013-03-30 01:25:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pata\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

15,90 Gb Total Physical Memory | 13,51 Gb Available Physical Memory | 84,95% Memory free
31,80 Gb Paging File | 29,05 Gb Available in Paging File | 91,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 45,63 Gb Free Space | 40,86% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 46,24 Mb Free Space | 46,24% Space Free | Partition Type: NTFS
Drive E: | 465,66 Gb Total Space | 165,47 Gb Free Space | 35,53% Space Free | Partition Type: NTFS

Computer Name: PATADATA | User Name: Pata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A6CB785-5315-4868-AADD-B890EB8DE468}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2828B292-3421-4A1E-86B3-1D5D88B57195}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2E51D267-B197-43F8-A330-08A387C2BBF7}" = lport=1900 | protocol=17 | dir=in | name=upnp udp 1900 |
"{325BC3BB-106F-4766-A4C4-2110FB898B89}" = rport=139 | protocol=6 | dir=out | app=system |
"{5A7E06DA-0853-4E82-8228-EDAE6C13422A}" = lport=445 | protocol=6 | dir=in | app=system |
"{81EB7E3D-08C8-4663-9886-19B4D701688E}" = lport=138 | protocol=17 | dir=in | app=system |
"{87061CFC-B410-4C64-BA14-A8F594198978}" = rport=138 | protocol=17 | dir=out | app=system |
"{8886D77B-8A80-4C65-ACD4-C293AC2116C7}" = lport=2869 | protocol=6 | dir=in | name=upnp tcp 2869 |
"{888CC489-345A-4C61-806E-8D144E0E3394}" = rport=445 | protocol=6 | dir=out | app=system |
"{B70E5FEB-E2FB-456E-96EB-99C5FE0BCBC0}" = lport=137 | protocol=17 | dir=in | app=system |
"{BD36EE5E-0DAF-48EC-B6A3-3110F79AE0DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D15CE13D-6584-4603-869B-B5FFB1F978E1}" = rport=137 | protocol=17 | dir=out | app=system |
"{DF675C56-EFC7-4CE9-A86C-1C5266AFC92C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E38FA6E2-2405-4A91-A5CE-768A1A2FA6FA}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{215A4092-7BC0-441C-9BE4-E479696538ED}" = protocol=6 | dir=in | app=c:\users\pata\appdata\roaming\spotify\spotify.exe |
"{363CA8DB-A442-49D6-8D82-DA4AD47541D3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{408F18F2-86AD-4387-8955-C8CC644B7706}" = protocol=17 | dir=in | app=c:\users\pata\appdata\roaming\spotify\spotify.exe |
"{4F90E75B-53AD-4A2B-A47A-1F031B010146}" = protocol=6 | dir=in | app=e:\nedladdade spel\battlefield 3\bf3.exe |
"{5788F45C-CE41-492D-8407-6BC2E26393F7}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\remote go!\assisttools\wifi go! server.exe |
"{5CDEF993-427D-486F-B91B-F9395B7BBE2A}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\remote go!\assisttools\wifi go! server.exe |
"{62AD6F62-7D7D-4313-A545-4D5C7B80C036}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6A7BFE95-8C76-42A4-8C11-01FCE2B3CE9F}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{70F9C37B-78B0-4D8D-8D97-7929E0515DBE}" = protocol=17 | dir=in | app=c:\users\pata\appdata\roaming\spotify\spotify.exe |
"{7A0E174A-F535-4038-9C62-864DC81AE007}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{81AD68A9-E2EA-4F2A-AE25-5D413B068B3F}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{8BA37CDB-A0B7-4D36-8AAF-4F5EE43AB58E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8E9A67AB-B2BE-40C1-936C-ED1BBDC3C05D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9EDDF74D-DF13-4237-85FF-8E31A354BFDD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A6ACA172-27BA-4719-AEED-B35161A1BBF1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C8C071C9-F2F2-4EC2-B098-CB9DAC36C3D9}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{CAB73FC9-E6AF-43A6-B91F-F20D65863497}" = protocol=17 | dir=in | app=e:\nedladdade spel\battlefield 3\bf3.exe |
"{D258A110-195E-4237-ADBC-25998BF45874}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E4248162-B71A-4C2A-AF82-F127FB74C83E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E476DB9C-2CA0-44F2-8722-D426CA97D0C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EB8F2F7B-FAC1-413D-8C36-99E4F4EFEBEE}" = protocol=6 | dir=in | app=c:\users\pata\appdata\roaming\spotify\spotify.exe |
"{ECDA5BE1-3BDA-44AD-BB11-E9A312EB77E7}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F8444A1E-B674-4E77-83C7-6B19130521CA}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B39402-2840-AF32-FF47-E1AC320190F2}" = AMD Accelerated Video Transcoding
"{23CA20AB-A7B2-E3EF-790A-6F3A2D94DA2C}" = AMD Fuel
"{2437D856-23E2-A0EE-3D8C-041AA2065109}" = AMD Catalyst Install Manager
"{34FA8357-182E-87DC-9014-0A70B2D49579}" = ccc-utility64
"{35BD87CD-1E57-A87E-53F0-62B9925F7B36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{7160D4AB-F731-47F0-7EB3-608892981528}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CA8C0A-D865-48B6-B521-B3DB1771D565}" = ESET NOD32 Antivirus
"{96CC6DCC-8EBA-3F85-899B-933F599C4142}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack
"{B3C84EBC-677C-A4CB-1196-2534DD0E1682}" = AMD Fuel
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EDCC3653-5523-3B87-D77F-6A65B880A61A}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8461-7759-5462-8226" = Vuze
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0
"Logitech Gaming Software" = Logitech Gaming Software 8.45
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE
"Speccy" = Speccy
"TNod" = TNod User & Password Finder
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{06D616BB-D397-6BCF-DEAD-DBEAD9AA69C1}" = CCC Help Russian
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.5.0
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{17DC6852-9048-393B-1A89-203B36675653}" = CCC Help German
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1EC58056-481C-B7C8-A105-5C77BF3EAA16}" = CCC Help Swedish
"{1ECC7108-0878-607B-EDA8-6EB9372A6BD2}" = Catalyst Control Center Graphics Previews Common
"{257C5AFD-8614-BBD4-4C97-3B43F8161DFC}" = CCC Help Turkish
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{28D30BC0-EE51-8C94-80B3-04BE1A26B088}" = CCC Help Turkish
"{29898311-2FB2-4E98-739B-B449AF0DEC9F}" = CCC Help Italian
"{2F46EDE0-BA53-0AC8-45D4-B0C674BBDCB7}" = AMD VISION Engine Control Center
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{354CD23A-63EA-83CE-051A-4ADE953316DC}" = CCC Help Dutch
"{3B1D570D-AE45-132F-7E4C-997F1E6E75FC}" = CCC Help Greek
"{3FFBB9E3-057F-7AC2-B413-0F9E04F46A93}" = CCC Help Polish
"{44E46185-638A-4F84-C902-74ACF30932A7}" = CCC Help Spanish
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4AB43DE0-CF91-C9D5-3F6C-A869CC44D742}" = CCC Help Czech
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{51A70CA3-CDFA-B8C7-8FEC-4AD92D4AA9D4}" = AMD VISION Engine Control Center
"{528E82EA-A194-4A9D-371E-59BACC7D7DE4}" = CCC Help Dutch
"{538FB3F5-22D6-A671-4396-1426582E332A}" = Catalyst Control Center Localization All
"{53920718-25F0-CBA8-D694-BDC793C2B219}" = CCC Help Chinese Traditional
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{540C5568-983A-B7BC-3005-C42736DA00AB}" = CCC Help English
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{56206A74-F8C4-7705-DE77-315A0ADCB41F}" = CCC Help Japanese
"{57E0E3A9-F4EF-1540-CADA-EB5E33B3B922}" = CCC Help Korean
"{580CFBBA-6AE4-9165-5656-310CB53883A7}" = CCC Help Hungarian
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{63601D88-60C5-600C-1FCD-5BF1FCFD1786}" = Catalyst Control Center Localization All
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{659425A0-A001-4506-0957-68A834DC2F21}" = CCC Help Finnish
"{66A2D6E0-023E-129B-A7D9-0A69646A4FB0}" = CCC Help Czech
"{6B48E2BE-16BE-F93F-5E7F-B5D0148FF29A}" = CCC Help German
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{6E65E954-8C25-797C-5382-B9B83F262105}" = Catalyst Control Center InstallProxy
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB7}" = Corsair USB Headset
"{73F6E6FE-ADDA-72F2-97F2-D7501CADC0BF}" = CCC Help Chinese Traditional
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77091BC5-B357-166C-CFDF-2AC2C72ED29E}" = CCC Help Italian
"{78D33C64-C59E-C438-BE30-3FDE5900197D}" = CCC Help Danish
"{796949FB-CFE8-0EF3-D5DA-3A732B958FEE}" = CCC Help Korean
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{902DBBC3-CCF2-E030-CDBA-55F4024C7813}" = CCC Help Finnish
"{92D4040E-8D78-399E-309E-E593E871E132}" = CCC Help Japanese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D104AC8-D050-9D64-8E8E-04CF56C98A43}" = CCC Help Portuguese
"{A231A6F2-2C80-6203-ED35-2CFB96B25A38}" = Application Profiles
"{A26B9B0A-1EB9-40E6-5CB9-D14BF1A72E80}" = CCC Help Russian
"{A5F6F320-2542-333D-AC13-4B66078257C5}" = CCC Help French
"{A7E3C9FE-A5CE-B00A-49F8-64BC03B6ABF8}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA5AD5C2-2C06-F079-493F-5497B6070A31}" = CCC Help Polish
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B133A3D4-402C-9C6B-7BB0-839D93B5AB99}" = CCC Help French
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B4E72CEE-BC8E-788C-0A54-D27EDC2842E0}" = Catalyst Control Center InstallProxy
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BD4C9A32-4C3A-4610-8A24-C7C603CA7369}" = Atiman Uninstaller 7.0.2
"{C62F383F-8C65-38C2-0301-F29278AFFB68}" = CCC Help English
"{C682AF6E-0E60-3AB2-4D26-740E0A6650F1}" = CCC Help Portuguese
"{C7CA6910-8497-6C6B-38C2-8694D108CCA8}" = CCC Help Norwegian
"{CB979CC6-F115-876C-73F1-559786230C57}" = CCC Help Swedish
"{CD274231-2D4A-E0D3-77EE-CBF73A255DF8}" = CCC Help Chinese Standard
"{CE4FAE68-434C-BA43-8B9A-DA215B220479}" = CCC Help Thai
"{D4737341-1524-6784-8AC1-F79DC79B96CB}" = CCC Help Chinese Standard
"{D910F446-B7A0-F472-1B89-A9085F4AFFBD}" = CCC Help Norwegian
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E288EA43-3A9B-BEAB-8147-11BE15709D42}" = CCC Help Hungarian
"{E2A067AA-D675-5AB0-E1B5-3E701ED8DE5C}" = CCC Help Danish
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EA37D017-8A7B-C2E0-1B64-ACEE65711D33}" = CCC Help Spanish
"{F08A6ECB-A8F2-D822-24CE-307AF4AFE64F}" = CCC Help Greek
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40DF4BA-C9A8-D04D-E392-80798FF8EA51}" = CCC Help Thai
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Afterburner" = MSI Afterburner 2.3.1
"Battlelog Web Plugins" = Battlelog Web Plugins
"eSafeSecControl" = eSafe Security Control 1.0.0.1982
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"Unigine Heaven Benchmark (Basic Edition)_is1" = Heaven Benchmark version 4.0
"Unigine Valley Benchmark_is1" = Unigine Valley Benchmark version 1.0
"VLC media player" = VLC media player 2.0.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013-03-29 09:58:35 | Computer Name = Patadata | Source = ESENT | ID = 494
Description = Catalog Database (1136) Catalog Database: Databasåterställningen misslyckades
med felet -1216 eftersom referenser till databasen C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb,
som inte längre finns, påträffades. Databasen avslutades inte korrekt (läget för
felfri avstängning) innan den togs bort, flyttades eller bytte namn. Återställningen
av den här instansen kan inte slutföras förrän databasen som saknas har återinförts.
Om databasen inte längre finns och inte längre behövs läser du informationen i
Microsoft Knowledge Base om hur du återställer från det här felet. Alternativt klickar
du på länken Mer information längst ned i det här meddelandet.

Error - 2013-03-29 09:58:35 | Computer Name = Patadata | Source = ESENT | ID = 454
Description = Catalog Database (1136) Catalog Database: Det oväntade felet -1216
inträffade vid databasåterställningen.

Error - 2013-03-29 09:58:35 | Computer Name = Patadata | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Tjänsten Cryptographic Services kunde inte initiera katalogdatabasen.
ESENT-felet var: -1216.

[ System Events ]
Error - 2013-03-29 12:56:46 | Computer Name = Patadata | Source = Service Control Manager | ID = 7000
Description = Tjänsten AODDriver4.2.0 kunde inte startas på grund av följande fel:
%%2

Error - 2013-03-29 12:56:53 | Computer Name = Patadata | Source = Service Control Manager | ID = 7000
Description = Tjänsten AODDriver4.2.0 kunde inte startas på grund av följande fel:
%%2

Error - 2013-03-29 20:08:38 | Computer Name = Patadata | Source = Service Control Manager | ID = 7000
Description = Tjänsten AODDriver4.2.0 kunde inte startas på grund av följande fel:
%%2

Error - 2013-03-29 20:08:45 | Computer Name = Patadata | Source = Service Control Manager | ID = 7000
Description = Tjänsten AODDriver4.2.0 kunde inte startas på grund av följande fel:
%%2

Error - 2013-03-29 20:14:24 | Computer Name = Patadata | Source = Service Control Manager | ID = 7000
Description = Tjänsten AODDriver4.2.0 kunde inte startas på grund av följande fel:
%%2

Error - 2013-03-29 20:14:31 | Computer Name = Patadata | Source = Service Control Manager | ID = 7000
Description = Tjänsten AODDriver4.2.0 kunde inte startas på grund av följande fel:
%%2

Error - 2013-03-29 20:15:46 | Computer Name = Patadata | Source = Service Control Manager | ID = 7034
Description = Tjänsten eSafe Service avslutades oväntat. Detta har skett 1 gånger.

Error - 2013-03-29 20:17:29 | Computer Name = Patadata | Source = Service Control Manager | ID = 7030
Description = Tjänsten PEVSystemStart är markerad som en interaktiv tjänst. Systemet
är dock konfigurerat för att inte tillåta interaktiva tjänster. Tjänsten kommer
kanske inte att fungera korrekt.

Error - 2013-03-29 20:19:09 | Computer Name = Patadata | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys har hindrats från att läsas in eftersom
den är inkompatibel med den här datorn. Kontakta enhetens tillverkare och fråga
om en kompatibel version av drivrutinen.

Error - 2013-03-29 20:19:28 | Computer Name = Patadata | Source = Service Control Manager | ID = 7030
Description = Tjänsten PEVSystemStart är markerad som en interaktiv tjänst. Systemet
är dock konfigurerat för att inte tillåta interaktiva tjänster. Tjänsten kommer
kanske inte att fungera korrekt.


< End of report >
puttepysen är inte uppkopplad
2013-03-31, 20:03   #14

CeciliaB

Medlem

CeciliaBs avatar

Plats: Stockholm

Registrerad: nov 2011

Det är en ny typ av skadligt program som dök upp för en knapp vecka sedan. Jag har inte lyckats hitta någon tråd där man har fått bort den ordentligt, utan man har ominstallerat Windows eller så pågår tråden fortfarande.

De som har installerat Firefox efter det att datorn blev infekterad har kunna använda Firefox utan att riskera att det som ligger bakom det skadliga programmet tjänar några pengar.

Spara RougueKiller på Skrivbordet.
http://www.sur-la-toile.com/RogueKiller/
Stäng av alla program.
Ta bort alla externa enheter, t ex USB-minnen och externa hårddiskar, utom tangentbord och mus. Låt dem vara bortkopplade medan rensningen pågår.

Kör RogueKiller (i Vista och Windows 7 högerklicka på programmet och välj "Kör som administratör). Om det inte går att köra så pröva flera gång, men om det fortfarande inte går så pröva med att döpa om programmet till winlogon.exe.

Vänta tills "Prescan" har avslutats.
Klicka på "Scan"-knappen uppe till höger.
Vänta tills skanningen är klar.
En rapport "RKreport.txt" ska då ha skapats på Skrivbordet. Klistra in innehållet i den i ditt svar.
CeciliaB är inte uppkopplad
2013-03-31, 20:14   #15

puttepysen

Medlem

Registrerad: nov 2011

Citat:
Ursprungligen inskrivet av CeciliaB Visa inlägg
Det är en ny typ av skadligt program som dök upp för en knapp vecka sedan. Jag har inte lyckats hitta någon tråd där man har fått bort den ordentligt, utan man har ominstallerat Windows eller så pågår tråden fortfarande.

De som har installerat Firefox efter det att datorn blev infekterad har kunna använda Firefox utan att riskera att det som ligger bakom det skadliga programmet tjänar några pengar.

Spara RougueKiller på Skrivbordet.
http://www.sur-la-toile.com/RogueKiller/
Stäng av alla program.
Ta bort alla externa enheter, t ex USB-minnen och externa hårddiskar, utom tangentbord och mus. Låt dem vara bortkopplade medan rensningen pågår.

Kör RogueKiller (i Vista och Windows 7 högerklicka på programmet och välj "Kör som administratör). Om det inte går att köra så pröva flera gång, men om det fortfarande inte går så pröva med att döpa om programmet till winlogon.exe.

Vänta tills "Prescan" har avslutats.
Klicka på "Scan"-knappen uppe till höger.
Vänta tills skanningen är klar.
En rapport "RKreport.txt" ska då ha skapats på Skrivbordet. Klistra in innehållet i den i ditt svar.
Hade redan gjort en sådan längre upp i denna tråd, men gjorde det igen nu.

Spoiler:
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Pata [Admin rights]
Mode : Scan -- Date : 03/31/2013 20:12:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] eGdpSvc.exe -- C:\ProgramData\eSafe\eGdpSvc.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: KINGSTON SV300S37A120G ATA Device +++++
--- User ---
[MBR] 0b171c0938619ae55333717146bf6e12
[BSP] 45bddf0e6ec6fcd6027b7b505ab52979 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AAKS-00V1A0 ATA Device +++++
--- User ---
[MBR] 8c8bb6e9a256db5fb0f8994fd48cf247
[BSP] 9d8dc14e6d000631151751922e8baf0e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476837 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_03312013_02d2012.txt >>
RKreport[1]_S_03292013_02d1506.txt ; RKreport[2]_D_03292013_02d1508.txt ; RKreport[3]_S_03312013_02d2012.txt
puttepysen är inte uppkopplad
2013-04-01, 00:31   #16

CeciliaB

Medlem

CeciliaBs avatar

Plats: Stockholm

Registrerad: nov 2011

Förlåt

När blev datorn infekterad?
Du kan jämföra med de datum som CombFix listar för nya program:
2013-03-29 10:58 . 2013-03-29 11:02 -------- d-----w- c:\program files\ESET
2013-03-28 15:22 . 2013-03-28 15:22 -------- d-----w- c:\program files\Logitech Gaming Software
2013-03-28 15:03 . 2013-03-28 15:03 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2013-03-28 15:02 . 2013-03-28 15:02 -------- d-----w- C:\Fraps
2013-03-27 21:37 . 2013-03-27 21:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-27 21:37 . 2013-03-27 21:37 -------- d-----r- c:\program files (x86)\Skype
2013-03-27 20:58 . 2013-03-27 20:58 -------- d-----w- c:\program files\ATI
2013-03-27 20:57 . 2013-03-27 21:04 -------- d-----w- C:\AMD
2013-03-27 20:48 . 2013-03-27 20:48 -------- d-----w- c:\program files\Atiman Technologies
2013-03-27 20:47 . 2013-03-27 20:48 -------- d-----w- c:\windows\Atiman Technologies
2013-03-27 20:47 . 2013-03-27 20:47 -------- d-----w- c:\program files (x86)\Atiman Technologies
2013-03-27 20:40 . 2013-03-27 20:40 -------- d-----w- c:\windows\system32\Macromed
2013-03-27 19:13 . 2013-03-27 19:13 -------- d-----w- c:\program files (x86)\GPU-Z
2013-03-26 20:50 . 2013-03-27 22:06 -------- d-----w- c:\program files (x86)\Unigine
2013-03-26 20:35 . 2013-03-26 20:35 -------- d-----w- c:\program files (x86)\Phyxion.net
2013-03-26 20:21 . 2013-03-26 20:21 -------- d-----w- c:\program files\Speccy
2013-03-25 19:08 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-03-24 23:51 . 2013-03-24 23:51 -------- d-----w- c:\program files (x86)\Origin Games

Hittade Nod32 något vid genomsökningen av datorn?

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.
Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).
Kopiera alla raderna i rutan:
:OTL
[2013-03-29 10:50:48 | 000,000,490 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013-03-29 10:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
:Files
ipconfig /flushdns /c
:Commands
[CREATERESTOREPOINT]
[REBOOT]
Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.
Tryck på Run Fix.
Om du blir tillfrågad om att starta om datorn så gör det.
Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.

Tillägg:
I den här tråden verkar något ha hänt i samband med installationen av Battlelog-tillägg: http://www.sweclockers.com/forum/133...min-i-windows/
Du har ju också installerat det. Var det då din dator blev infekterad?
CeciliaB är inte uppkopplad
2013-04-01, 15:43   #17

puttepysen

Medlem

Registrerad: nov 2011

Citat:
Ursprungligen inskrivet av CeciliaB Visa inlägg
Förlåt

När blev datorn infekterad?
Du kan jämföra med de datum som CombFix listar för nya program:
2013-03-29 10:58 . 2013-03-29 11:02 -------- d-----w- c:\program files\ESET
2013-03-28 15:22 . 2013-03-28 15:22 -------- d-----w- c:\program files\Logitech Gaming Software
2013-03-28 15:03 . 2013-03-28 15:03 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2013-03-28 15:02 . 2013-03-28 15:02 -------- d-----w- C:\Fraps
2013-03-27 21:37 . 2013-03-27 21:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-27 21:37 . 2013-03-27 21:37 -------- d-----r- c:\program files (x86)\Skype
2013-03-27 20:58 . 2013-03-27 20:58 -------- d-----w- c:\program files\ATI
2013-03-27 20:57 . 2013-03-27 21:04 -------- d-----w- C:\AMD
2013-03-27 20:48 . 2013-03-27 20:48 -------- d-----w- c:\program files\Atiman Technologies
2013-03-27 20:47 . 2013-03-27 20:48 -------- d-----w- c:\windows\Atiman Technologies
2013-03-27 20:47 . 2013-03-27 20:47 -------- d-----w- c:\program files (x86)\Atiman Technologies
2013-03-27 20:40 . 2013-03-27 20:40 -------- d-----w- c:\windows\system32\Macromed
2013-03-27 19:13 . 2013-03-27 19:13 -------- d-----w- c:\program files (x86)\GPU-Z
2013-03-26 20:50 . 2013-03-27 22:06 -------- d-----w- c:\program files (x86)\Unigine
2013-03-26 20:35 . 2013-03-26 20:35 -------- d-----w- c:\program files (x86)\Phyxion.net
2013-03-26 20:21 . 2013-03-26 20:21 -------- d-----w- c:\program files\Speccy
2013-03-25 19:08 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-03-24 23:51 . 2013-03-24 23:51 -------- d-----w- c:\program files (x86)\Origin Games

Hittade Nod32 något vid genomsökningen av datorn?

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.
Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).
Kopiera alla raderna i rutan:
:OTL
[2013-03-29 10:50:48 | 000,000,490 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013-03-29 10:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
:Files
ipconfig /flushdns /c
:Commands
[CREATERESTOREPOINT]
[REBOOT]
Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.
Tryck på Run Fix.
Om du blir tillfrågad om att starta om datorn så gör det.
Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.

Tillägg:
I den här tråden verkar något ha hänt i samband med installationen av Battlelog-tillägg: http://www.sweclockers.com/forum/133...min-i-windows/
Du har ju också installerat det. Var det då din dator blev infekterad?
Skulle säga att det var i början utav windows 7 installation, det är en windows 7 installation jag alltid använt så det är inget nytt. Därefter så strulade jag med massa drivrutiner till grafikkorten, då hade jag nog ännu inget anti virus program, men hade dock bara laddat ned drivrutiner från AMD's egna hemsida osv.

När jag googlar på oxpsconverter.exe så ser det ut att vara ett virus, nu vet jag inte om dem är sammankopplade och eller om datan redan tagit bort det. men tänkte gå in på "http://www.removeonline.com/oxpsconverter-exe" för att ladda ned och ta bort det isåfall om det nu inte skulle vara borttaget, men NOD32 nekade att jag skulle gå in på den sidan, så jag låter det vara, tills du kanske kan försäkra mig om att sidan är säker...

NOD32 hittade inget märkvärdigt, tror den kunde ha hittat 1, men det är ganska vanligt för djupa sökningar? hur som helst så är ju problemet kvarstående.

Jag vet inte men jag tror inte det är battlelog uppdatering som är boven i dramat, dock så är det ju sant att det är en av de saker jag ladda ned när windows var ny installerat, för att komma igång med battlefield 3 nedladdning på origin osv.

Otl Log:

Spoiler:
Error: Unable to interpret <
> in the current context!
========== OTL ==========
C:\Windows\Tasks\SpeedyPC Registration3.job moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully.
C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully.
C:\Program Files\Enigma Software Group folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
IP-konfiguration f”r Windows
DNS-matcharens cacheminne har rensats.
C:\Users\Pata\Desktop\cmd.bat deleted successfully.
C:\Users\Pata\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret <
> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 04012013_153517


Om du vill så kan vi köra teamviewer?
puttepysen är inte uppkopplad
2013-04-01, 18:19   #18

CeciliaB

Medlem

CeciliaBs avatar

Plats: Stockholm

Registrerad: nov 2011

removeonline är inte en pålitligt sida se https://www.mywot.com/en/scorecard/r..._content=popup
Oxpsconverter.exe är normalt en Windows-file, se http://support.microsoft.com/kb/2732059
Men visst kan du ladda upp din fil på https://www.virustotal.com om du vill vara säker.

1. Ta bort den AdwCleaner du har utifall att den senaste versionen har förbättrats.
Spara AdwCleaner av Xplode på Skrivbordet: http://general-changelog-team.fr/fr/...e/2-adwcleaner

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Search-knappen.
Vänta tills sökningen är klar.

Klicka på Delete-knappen.
Tryck på OK.

Datorn kommer att startas om.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[S1].txt

2. Gå igenom alla inställningar i Internet Explorer med hjälp av denna guide och ändra där något olämpligt/konstigt dyker upp:
http://translate.googleusercontent.c...Dz1z1u8W7Br16w

3. Motsvarande för Firefox: http://translate.googleusercontent.c...b0YJPRzNWmBzKA

4. Och för Chrome: http://translate.googleusercontent.c...IHkO-gFqU9aqcg

5. Högerklicka på alla genvägar du har till de olika webbläsarna, på skrivbordet, i aktivitetsfältet och i start-menyn och välj Egenskaper. Kolla på fliken Genväg om det står något olämpligt/konstigt efter själva webbläsarfilen i rutan "Mål". Ta bort i så fall.

Säg till om det är något som är obegripligt på de översatta sidorna.

Starta slutligen om datorn.

Hur fungerar det nu?

Uppdatering 29 juni
Numera verkar AdwCleaner ha uppdaterats så att den rensar bättre i webbläsarna och själv går igenom alla genvägar så att endast punkt 1 behöver göras.

Senast redigerad av CeciliaB 2013-06-29 klockan 03:08.
CeciliaB är inte uppkopplad
2013-04-01, 19:12   #19

puttepysen

Medlem

Registrerad: nov 2011

Citat:
Ursprungligen inskrivet av CeciliaB Visa inlägg
removeonline är inte en pålitligt sida se https://www.mywot.com/en/scorecard/r..._content=popup
Oxpsconverter.exe är normalt en Windows-file, se http://support.microsoft.com/kb/2732059
Men visst kan du ladda upp din fil på https://www.virustotal.com om du vill vara säker.

1. Ta bort den AdwCleaner du har utifall att den senaste versionen har förbättrats.
Spara AdwCleaner av Xplode på Skrivbordet: http://general-changelog-team.fr/fr/...e/2-adwcleaner

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Search-knappen.
Vänta tills sökningen är klar.

Klicka på Delete-knappen.
Tryck på OK.

Datorn kommer att startas om.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[S1].txt

2. Gå igenom alla inställningar i Internet Explorer med hjälp av denna guide och ändra där något olämpligt/konstigt dyker upp:
http://translate.googleusercontent.c...Dz1z1u8W7Br16w

3. Motsvarande för Firefox: http://translate.googleusercontent.c...b0YJPRzNWmBzKA

4. Och för Chrome: http://translate.googleusercontent.c...IHkO-gFqU9aqcg

5. Högerklicka på alla genvägar du har till de olika webbläsarna, på skrivbordet, i aktivitetsfältet och i start-menyn och välj Egenskaper. Kolla på fliken Genväg om det står något olämpligt/konstigt efter själva webbläsarfilen i rutan "Mål". Ta bort i så fall.

Säg till om det är något som är obegripligt på de översatta sidorna.

Starta slutligen om datorn.

Hur fungerar det nu?
Citat:
Ursprungligen inskrivet av CeciliaB Visa inlägg
removeonline är inte en pålitligt sida se https://www.mywot.com/en/scorecard/r..._content=popup
Oxpsconverter.exe är normalt en Windows-file, se http://support.microsoft.com/kb/2732059
Men visst kan du ladda upp din fil på https://www.virustotal.com om du vill vara säker.

1. Ta bort den AdwCleaner du har utifall att den senaste versionen har förbättrats.
Spara AdwCleaner av Xplode på Skrivbordet: http://general-changelog-team.fr/fr/...e/2-adwcleaner

Stäng alla program, inklusive webbläsare.
Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Search-knappen.
Vänta tills sökningen är klar.

Klicka på Delete-knappen.
Tryck på OK.

Datorn kommer att startas om.
En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.
Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[S1].txt

2. Gå igenom alla inställningar i Internet Explorer med hjälp av denna guide och ändra där något olämpligt/konstigt dyker upp:
http://translate.googleusercontent.c...Dz1z1u8W7Br16w

3. Motsvarande för Firefox: http://translate.googleusercontent.c...b0YJPRzNWmBzKA

4. Och för Chrome: http://translate.googleusercontent.c...IHkO-gFqU9aqcg

5. Högerklicka på alla genvägar du har till de olika webbläsarna, på skrivbordet, i aktivitetsfältet och i start-menyn och välj Egenskaper. Kolla på fliken Genväg om det står något olämpligt/konstigt efter själva webbläsarfilen i rutan "Mål". Ta bort i så fall.

Säg till om det är något som är obegripligt på de översatta sidorna.

Starta slutligen om datorn.

Hur fungerar det nu?
AdwCleaner
Spoiler:
# AdwCleaner v2.115 - Logfile created 04/01/2013 at 18:57:10
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Pata - PATADATA
# Boot Mode : Normal
# Running from : C:\Users\Pata\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Pata\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [972 octets] - [01/04/2013 18:55:41]
AdwCleaner[R2].txt - [1031 octets] - [01/04/2013 18:56:20]
AdwCleaner[R3].txt - [1092 octets] - [01/04/2013 18:57:01]
AdwCleaner[S1].txt - [1370 octets] - [29/03/2013 11:59:03]
AdwCleaner[S2].txt - [844 octets] - [29/03/2013 12:00:59]
AdwCleaner[S3].txt - [1028 octets] - [01/04/2013 18:57:10]

########## EOF - C:\AdwCleaner[S3].txt - [1088 octets] ##########


Egenskaper på Google Chrome, du hade rätt ""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=KINGSTONXSV300S37A120G_50026B732C0111CB&ts=1364330141"

Som jag sagt innan, somliga har haft problem med att dem får upp en massa reklam och så vidare, jag har då visserligen inte märkt någonting, och förmodligen lyckats rensa det ganska bra innan jag kom hit ändå, då jag tog bort i "regedit".
Jag startade chrome och fick nu upp "aftonbladet.se" som startsida.

Jag återkommer med en EDIT när jag startat om datan, men tänk att man letar runt i datan men missar att det kan lura in sig just där.

Edit: Nu är den där startsidan äntligen borta, tack för din tid, det är tur att du har detta som en liten hobby, annars hade säkert vem som helst tröttnat på att försöka hjälpa mig. Många tack!
puttepysen är inte uppkopplad
2013-04-01, 20:46   #20

patient54

Medlem

Registrerad: apr 2013

bort med qvo6


Citat:
Ursprungligen inskrivet av Hypn0tiC Visa inlägg
Tja, drog hem något program idag som tydligen la in något skit på datorn som gör alla startsidor (vad jag än ändrar) till Qvo6.com.. Scanern hittar ingenting och det är lagom drygt och O-legit att ha det så..

Tacksam för snabb hjälp!
Nu vet jag inte om den får bort viruset helt, men jag har lyckats få bort denna plåga som vägrar försvinna som startsida på alla webläsare...
gör så här.....

högerklicka på ex...Explorer ....gå in egenskaper.....välj genväg och på MÅL ...ska du radera bort all text som kommer efter accent tecknet


"C:\Program Files\Internet Explorer\iexplore.exe" xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx sedan verkställ
patient54 är inte uppkopplad
2013-04-01, 20:57   #21

CeciliaB

Medlem

CeciliaBs avatar

Plats: Stockholm

Registrerad: nov 2011

Vad härligt!
Det var bara trevligt att kunna hjälpa till

Dags för avinstallationer.
Nu återstår bara en sista städomgång:

1. Tryck Windows-tangenten + R
Kopiera och klistra in denna rad:
ComboFix /Uninstall

Observera att det är ett mellanrum före /
Klicka på OK.

2. Starta OTL.
Tryck på knappen CleanUp! och DDS m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.

3. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.
http://mnin.blogspot.com/2009/02/why...ggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/
Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.
CeciliaB är inte uppkopplad
2013-04-02, 10:59   #22

Dretnisse

Medlem

Plats: Hammarö

Registrerad: nov 2003

Har följt denna tråd några dagar nu och måste härmed tacka för hjälpen att få bort detta skit.
Dretnisse är inte uppkopplad
2013-04-02, 13:30   #23

CeciliaB

Medlem

CeciliaBs avatar

Plats: Stockholm

Registrerad: nov 2011

Kul att det har hjälpt en till
CeciliaB är inte uppkopplad
2013-04-02, 16:35   #24

Fabe

Medlem

Registrerad: apr 2013

Har samma problem med qvo6.com...


Hej CeciliaB,

Kan jag be om att få lite hjälp....snälla!

Här kommer filen från Rougekiller

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Ludwig [Admin rights]
Mode : Scan -- Date : 04/02/2013 15:56:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] eGdpSvc.exe -- C:\ProgramData\eSafe\eGdpSvc.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9750423AS +++++
--- User ---
[MBR] dd6ce994ff65397abb85863a16def3d3
[BSP] 76dc91ed2e1903170af3917402d654e6 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 309172 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 685615104 | Size: 380631 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04022013_02d1556.txt >>
RKreport[1]_S_04022013_02d1556.txt
Fabe är inte uppkopplad
2013-04-02, 17:15   #25

CeciliaB

Medlem

CeciliaBs avatar

Plats: Stockholm

Registrerad: nov 2011

Hej Fabe!

RougeKiller är inte till någon hjälp när det gäller Qvo6.com utan följ inlägg 18.
CeciliaB är inte uppkopplad
2013-04-02, 18:57   #26

Fabe

Medlem

Registrerad: apr 2013

Änltigen borta


Hej jag fick bort det tack för all hjälp
Fabe är inte uppkopplad
2013-04-02, 19:14   #27

CeciliaB

Medlem

CeciliaBs avatar

Plats: Stockholm

Registrerad: nov 2011

Hej!
Bara trevligt att kunna hjälpa till
CeciliaB är inte uppkopplad
2013-04-25, 12:05   #28

nsky|sct

Medlem

nsky|scts avatar

Plats: Tellus

Registrerad: apr 2004

Blev själv också drabbad av detta skit efter jag la in wintoflash. Verkar vara borta efter jag körde AdwCleaner som nämns här i tråden, men undrar om den skickar alla ens lösenord och data till deras servrar?
__________________
Define Mini .:|:. OCZ 600W .:|:. Asus P8P67-M PRO .:|:. Intel® Core i5 2500K
Corsair 8GB VENGEANCE LP .:|:. Asus GTX570 .:|:. Corsair 120GB Force GT .:|:. Cooler Master 212+
nsky|sct är inte uppkopplad
2013-04-25, 13:28   #29

CeciliaB

Medlem

CeciliaBs avatar

Plats: Stockholm

Registrerad: nov 2011

Det är en god vana att alltid byta lösenord efter att man fått in skadlig filer eftersom man aldrig kan vara helt säker på vad som har hänt.
CeciliaB är inte uppkopplad
2013-04-25, 13:42   #30

Willekillen

Medlem

Willekillens avatar

Plats: Sthlm

Registrerad: nov 2008

CeciliaB är riktigt bror som hjälper till, tack!
__________________
Mainrigg: Core i7 3.2Ghz - Asus GTX 680 DCII 2GB OC - Corsair Vengeance 1600MHz 12GB - Asus P6T SE - Asus Xonar Phoebus - OCZ Agility 4 120GB - WD Caviar Black 640GB - Corsair Obsidian 800D
Macbook Air: Core i5 2.8Ghz - Hynix 1600MHz 8GB
Ljud: Schiit Modi & Magni - Beyerdynamic Pro DT990 250ohm - ATH-ANC7b
Willekillen är inte uppkopplad
Senaste nyheterna

Redaktionens senaste nyhetsrubriker

Sök jobb