Politivirus - Farbar log
Hej Experten.dkJeg har en laptop der har fået politivirussen. Jeg har forsøgt div. ting de sidste par dage, men jeg kan ikke tilgå nogen af de forskellige fejlsikrede tilstande. Den eneste computer jeg har ved mig er med MacOS X, og jeg har ikke haft held med at få lavet en fungerende live-usb med kaspersky eller dr. web.
Jeg fik HitmanPro.Kickstart til at fungere, men den fandt intet :(
Det eneste som der virker er Farbar Recovery Scan Tool, som jeg fik kørt på PC'en via recovery mode.
Er der nogen som kan hjælpe mig med en fixlist, således jeg kan få den start op igen. På forhånd mange mange tak!
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 27 days old and could be outdated)
Ran by SYSTEM on MININT-50QEU3G on 09-04-2014 18:47:08
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11369576 2010-08-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2586504 2010-08-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AllShare Play] - C:\Program Files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe [399264 2012-08-29] (Samsung Electronics)
HKLM-x32\...\Run: [F-Secure Manager] - C:\Program Files (x86)\Fullrate\Common\FSM32.EXE [199264 2009-08-05] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure TNB] - C:\Program Files (x86)\Fullrate\FSGUI\TNBUtil.exe [2349664 2009-08-05] (F-Secure Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Corfitz\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Corfitz\...\Run: [WebCake Desktop] - C:\Users\Corfitz\AppData\Roaming\Betcat\WebCakeDesktop.exe
Startup: C:\Users\Corfitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Corfitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j6eeezjlc.lnk
ShortcutTarget: j6eeezjlc.lnk -> C:\ProgramData\cljzeee6j.cpp (Microsoft Corporation)
Startup: C:\Users\Corfitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Corfitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Screen Clipper and Launcher til OneNote 2007.lnk
ShortcutTarget: Screen Clipper and Launcher til OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Corfitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
ShortcutTarget: tcbhn.lnk -> (No File)
==================== Services (Whitelisted) =================
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-01-27] (Just Develop It)
S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [574464 2013-12-19] ()
S2 DefaultTabUpdate; C:\Users\Corfitz\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2012-10-05] ()
S2 F-Secure Gatekeeper Handler Starter; C:\Program Files (x86)\Fullrate\Anti-Virus\fsgk32st.exe [215648 2009-08-05] (F-Secure Corporation)
S3 FSDFWD; C:\Program Files (x86)\Fullrate\FWES\Program\fsdfwd.exe [844384 2011-03-24] (F-Secure Corporation)
S2 FSMA; C:\Program Files (x86)\Fullrate\Common\FSMA32.EXE [186976 2009-08-05] (F-Secure Corporation)
S3 FSORSPClient; C:\Program Files (x86)\Fullrate\ORSP Client\fsorsp.exe [60352 2013-06-06] (F-Secure Corporation)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-04-09] (SurfRight B.V.)
S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
S3 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-06-14] (Wajam)
S2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [425104 2014-02-26] (Taiwan Shui Mu Chih Ching Technology Limited.)
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-02-26] (Cherished Technololgy LIMITED)
S2 WebCake Desktop Updater; C:\Program Files (x86)\WADesktop.Updater.exe [X]
S2 Winmgmt; C:\PROGRA~3\j6eeezjlc.zvv [X]
==================== Drivers (Whitelisted) ====================
S3 F-Secure Gatekeeper; C:\Program Files (x86)\Fullrate\Anti-Virus\minifilter\fsgk.sys [202176 2013-07-10] (F-Secure Corporation)
S1 F-Secure HIPS; C:\Program Files (x86)\Fullrate\HIPS\drivers\fshs.sys [57920 2009-08-05] (F-Secure Corporation)
S0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2012-08-15] ()
S0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42672 2011-08-17] ()
S1 FSES; C:\Windows\System32\drivers\fses.sys [45624 2011-03-24] (F-Secure Corporation)
S1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [94312 2013-05-02] (F-Secure Corporation)
S1 fsvista; C:\Program Files (x86)\Fullrate\Anti-Virus\minifilter\fsvista.sys [14904 2009-08-05] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-04-09] ()
S3 rtport; C:\Windows\SysWOW64\drivers\rtport.sys [15144 2010-12-23] (Windows (R) 2003 DDK 3790 provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-09 07:48 - 2014-04-09 18:47 - 00000000 ____D () C:\FRST
2014-04-09 00:53 - 2014-04-09 00:53 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-08 23:23 - 2014-04-09 00:53 - 00032512 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys
2014-04-08 23:11 - 2014-04-08 23:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-07 23:34 - 2014-04-07 23:34 - 00000000 __SHD () C:\found.001
2014-04-07 05:01 - 2014-04-07 05:07 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-07 04:56 - 2014-04-07 04:56 - 00003298 _____ () C:\Windows\System32\Tasks\{F6B84BB2-13D8-4460-8132-7B918BDA1734}
2014-04-07 04:15 - 2014-04-07 04:15 - 00009800 ____N () C:\bootsqm.dat
2014-04-07 00:58 - 2014-04-07 00:58 - 00000000 ____D () C:\Windows\System32\SPReview
2014-03-14 04:18 - 2014-03-14 04:18 - 00000169 _____ () C:\Users\Corfitz\Desktop\Google.url
2014-03-10 00:20 - 2014-04-09 01:08 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
==================== One Month Modified Files and Folders =======
2014-04-09 18:47 - 2014-04-09 07:48 - 00000000 ____D () C:\FRST
2014-04-09 05:18 - 2013-12-27 12:01 - 03958505 _____ () C:\action.log
2014-04-09 05:17 - 2014-02-26 22:02 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2014-04-09 05:17 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-09 05:17 - 2009-07-13 20:51 - 00076909 _____ () C:\Windows\setupact.log
2014-04-09 05:08 - 2014-02-05 19:54 - 00000388 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-04-09 05:07 - 2012-08-10 13:08 - 00000000 ____D () C:\Users\Corfitz\AppData\Roaming\Dropbox
2014-04-09 05:07 - 2012-08-03 05:40 - 00000000 ____D () C:\Users\Corfitz\AppData\Roaming\BrowserCompanion
2014-04-09 05:07 - 2012-02-16 09:59 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-09 05:06 - 2014-02-12 13:23 - 00001368 _____ () C:\Users\Corfitz\Desktop\Gratis! Rens din Registry.lnk
2014-04-09 05:06 - 2012-04-03 22:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-09 05:06 - 2012-01-24 02:10 - 00000414 _____ () C:\Windows\Tasks\Final Media Player Update Checker.job
2014-04-09 05:05 - 2013-02-03 02:08 - 00000288 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-04-09 01:19 - 2010-08-28 13:51 - 01868511 _____ () C:\Windows\WindowsUpdate.log
2014-04-09 01:08 - 2014-03-10 00:20 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-04-09 00:58 - 2009-07-13 20:45 - 00014144 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-09 00:58 - 2009-07-13 20:45 - 00014144 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-09 00:53 - 2014-04-09 00:53 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-09 00:53 - 2014-04-08 23:23 - 00032512 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys
2014-04-09 00:42 - 2012-08-31 02:17 - 00000000 ___RD () C:\Users\Corfitz\Dropbox
2014-04-09 00:42 - 2012-02-16 09:59 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 23:23 - 2014-04-08 23:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-08 23:23 - 2012-10-05 13:18 - 00000000 ____D () C:\Program Files (x86)\DefaultTab
2014-04-07 23:34 - 2014-04-07 23:34 - 00000000 __SHD () C:\found.001
2014-04-07 05:13 - 2012-09-19 23:00 - 00000000 ____D () C:\Users\Corfitz\AppData\Roaming\Skype
2014-04-07 05:07 - 2014-04-07 05:01 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-07 05:01 - 2013-02-03 02:08 - 00000280 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-04-07 04:56 - 2014-04-07 04:56 - 00003298 _____ () C:\Windows\System32\Tasks\{F6B84BB2-13D8-4460-8132-7B918BDA1734}
2014-04-07 04:45 - 2013-07-25 23:03 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-07 04:45 - 2012-09-05 10:23 - 00000000 ____D () C:\AllShare Play
2014-04-07 04:44 - 2013-03-17 11:09 - 00003120 _____ () C:\Windows\System32\Tasks\Advanced System Protector_startup
2014-04-07 04:15 - 2014-04-07 04:15 - 00009800 ____N () C:\bootsqm.dat
2014-04-07 03:21 - 2011-03-22 11:57 - 00229532 _____ () C:\Windows\PFRO.log
2014-04-07 03:08 - 2013-07-02 02:58 - 00000000 ____D () C:\Program Files (x86)\WebCake
2014-04-07 01:33 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-04-07 00:58 - 2014-04-07 00:58 - 00000000 ____D () C:\Windows\System32\SPReview
2014-04-01 12:37 - 2012-02-16 09:59 - 00003930 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-01 12:37 - 2012-02-16 09:59 - 00003678 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 23:07 - 2011-03-24 02:26 - 00170255 _____ () C:\Users\Corfitz\danid.log
2014-03-31 23:06 - 2010-08-28 14:24 - 00478138 _____ () C:\Windows\System32\perfh006.dat
2014-03-31 23:06 - 2010-08-28 14:24 - 00083598 _____ () C:\Windows\System32\perfc006.dat
2014-03-31 23:06 - 2009-07-13 21:13 - 01288574 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-30 23:14 - 2011-03-21 11:02 - 00000000 ____D () C:\users\Corfitz
2014-03-30 23:13 - 2011-03-24 02:26 - 01068895 _____ () C:\Users\Corfitz\danid.log.1
2014-03-29 11:28 - 2011-03-22 12:04 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-03-28 00:01 - 2011-07-02 13:35 - 00000000 ____D () C:\Users\Corfitz\Documents\Youcam
2014-03-18 23:20 - 2011-03-30 08:14 - 90015360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-03-17 01:12 - 2012-02-16 10:00 - 00002341 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 04:44 - 2014-02-05 22:26 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-03-14 04:41 - 2012-05-13 22:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 04:41 - 2012-05-13 22:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 04:18 - 2014-03-14 04:18 - 00000169 _____ () C:\Users\Corfitz\Desktop\Google.url
2014-03-14 04:17 - 2012-01-26 08:04 - 00000000 ____D () C:\Users\Corfitz\Desktop\Mapper
2014-03-14 02:47 - 2011-08-10 10:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 00:44 - 2012-04-03 22:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 00:44 - 2012-04-03 22:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 00:44 - 2011-06-08 08:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Corfitz\AppData\Local\Temp\00FF7270.dll
C:\Users\Corfitz\AppData\Local\Temp\028113BA.dll
C:\Users\Corfitz\AppData\Local\Temp\02F30568.dll
C:\Users\Corfitz\AppData\Local\Temp\03AC9AC1.dll
C:\Users\Corfitz\AppData\Local\Temp\03AEAA7F.dll
C:\Users\Corfitz\AppData\Local\Temp\0B034A45.dll
C:\Users\Corfitz\AppData\Local\Temp\0B227571.dll
C:\Users\Corfitz\AppData\Local\Temp\0B23B9EB.dll
C:\Users\Corfitz\AppData\Local\Temp\0C421DEC.dll
C:\Users\Corfitz\AppData\Local\Temp\0C57C170.dll
C:\Users\Corfitz\AppData\Local\Temp\0C89D710.dll
C:\Users\Corfitz\AppData\Local\Temp\0F1A2C73.dll
C:\Users\Corfitz\AppData\Local\Temp\0F1BF986.dll
C:\Users\Corfitz\AppData\Local\Temp\15CFA402.dll
C:\Users\Corfitz\AppData\Local\Temp\16FA5B06.dll
C:\Users\Corfitz\AppData\Local\Temp\16FD5F4E.dll
C:\Users\Corfitz\AppData\Local\Temp\1739FDAD.dll
C:\Users\Corfitz\AppData\Local\Temp\176D2266.dll
C:\Users\Corfitz\AppData\Local\Temp\17705C56.dll
C:\Users\Corfitz\AppData\Local\Temp\17716E70.dll
C:\Users\Corfitz\AppData\Local\Temp\1AE932AB.dll
C:\Users\Corfitz\AppData\Local\Temp\1C1BF16E.dll
C:\Users\Corfitz\AppData\Local\Temp\1DCE6CB7.dll
C:\Users\Corfitz\AppData\Local\Temp\1F860FDA.dll
C:\Users\Corfitz\AppData\Local\Temp\231E0B98.dll
C:\Users\Corfitz\AppData\Local\Temp\248A1A2F.dll
C:\Users\Corfitz\AppData\Local\Temp\248B2F06.dll
C:\Users\Corfitz\AppData\Local\Temp\24C80C29.dll
C:\Users\Corfitz\AppData\Local\Temp\24E43DDB.dll
C:\Users\Corfitz\AppData\Local\Temp\24ED1B65.dll
C:\Users\Corfitz\AppData\Local\Temp\24F0BA12.dll
C:\Users\Corfitz\AppData\Local\Temp\24F8B3D8.dll
C:\Users\Corfitz\AppData\Local\Temp\261BE538.dll
C:\Users\Corfitz\AppData\Local\Temp\28F450BA.dll
C:\Users\Corfitz\AppData\Local\Temp\29060CE7.dll
C:\Users\Corfitz\AppData\Local\Temp\2B5D419A.dll
C:\Users\Corfitz\AppData\Local\Temp\2DB7A620.dll
C:\Users\Corfitz\AppData\Local\Temp\2DBBAA14.dll
C:\Users\Corfitz\AppData\Local\Temp\2DBFF8B7.dll
C:\Users\Corfitz\AppData\Local\Temp\2DC28E45.dll
C:\Users\Corfitz\AppData\Local\Temp\2DCF8F7E.dll
C:\Users\Corfitz\AppData\Local\Temp\2DE8DE86.dll
C:\Users\Corfitz\AppData\Local\Temp\2DED444C.dll
C:\Users\Corfitz\AppData\Local\Temp\2F0C4A67.dll
C:\Users\Corfitz\AppData\Local\Temp\2F0C9AAC.dll
C:\Users\Corfitz\AppData\Local\Temp\2F0EF6C1.dll
C:\Users\Corfitz\AppData\Local\Temp\2F107BC7.dll
C:\Users\Corfitz\AppData\Local\Temp\3070C939.dll
C:\Users\Corfitz\AppData\Local\Temp\30720ABB.dll
C:\Users\Corfitz\AppData\Local\Temp\3076033F.dll
C:\Users\Corfitz\AppData\Local\Temp\307F62C9.dll
C:\Users\Corfitz\AppData\Local\Temp\311DA8D6.dll
C:\Users\Corfitz\AppData\Local\Temp\33B9E4A2.dll
C:\Users\Corfitz\AppData\Local\Temp\33C07155.dll
C:\Users\Corfitz\AppData\Local\Temp\3541C518.dll
C:\Users\Corfitz\AppData\Local\Temp\35985919.dll
C:\Users\Corfitz\AppData\Local\Temp\363C3FDE.dll
C:\Users\Corfitz\AppData\Local\Temp\363FE05C.dll
C:\Users\Corfitz\AppData\Local\Temp\36428661.dll
C:\Users\Corfitz\AppData\Local\Temp\36F6B510.dll
C:\Users\Corfitz\AppData\Local\Temp\39F173FB.dll
C:\Users\Corfitz\AppData\Local\Temp\39F642EE.dll
C:\Users\Corfitz\AppData\Local\Temp\3A7AB0B1.dll
C:\Users\Corfitz\AppData\Local\Temp\412A4B7B.dll
C:\Users\Corfitz\AppData\Local\Temp\412E37F4.dll
C:\Users\Corfitz\AppData\Local\Temp\41347EEA.dll
C:\Users\Corfitz\AppData\Local\Temp\41C8D124.dll
C:\Users\Corfitz\AppData\Local\Temp\427ECEF8.dll
C:\Users\Corfitz\AppData\Local\Temp\42A3270E.dll
C:\Users\Corfitz\AppData\Local\Temp\44D1E33E.dll
C:\Users\Corfitz\AppData\Local\Temp\44D998F5.dll
C:\Users\Corfitz\AppData\Local\Temp\465A729C.dll
C:\Users\Corfitz\AppData\Local\Temp\4724BE9B.dll
C:\Users\Corfitz\AppData\Local\Temp\47AEA635.dll
C:\Users\Corfitz\AppData\Local\Temp\47B49DF9.dll
C:\Users\Corfitz\AppData\Local\Temp\47B635F3.dll
C:\Users\Corfitz\AppData\Local\Temp\47B70DE9.dll
C:\Users\Corfitz\AppData\Local\Temp\48B87E56.dll
C:\Users\Corfitz\AppData\Local\Temp\4A14BC32.dll
C:\Users\Corfitz\AppData\Local\Temp\4A191A3F.dll
C:\Users\Corfitz\AppData\Local\Temp\4A1A9DAB.dll
C:\Users\Corfitz\AppData\Local\Temp\4B7D60EB.dll
C:\Users\Corfitz\AppData\Local\Temp\4B8206D3.dll
C:\Users\Corfitz\AppData\Local\Temp\4C4C7F88.dll
C:\Users\Corfitz\AppData\Local\Temp\4C5863BD.dll
C:\Users\Corfitz\AppData\Local\Temp\4DE9EB31.dll
C:\Users\Corfitz\AppData\Local\Temp\4E36F28F.dll
C:\Users\Corfitz\AppData\Local\Temp\56725F84.dll
C:\Users\Corfitz\AppData\Local\Temp\56832536.dll
C:\Users\Corfitz\AppData\Local\Temp\5684DC9C.dll
C:\Users\Corfitz\AppData\Local\Temp\56853836.dll
C:\Users\Corfitz\AppData\Local\Temp\56F0BE28.dll
C:\Users\Corfitz\AppData\Local\Temp\5705B55D.dll
C:\Users\Corfitz\AppData\Local\Temp\570FD34F.dll
C:\Users\Corfitz\AppData\Local\Temp\58435FF8.dll
C:\Users\Corfitz\AppData\Local\Temp\591141CD.dll
C:\Users\Corfitz\AppData\Local\Temp\5C862ADA.dll
C:\Users\Corfitz\AppData\Local\Temp\5CB19384.dll
C:\Users\Corfitz\AppData\Local\Temp\5EF6909A.dll
C:\Users\Corfitz\AppData\Local\Temp\5EF947B2.dll
C:\Users\Corfitz\AppData\Local\Temp\5EFA0F55.dll
C:\Users\Corfitz\AppData\Local\Temp\5EFF61B3.dll
C:\Users\Corfitz\AppData\Local\Temp\5F02AE6B.dll
C:\Users\Corfitz\AppData\Local\Temp\60BC0C8A.dll
C:\Users\Corfitz\AppData\Local\Temp\611F9271.dll
C:\Users\Corfitz\AppData\Local\Temp\62FD1DD1.dll
C:\Users\Corfitz\AppData\Local\Temp\630A341B.dll
C:\Users\Corfitz\AppData\Local\Temp\6313D8E4.dll
C:\Users\Corfitz\AppData\Local\Temp\63AE41CD.dll
C:\Users\Corfitz\AppData\Local\Temp\63B69F7D.dll
C:\Users\Corfitz\AppData\Local\Temp\641B7C6B.dll
C:\Users\Corfitz\AppData\Local\Temp\6663B045.dll
C:\Users\Corfitz\AppData\Local\Temp\66C84D2A.dll
C:\Users\Corfitz\AppData\Local\Temp\66CD076A.dll
C:\Users\Corfitz\AppData\Local\Temp\66CE7F47.dll
C:\Users\Corfitz\AppData\Local\Temp\678FC81F.dll
C:\Users\Corfitz\AppData\Local\Temp\679348B7.dll
C:\Users\Corfitz\AppData\Local\Temp\683CCB5C.dll
C:\Users\Corfitz\AppData\Local\Temp\690CB529.dll
C:\Users\Corfitz\AppData\Local\Temp\6A5E213F.dll
C:\Users\Corfitz\AppData\Local\Temp\6B3493D7.dll
C:\Users\Corfitz\AppData\Local\Temp\6B36E6C8.dll
C:\Users\Corfitz\AppData\Local\Temp\6B37EEDD.dll
C:\Users\Corfitz\AppData\Local\Temp\6B37FC52.dll
C:\Users\Corfitz\AppData\Local\Temp\6B39727C.dll
C:\Users\Corfitz\AppData\Local\Temp\6E5EC1B0.dll
C:\Users\Corfitz\AppData\Local\Temp\6E62D738.dll
C:\Users\Corfitz\AppData\Local\Temp\6E65E69B.dll
C:\Users\Corfitz\AppData\Local\Temp\6F26E0D6.dll
C:\Users\Corfitz\AppData\Local\Temp\71EE9063.dll
C:\Users\Corfitz\AppData\Local\Temp\724C6C58.dll
C:\Users\Corfitz\AppData\Local\Temp\7264C8C5.dll
C:\Users\Corfitz\AppData\Local\Temp\7268E18D.dll
C:\Users\Corfitz\AppData\Local\Temp\726CEF71.dll
C:\Users\Corfitz\AppData\Local\Temp\74B0F1C7.dll
C:\Users\Corfitz\AppData\Local\Temp\765436F8.dll
C:\Users\Corfitz\AppData\Local\Temp\78AC4C8C.dll
C:\Users\Corfitz\AppData\Local\Temp\78B971D7.dll
C:\Users\Corfitz\AppData\Local\Temp\79CD34FC.dll
C:\Users\Corfitz\AppData\Local\Temp\7CAEA0D2.dll
C:\Users\Corfitz\AppData\Local\Temp\7CB0B3E6.dll
C:\Users\Corfitz\AppData\Local\Temp\7CF23438.dll
C:\Users\Corfitz\AppData\Local\Temp\7CF9EC09.dll
C:\Users\Corfitz\AppData\Local\Temp\7EE46C31.dll
C:\Users\Corfitz\AppData\Local\Temp\7z.dll
C:\Users\Corfitz\AppData\Local\Temp\83D5E629.dll
C:\Users\Corfitz\AppData\Local\Temp\85153146.dll
C:\Users\Corfitz\AppData\Local\Temp\8519B0D3.dll
C:\Users\Corfitz\AppData\Local\Temp\89053C48.dll
C:\Users\Corfitz\AppData\Local\Temp\8AF6417C.dll
C:\Users\Corfitz\AppData\Local\Temp\8AFA0934.dll
C:\Users\Corfitz\AppData\Local\Temp\8AFA21AD.dll
C:\Users\Corfitz\AppData\Local\Temp\8AFA3352.dll
C:\Users\Corfitz\AppData\Local\Temp\8AFD23B4.dll
C:\Users\Corfitz\AppData\Local\Temp\8E88615E.dll
C:\Users\Corfitz\AppData\Local\Temp\8F8BB3E3.dll
C:\Users\Corfitz\AppData\Local\Temp\9127263E.dll
C:\Users\Corfitz\AppData\Local\Temp\9129A970.dll
C:\Users\Corfitz\AppData\Local\Temp\92F43EA5.dll
C:\Users\Corfitz\AppData\Local\Temp\92F5EBB4.dll
C:\Users\Corfitz\AppData\Local\Temp\93119D34.dll
C:\Users\Corfitz\AppData\Local\Temp\9411312F.dll
C:\Users\Corfitz\AppData\Local\Temp\941584A0.dll
C:\Users\Corfitz\AppData\Local\Temp\95062694.dll
C:\Users\Corfitz\AppData\Local\Temp\991472C1.dll
C:\Users\Corfitz\AppData\Local\Temp\9916D5F6.dll
C:\Users\Corfitz\AppData\Local\Temp\9F5FF83F.dll
C:\Users\Corfitz\AppData\Local\Temp\9F7D8158.dll
C:\Users\Corfitz\AppData\Local\Temp\A026F61A.dll
C:\Users\Corfitz\AppData\Local\Temp\A1AE3B9D.dll
C:\Users\Corfitz\AppData\Local\Temp\A1C4FA2E.dll
C:\Users\Corfitz\AppData\Local\Temp\A1EBDD07.dll
C:\Users\Corfitz\AppData\Local\Temp\A87D0A23.dll
C:\Users\Corfitz\AppData\Local\Temp\A886DAE0.dll
C:\Users\Corfitz\AppData\Local\Temp\A88E32A9.dll
C:\Users\Corfitz\AppData\Local\Temp\A8F706B3.dll
C:\Users\Corfitz\AppData\Local\Temp\A8FAEE1B.dll
C:\Users\Corfitz\AppData\Local\Temp\AAE753F7.dll
C:\Users\Corfitz\AppData\Local\Temp\AdbeRdr1010_da_DK.exe
C:\Users\Corfitz\AppData\Local\Temp\AEB51311.dll
C:\Users\Corfitz\AppData\Local\Temp\AEB901C9.dll
C:\Users\Corfitz\AppData\Local\Temp\AFCEF521.dll
C:\Users\Corfitz\AppData\Local\Temp\AFE14D47.dll
C:\Users\Corfitz\AppData\Local\Temp\AFE6091B.dll
C:\Users\Corfitz\AppData\Local\Temp\ApnStub.exe
C:\Users\Corfitz\AppData\Local\Temp\B041E314.dll
C:\Users\Corfitz\AppData\Local\Temp\B163AC7B.dll
C:\Users\Corfitz\AppData\Local\Temp\B2B1D1BE.dll
C:\Users\Corfitz\AppData\Local\Temp\B2B68B3A.dll
C:\Users\Corfitz\AppData\Local\Temp\B2BA397B.dll
C:\Users\Corfitz\AppData\Local\Temp\B66E0076.dll
C:\Users\Corfitz\AppData\Local\Temp\B671BE0D.dll
C:\Users\Corfitz\AppData\Local\Temp\B675B36E.dll
C:\Users\Corfitz\AppData\Local\Temp\B7CFA0F2.dll
C:\Users\Corfitz\AppData\Local\Temp\B9E6290C.dll
C:\Users\Corfitz\AppData\Local\Temp\B9FC8F01.dll
C:\Users\Corfitz\AppData\Local\Temp\BackupSetup.exe
C:\Users\Corfitz\AppData\Local\Temp\BBD87DD0.dll
C:\Users\Corfitz\AppData\Local\Temp\BE223F69.dll
C:\Users\Corfitz\AppData\Local\Temp\C418C0DF.dll
C:\Users\Corfitz\AppData\Local\Temp\C5692EAC.dll
C:\Users\Corfitz\AppData\Local\Temp\C5B5D66C.dll
C:\Users\Corfitz\AppData\Local\Temp\C5B925CB.dll
C:\Users\Corfitz\AppData\Local\Temp\CF0105CF.dll
C:\Users\Corfitz\AppData\Local\Temp\CF0954F2.dll
C:\Users\Corfitz\AppData\Local\Temp\CF88543C.dll
C:\Users\Corfitz\AppData\Local\Temp\coupish-babylon.exe
C:\Users\Corfitz\AppData\Local\Temp\D0320DB6.dll
C:\Users\Corfitz\AppData\Local\Temp\D03507A9.dll
C:\Users\Corfitz\AppData\Local\Temp\D03508D1.dll
C:\Users\Corfitz\AppData\Local\Temp\D03512A1.dll
C:\Users\Corfitz\AppData\Local\Temp\D0355CF9.dll
C:\Users\Corfitz\AppData\Local\Temp\D03587EF.dll
C:\Users\Corfitz\AppData\Local\Temp\D03A16BA.dll
C:\Users\Corfitz\AppData\Local\Temp\D3E1FDFF.dll
C:\Users\Corfitz\AppData\Local\Temp\D4443E52.dll
C:\Users\Corfitz\AppData\Local\Temp\D45056D6.dll
C:\Users\Corfitz\AppData\Local\Temp\D8597B7F.dll
C:\Users\Corfitz\AppData\Local\Temp\D8B43A16.dll
C:\Users\Corfitz\AppData\Local\Temp\D8B7ACB5.dll
C:\Users\Corfitz\AppData\Local\Temp\D93F52F6.dll
C:\Users\Corfitz\AppData\Local\Temp\DA4DBF57.dll
C:\Users\Corfitz\AppData\Local\Temp\DA4E5358.dll
C:\Users\Corfitz\AppData\Local\Temp\DDF63B85.dll
C:\Users\Corfitz\AppData\Local\Temp\DE23442D.dll
C:\Users\Corfitz\AppData\Local\Temp\DE49A423.dll
C:\Users\Corfitz\AppData\Local\Temp\DE4EC18E.dll
C:\Users\Corfitz\AppData\Local\Temp\DF3EB5C4.dll
C:\Users\Corfitz\AppData\Local\Temp\DF432A69.dll
C:\Users\Corfitz\AppData\Local\Temp\DF440372.dll
C:\Users\Corfitz\AppData\Local\Temp\DF4968E7.dll
C:\Users\Corfitz\AppData\Local\Temp\DF636B4B.dll
C:\Users\Corfitz\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Corfitz\AppData\Local\Temp\E1EEB4F5.dll
C:\Users\Corfitz\AppData\Local\Temp\E1FE3CE1.dll
C:\Users\Corfitz\AppData\Local\Temp\E2FF659A.dll
C:\Users\Corfitz\AppData\Local\Temp\E31570F1.dll
C:\Users\Corfitz\AppData\Local\Temp\E31BC125.dll
C:\Users\Corfitz\AppData\Local\Temp\E33D1FAD.dll
C:\Users\Corfitz\AppData\Local\Temp\E38425FB.dll
C:\Users\Corfitz\AppData\Local\Temp\E38A6F32.dll
C:\Users\Corfitz\AppData\Local\Temp\E3A3F665.dll
C:\Users\Corfitz\AppData\Local\Temp\E3B1BB93.dll
C:\Users\Corfitz\AppData\Local\Temp\E5E06177.dll
C:\Users\Corfitz\AppData\Local\Temp\E73C295A.dll
C:\Users\Corfitz\AppData\Local\Temp\E76F2A3A.dll
C:\Users\Corfitz\AppData\Local\Temp\E7715DC3.dll
C:\Users\Corfitz\AppData\Local\Temp\E7729788.dll
C:\Users\Corfitz\AppData\Local\Temp\E7748749.dll
C:\Users\Corfitz\AppData\Local\Temp\E77916EC.dll
C:\Users\Corfitz\AppData\Local\Temp\E781B194.dll
C:\Users\Corfitz\AppData\Local\Temp\E789DCBA.dll
C:\Users\Corfitz\AppData\Local\Temp\E78C7442.dll
C:\Users\Corfitz\AppData\Local\Temp\E78F53DA.dll
C:\Users\Corfitz\AppData\Local\Temp\E791E176.dll
C:\Users\Corfitz\AppData\Local\Temp\E79D297A.dll
C:\Users\Corfitz\AppData\Local\Temp\EB6EC456.dll
C:\Users\Corfitz\AppData\Local\Temp\ECDD18FA.dll
C:\Users\Corfitz\AppData\Local\Temp\ECE4F9D4.dll
C:\Users\Corfitz\AppData\Local\Temp\ECE5ADF6.dll
C:\Users\Corfitz\AppData\Local\Temp\ECE98CB6.dll
C:\Users\Corfitz\AppData\Local\Temp\ED281981.dll
C:\Users\Corfitz\AppData\Local\Temp\ED78F9A8.dll
C:\Users\Corfitz\AppData\Local\Temp\F0B0F09D.dll
C:\Users\Corfitz\AppData\Local\Temp\F0B3F5CD.dll
C:\Users\Corfitz\AppData\Local\Temp\F0B97589.dll
C:\Users\Corfitz\AppData\Local\Temp\F2081CE4.dll
C:\Users\Corfitz\AppData\Local\Temp\F2D0D8FD.dll
C:\Users\Corfitz\AppData\Local\Temp\F2D3AB9A.dll
C:\Users\Corfitz\AppData\Local\Temp\F3DD421F.dll
C:\Users\Corfitz\AppData\Local\Temp\F5389745.dll
C:\Users\Corfitz\AppData\Local\Temp\F540637B.dll
C:\Users\Corfitz\AppData\Local\Temp\F90DBB41.dll
C:\Users\Corfitz\AppData\Local\Temp\F90DF60D.dll
C:\Users\Corfitz\AppData\Local\Temp\FCA34B6A.dll
C:\Users\Corfitz\AppData\Local\Temp\FEEBCECD.dll
C:\Users\Corfitz\AppData\Local\Temp\FF87363F.dll
C:\Users\Corfitz\AppData\Local\Temp\fsprod.dll
C:\Users\Corfitz\AppData\Local\Temp\fssfm.dll
C:\Users\Corfitz\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Corfitz\AppData\Local\Temp\i4jdel0.exe
C:\Users\Corfitz\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Corfitz\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Corfitz\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Corfitz\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Corfitz\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Corfitz\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Corfitz\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Corfitz\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Corfitz\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Corfitz\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Corfitz\AppData\Local\Temp\Mobogenie_Setup_2.1.37_506.exe
C:\Users\Corfitz\AppData\Local\Temp\NEWA7F7.tmp.exe
C:\Users\Corfitz\AppData\Local\Temp\p596pwux.dll
C:\Users\Corfitz\AppData\Local\Temp\preconfig.exe
C:\Users\Corfitz\AppData\Local\Temp\scs.exe
C:\Users\Corfitz\AppData\Local\Temp\setup.exe
C:\Users\Corfitz\AppData\Local\Temp\SHSetup.exe
C:\Users\Corfitz\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Corfitz\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Corfitz\AppData\Local\Temp\Toolbar_Downius.exe
C:\Users\Corfitz\AppData\Local\Temp\Updater.exe
C:\Users\Corfitz\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Corfitz\AppData\Local\Temp\wajam_install.exe
C:\Users\Corfitz\AppData\Local\Temp\_ReMarkit_up.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2014-04-07 00:58:45
Restore point made on: 2014-04-07 02:05:14
Restore point made on: 2014-04-07 05:02:26
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 4028.61 MB
Available physical RAM: 3410.53 MB
Total Pagefile: 4026.76 MB
Available Pagefile: 3403.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:113 GB) (Free:51.46 GB) NTFS
Drive d: () (Fixed) (Total:166.77 GB) (Free:166.68 GB) NTFS
Drive f: (SAMSUNG_REC) (Fixed) (Total:18.22 GB) (Free:0.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (USB) (Removable) (Total:7.51 GB) (Free:7.5 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: FA62C07F)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
LastRegBack: 2014-04-07 02:35
==================== End Of Log ============================
