I don't recognise either of those urls so i guess they are atleast part of the problem.
I got a feeling that you're close to a solution! :)
Printable View
I don't recognise either of those urls so i guess they are atleast part of the problem.
I got a feeling that you're close to a solution! :)
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Firefox::
Save this as CFScript to your desktop.Code:Firefox::
FF - prefs.js: browser.search.selectedEngine - navegaki
FF - prefs.js..browser.search.defaultenginename: "navegaki"
FF - prefs.js..browser.search.selectedEngine: "navegaki"
FF - prefs.js: keyword.URL - hxxp://search.portalsepeti.com?q=
FF - prefs.js..keyword.URL: "http://search.portalsepeti.com?q="
Folder::
C:\Program Files (x86)\Troysoftware
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c3...FScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Then run DDS and post a new log please
Download DDS from one of the links below to your desktop
Link 1
Link 2
- Double click the tool to run it.
- A black Screen will open, just read the contents and do nothing.
- When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
- Copy/Paste the contents of 'DDS.txt' into your post.
- 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)
ComboFix 13-02-03.02 - Bruger 03-02-2013 18:21:45.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.4087.2400 [GMT 1:00]
Kører fra: c:\users\Bruger\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Bruger\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Troysoftware
c:\program files (x86)\Troysoftware\sfxcallback.exe
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2013-01-03 til 2013-02-03 )))))))))))))))))))))))))))))))))))
.
.
2013-02-03 17:33 . 2013-02-03 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-03 11:04 . 2013-02-03 11:04 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\offreg.dll
2013-02-03 11:00 . 2013-02-03 11:00 -------- d-----w- c:\windows\ERUNT
2013-02-03 10:59 . 2013-02-03 11:00 -------- d-----w- C:\JRT
2013-02-02 21:58 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\mpengine.dll
2013-01-29 20:20 . 2013-01-29 20:20 -------- d-----w- c:\users\Bruger\AppData\Roaming\Malwarebytes
2013-01-29 20:19 . 2013-01-29 20:19 -------- d-----w- c:\programdata\Malwarebytes
2013-01-29 20:19 . 2013-02-02 21:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-29 14:57 . 2013-01-29 14:57 -------- d-----w- C:\_OTL
2013-01-27 10:44 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-25 12:45 . 2013-01-26 00:45 -------- d-----w- c:\users\Bruger\AppData\Local\{AA35EEC0-44DB-47B2-BF64-08FA2011CBE6}
2013-01-25 05:23 . 2013-01-25 05:23 42880 ----a-w- c:\windows\SysWow64\xfcodec.dll
2013-01-25 05:23 . 2013-01-25 05:23 28544 ----a-w- c:\windows\system32\xfcodec64.dll
2013-01-22 19:26 . 2013-01-22 19:26 -------- d-----w- c:\program files (x86)\ERUNT
2013-01-21 18:40 . 2013-02-03 11:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-21 18:40 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-01-21 18:40 . 2013-01-21 18:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-01-21 18:39 . 2013-01-21 18:39 -------- d-----w- c:\users\Bruger\AppData\Local\Programs
2013-01-21 15:48 . 2013-01-21 15:48 -------- d-----w- c:\programdata\ATI
2013-01-21 15:47 . 2013-01-21 15:47 -------- d-----w- c:\program files (x86)\AMD AVT
2013-01-21 15:47 . 2013-01-21 15:47 -------- d-----w- c:\program files (x86)\AMD APP
2013-01-18 22:03 . 2013-02-02 21:29 -------- d-----w- c:\windows\SysWow64\NTServer
2013-01-18 22:03 . 2013-01-09 08:49 802760 ----a-w- c:\windows\SysWow64\navegaki.exe
2013-01-15 14:56 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll
2013-01-09 21:36 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 21:36 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 21:36 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 21:36 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 21:36 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 21:36 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 21:36 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 21:36 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 21:36 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 21:36 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-09 21:34 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 21:34 . 2012-11-30 04:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-01-09 21:34 . 2012-11-30 05:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-01-09 21:34 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-09 21:34 . 2012-11-30 05:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-09 21:34 . 2012-11-30 05:45 243200 ----a-w- c:\windows\system32\wow64.dll
2013-01-09 21:34 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-01-09 21:34 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-01-09 21:34 . 2012-11-30 04:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-09 21:34 . 2012-11-30 03:23 338432 ----a-w- c:\windows\system32\conhost.exe
2013-01-09 21:34 . 2012-11-30 02:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-09 21:34 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 21:32 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 21:32 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2010-03-19 07:53 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 21:56 . 2010-03-19 07:53 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 16:32 . 2012-04-22 10:41 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 16:32 . 2011-05-14 12:42 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-25 22:05 . 2010-03-21 12:06 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-25 22:05 . 2010-03-21 12:06 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-25 22:05 . 2010-03-21 12:06 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-25 22:05 . 2010-03-21 12:06 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-19 20:50 . 2010-11-05 18:53 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll
2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-12-19 20:09 . 2010-07-07 01:54 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-12-19 20:08 . 2010-07-07 01:53 1151488 ----a-w- c:\windows\system32\aticfx64.dll
2012-12-19 20:06 . 2010-07-07 01:46 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-12-19 19:59 . 2012-12-19 19:59 5087744 ----a-w- c:\windows\system32\atiumd6a.dll
2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-12-19 19:49 . 2009-11-04 15:31 7370752 ----a-w- c:\windows\system32\atidxx64.dll
2012-12-19 19:44 . 2010-11-05 18:54 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-12-19 19:44 . 2012-12-19 19:44 6786560 ----a-w- c:\windows\system32\atiumd64.dll
2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-12-19 19:33 . 2012-12-19 19:33 619008 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2010-07-07 01:15 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-12-19 19:31 . 2010-07-07 01:14 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-12-19 19:31 . 2010-07-07 01:14 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-12-19 19:30 . 2010-07-07 01:14 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-19 14:45 . 2012-12-19 14:45 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-12-19 14:44 . 2012-12-19 14:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-12-19 14:44 . 2012-12-19 14:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-12-19 14:44 . 2012-12-19 14:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll
2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-12-19 14:34 . 2012-12-19 14:34 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-12-16 17:11 . 2012-12-22 02:02 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 02:02 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-09 19:11 . 2010-03-21 21:05 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-09 19:11 . 2010-03-21 21:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-30 04:45 . 2013-01-09 21:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-12 12:28 . 2012-12-12 21:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-12 11:52 . 2012-12-12 21:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-10 15:43 . 2012-11-10 15:43 252296 ----a-w- c:\windows\system32\javaws.exe
2012-11-10 15:43 . 2012-11-10 15:43 188808 ----a-w- c:\windows\system32\javaw.exe
2012-11-10 15:43 . 2012-11-10 15:43 188808 ----a-w- c:\windows\system32\java.exe
2012-11-10 15:43 . 2012-11-10 15:43 627600 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-09 05:45 . 2012-12-12 21:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 21:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-06 11:11 . 2012-11-06 11:11 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-02-11 3253656]
"Akamai NetSession Interface"="c:\users\Bruger\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-20 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-04 380928]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-11-19 2791936]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bruger\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2013-1-25 3560832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 31744]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-05-03 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736]
R3 X6va005;X6va005;c:\users\Bruger\AppData\Local\Temp\0057BAC.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-30 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-11-26 138304]
S2 NTServiceSystem;NTServiceSystem;c:\windows\SysWOW64\NTServer\service.exe [2013-01-08 91728]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 5556520]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-13 1274880]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 18216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Indhold af mappen 'Planlagte Opgaver'
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 16:32]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 15:48]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 15:48]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000Core.job
- c:\users\Bruger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02 22:57]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000UA.job
- c:\users\Bruger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02 22:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-11-26 18:38 82136 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAAUD"="c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe" [BU]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Yderligere scanning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.youtube.com/user/nillor0?feature=mhw4
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\users\Bruger\AppData\Roaming\Mozilla\Firefox\Profiles\6rsi3ybe.default\
FF - prefs.js: browser.search.selectedEngine - navegaki
FF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#!welcome
FF - prefs.js: keyword.URL - hxxp://search.portalsepeti.com?q=
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-Europe MapleStory_is1 - c:\program files (x86)\NEXON\Europe MapleStory\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Bruger\AppData\Local\Temp\0057BAC.tmp"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,9c,b5,85,78,c7,4e,4c,9c,83,6e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,9c,b5,85,78,c7,4e,4c,9c,83,6e,\
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,c5,ba,ec,ca,28,a1,92,7d,4a,0a,c3,93,a4,a6,29,87,ff,03,41,55,
78,fc,af,7c,a2,e0,87,1e,44,e0,3c,c3,6b,37,8f,7b,96,1f,42,30,2d,77,d9,52,41,\
"rkeysecu"=hex:7b,ac,9d,ad,82,eb,28,77,27,2d,06,30,46,37,fb,5c
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000_Classes\Wow6432Node\CLSID\{5fab6c72-1b6b-4638-8829-5be5c6fd2a10}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):71,3a,34,eb,9a,ff,a2,03,93,5a,5d,b7,18,1c,89,73,f8,36,1b,68,cf,
40,5c,19,87,4e,67,d1,7b,76,9c,fe,a5,fa,bd,6b,bf,de,5a,de,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2013-02-03 18:35:14
ComboFix-quarantined-files.txt 2013-02-03 17:35
ComboFix2.txt 2013-02-03 13:55
.
Pre-Kørsel: 266.483.494.912 byte ledig
Post-Kørsel: 266.413.142.016 byte ledig
.
- - End Of File - - 50418D249A14C88B45300C9D95F2515E
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.11.2
Run by Bruger at 18:44:14 on 2013-02-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.4087.1728 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\SysWOW64\NTServer\service.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\notepad.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.youtube.com/user/nillor0?feature=mhw4
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Hjælp til logon til Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [Akamai NetSession Interface] "C:\Users\Bruger\AppData\Local\Akamai\netsession_win.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Bruger\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bruger\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Bruger\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Bruger\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{8B7ADDC6-52E6-47B8-AC4E-86D090AC1BF0} : DHCPNameServer = 208.67.222.222 208.67.220.220
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bruger\AppData\Roaming\Mozilla\Firefox\Profiles\6rsi3ybe.default\
FF - prefs.js: browser.search.selectedEngine - navegaki
FF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#!welcome
FF - prefs.js: keyword.URL - hxxp://search.portalsepeti.com?q=
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-10-30 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-10-30 370288]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-10-30 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-30 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-12 44808]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-29 8704]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2010-11-26 138304]
R2 NTServiceSystem;NTServiceSystem;C:\Windows\SysWOW64\NTServer\service.exe [2013-1-18 91728]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-21 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-21 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-21 168384]
R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2010-3-22 5556520]
R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2010-3-22 127784]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-19 239616]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-3-19 1274880]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-3-22 18216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2011-9-11 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2011-9-11 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2011-9-11 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2011-9-11 34304]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\lgandadb.sys [2011-9-11 31744]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-5-3 131912]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-26 59392]
S3 WatAdminSvc;Tjenesten Windows Aktivering;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-22 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-02-03 13:37:44 98816 ----a-w- C:\Windows\sed.exe
2013-02-03 13:37:44 256000 ----a-w- C:\Windows\PEV.exe
2013-02-03 13:37:44 208896 ----a-w- C:\Windows\MBR.exe
2013-02-03 11:04:04 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\offreg.dll
2013-02-03 11:00:15 -------- d-----w- C:\Windows\ERUNT
2013-02-03 10:59:12 -------- d-----w- C:\JRT
2013-02-03 10:50:49 -------- d-----w- C:\Users\Bruger\AppData\Local\{94E4EFB3-A776-4521-A41D-2A5861723B9C}
2013-02-02 21:58:20 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\mpengine.dll
2013-02-02 21:39:36 -------- d-----w- C:\Users\Bruger\AppData\Local\{02155C00-241D-4FF8-B2E1-14100759040E}
2013-02-02 11:14:12 -------- d-----w- C:\Users\Bruger\AppData\Local\{E4657B68-3E84-4AF3-B787-EA1BDE309D1A}
2013-02-01 12:48:24 -------- d-----w- C:\Users\Bruger\AppData\Local\{C0DB8895-72E6-4886-A1E1-07CEC6E5267A}
2013-01-31 12:42:35 -------- d-----w- C:\Users\Bruger\AppData\Local\{C39DD8AB-5E30-41F3-9D04-DE1133ED8752}
2013-01-30 11:49:19 -------- d-----w- C:\Users\Bruger\AppData\Local\{90AE50FD-9303-485D-937E-50F229AC7A54}
2013-01-29 20:20:13 -------- d-----w- C:\Users\Bruger\AppData\Roaming\Malwarebytes
2013-01-29 20:19:49 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-29 20:19:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-29 14:57:46 -------- d-----w- C:\_OTL
2013-01-29 14:44:07 -------- d-----w- C:\Users\Bruger\AppData\Local\{FD25824F-E47D-4522-B2DD-3173B26B4885}
2013-01-28 14:16:44 -------- d-----w- C:\Users\Bruger\AppData\Local\{2591BA1E-11E1-4963-AF84-D1AC5A065C1F}
2013-01-27 12:47:19 -------- d-----w- C:\Users\Bruger\AppData\Local\{80A4E37A-80C7-4E1A-808C-4BBF52CD4A63}
2013-01-27 10:44:14 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-26 12:46:12 -------- d-----w- C:\Users\Bruger\AppData\Local\{06ACEED0-7B74-4A95-958F-9FBCB1F4E237}
2013-01-25 12:45:19 -------- d-----w- C:\Users\Bruger\AppData\Local\{AA35EEC0-44DB-47B2-BF64-08FA2011CBE6}
2013-01-25 05:23:38 42880 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2013-01-25 05:23:36 28544 ----a-w- C:\Windows\System32\xfcodec64.dll
2013-01-24 14:45:22 -------- d-----w- C:\Users\Bruger\AppData\Local\{7C4DF284-AEF0-4E4D-88D5-561E60381DC8}
2013-01-23 12:48:50 -------- d-----w- C:\Users\Bruger\AppData\Local\{45505061-2BE5-40B7-8A58-462E53843719}
2013-01-22 14:55:21 -------- d-----w- C:\Users\Bruger\AppData\Local\{0C0A1DB9-B608-4D53-A710-2777A970D2FF}
2013-01-21 18:40:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-01-21 18:40:16 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-01-21 18:40:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-01-21 18:39:48 -------- d-----w- C:\Users\Bruger\AppData\Local\Programs
2013-01-21 15:47:55 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-01-21 15:47:25 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-01-21 14:20:08 -------- d-----w- C:\Users\Bruger\AppData\Local\{C8372F4E-B80A-4AE0-99C7-1F51F0FF1D88}
2013-01-20 12:48:43 -------- d-----w- C:\Users\Bruger\AppData\Local\{FAB92882-37BC-4912-A450-E36FAEA73A2F}
2013-01-19 12:47:37 -------- d-----w- C:\Users\Bruger\AppData\Local\{9BBCFB09-E8F7-44CC-ADF3-A98D7E45C7C5}
2013-01-19 00:46:57 -------- d-----w- C:\Users\Bruger\AppData\Local\{7E574572-E413-458C-A8B9-0226847DAC40}
2013-01-18 22:03:19 802760 ----a-w- C:\Windows\SysWow64\navegaki.exe
2013-01-18 22:03:19 -------- d-----w- C:\Windows\SysWow64\NTServer
2013-01-18 12:46:25 -------- d-----w- C:\Users\Bruger\AppData\Local\{F4DDDC70-C22D-4BFC-AE2C-EF4E6E297811}
2013-01-17 10:49:37 -------- d-----w- C:\Users\Bruger\AppData\Local\{667BE21D-13E4-4AF4-87A6-07B5A7B8E929}
2013-01-16 14:48:58 -------- d-----w- C:\Users\Bruger\AppData\Local\{1E8AF24E-87A1-4258-92D1-70B1D3BA48BF}
2013-01-15 14:48:34 -------- d-----w- C:\Users\Bruger\AppData\Local\{DB4E1AE5-94DE-4C99-8BFB-34ABEE2BE75B}
2013-01-14 12:49:28 -------- d-----w- C:\Users\Bruger\AppData\Local\{077AC819-7F9D-4268-A83E-489C10E7CD18}
2013-01-13 12:21:41 -------- d-----w- C:\Users\Bruger\AppData\Local\{42950187-9F23-44D9-9F6F-9D406D865F5C}
2013-01-12 12:20:52 -------- d-----w- C:\Users\Bruger\AppData\Local\{BD0EA2A4-A61F-4F32-905A-3A4B2EF2869E}
2013-01-11 10:44:17 -------- d-----w- C:\Users\Bruger\AppData\Local\{3C5581A0-6740-475A-83C5-48A6CFE224AB}
2013-01-10 14:26:36 -------- d-----w- C:\Users\Bruger\AppData\Local\{5CBBC934-179C-4066-8F26-090E0F9576B9}
2013-01-09 21:36:49 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 21:36:48 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 21:36:15 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 21:36:14 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 21:36:13 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 21:36:13 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-09 21:36:11 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-09 21:36:11 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-09 21:36:09 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-01-09 21:36:08 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-01-09 21:34:09 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-01-09 21:34:08 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-01-09 21:34:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-01-09 21:34:03 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-09 21:34:02 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-09 21:34:02 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-01-09 21:34:02 243200 ----a-w- C:\Windows\System32\wow64.dll
2013-01-09 21:34:02 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-01-09 21:34:02 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-09 21:34:02 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-01-09 21:34:00 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 21:32:24 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-09 21:32:18 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-09 14:44:22 -------- d-----w- C:\Users\Bruger\AppData\Local\{C53FB7B9-BDFE-402D-AF6B-AD6EA5A040AA}
2013-01-08 14:46:58 -------- d-----w- C:\Users\Bruger\AppData\Local\{D609CD34-3B93-496D-952B-43A393614954}
2013-01-07 12:43:20 -------- d-----w- C:\Users\Bruger\AppData\Local\{BAB20A47-6E48-46DA-A644-0904F6F21FEE}
2013-01-06 13:08:43 -------- d-----w- C:\Users\Bruger\AppData\Local\{EF1C9AFA-7510-47DB-AA90-15062C205288}
2013-01-06 00:19:41 -------- d-----w- C:\Users\Bruger\AppData\Local\{D93E9ABD-EFD9-4612-A009-F5BE9BD746C8}
2013-01-05 12:19:14 -------- d-----w- C:\Users\Bruger\AppData\Local\{1F1978E7-3F16-475D-9AF4-D61890DD6D03}
2013-01-04 18:33:35 -------- d-----w- C:\Users\Bruger\AppData\Local\{C5CA2A1E-494A-4CB6-8B39-7C6BBB349CD6}
.
==================== Find3M ====================
.
2013-01-17 00:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-09 16:32:26 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-09 16:32:25 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-25 22:05:17 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-12-25 22:05:17 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-12-25 22:05:17 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-12-25 22:05:17 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll
2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll
2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll
2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe
2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-12-19 19:54:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-12-19 19:49:00 7370752 ----a-w- C:\Windows\System32\atidxx64.dll
2012-12-19 19:44:28 4162048 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-12-19 19:44:12 6786560 ----a-w- C:\Windows\System32\atiumd64.dll
2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-12-19 19:33:42 619008 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-12-19 19:33:32 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-12-19 19:33:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-12-19 19:33:14 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-12-19 19:33:14 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-12-19 19:33:10 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-12-19 19:33:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-12-19 19:32:54 552960 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-12-19 19:31:14 130048 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-12-19 19:31:08 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-12-19 19:31:00 104448 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-12-19 19:30:52 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-12-19 19:30:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-12-19 14:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe
2012-12-19 14:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-12-19 14:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-12-19 14:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-12-19 14:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-12-19 14:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll
2012-12-19 14:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-12-19 14:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-12-19 14:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-09 19:11:49 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-09 19:11:49 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:38:45 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 04:45:15 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-10 15:43:20 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-06 11:11:52 96256 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
.
============= FINISH: 18:44:29,55 ===============
Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Firefox::
Save this as CFScript to your desktop.Code:Firefox::
FF - ProfilePath - C:\Users\Bruger\AppData\Roaming\Mozilla\Firefox\Profiles\6rsi3ybe.default\
FF - prefs.js: browser.search.selectedEngine - navegaki
FF - prefs.js: keyword.URL - hxxp://search.portalsepeti.com?q=
File::
C:\Windows\SysWow64\navegaki.exe
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c3...FScriptB-4.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Then run a new scan with OTL and post the new log please
ComboFix 13-02-03.03 - Bruger 03-02-2013 19:49:31.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.4087.2068 [GMT 1:00]
Kører fra: c:\users\Bruger\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Bruger\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\navegaki.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bruger\AppData\Local\{C8372F4E-B80A-4AE0-99C7-1F51F0FF1D88}
c:\windows\SysWow64\navegaki.exe
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2013-01-03 til 2013-02-03 )))))))))))))))))))))))))))))))))))
.
.
2013-02-03 18:58 . 2013-02-03 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-03 11:04 . 2013-02-03 11:04 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\offreg.dll
2013-02-03 11:00 . 2013-02-03 11:00 -------- d-----w- c:\windows\ERUNT
2013-02-03 10:59 . 2013-02-03 11:00 -------- d-----w- C:\JRT
2013-02-02 21:58 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\mpengine.dll
2013-01-29 20:20 . 2013-01-29 20:20 -------- d-----w- c:\users\Bruger\AppData\Roaming\Malwarebytes
2013-01-29 20:19 . 2013-01-29 20:19 -------- d-----w- c:\programdata\Malwarebytes
2013-01-29 20:19 . 2013-02-02 21:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-29 14:57 . 2013-01-29 14:57 -------- d-----w- C:\_OTL
2013-01-27 10:44 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-25 12:45 . 2013-01-26 00:45 -------- d-----w- c:\users\Bruger\AppData\Local\{AA35EEC0-44DB-47B2-BF64-08FA2011CBE6}
2013-01-25 05:23 . 2013-01-25 05:23 42880 ----a-w- c:\windows\SysWow64\xfcodec.dll
2013-01-25 05:23 . 2013-01-25 05:23 28544 ----a-w- c:\windows\system32\xfcodec64.dll
2013-01-22 19:26 . 2013-01-22 19:26 -------- d-----w- c:\program files (x86)\ERUNT
2013-01-21 18:40 . 2013-02-03 11:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-21 18:40 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-01-21 18:40 . 2013-01-21 18:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-01-21 18:39 . 2013-01-21 18:39 -------- d-----w- c:\users\Bruger\AppData\Local\Programs
2013-01-21 15:48 . 2013-01-21 15:48 -------- d-----w- c:\programdata\ATI
2013-01-21 15:47 . 2013-01-21 15:47 -------- d-----w- c:\program files (x86)\AMD AVT
2013-01-21 15:47 . 2013-01-21 15:47 -------- d-----w- c:\program files (x86)\AMD APP
2013-01-18 22:03 . 2013-02-02 21:29 -------- d-----w- c:\windows\SysWow64\NTServer
2013-01-15 14:56 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll
2013-01-09 21:36 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 21:36 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 21:36 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 21:36 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 21:36 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 21:36 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 21:36 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 21:36 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 21:36 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 21:36 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-09 21:34 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 21:34 . 2012-11-30 04:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-01-09 21:34 . 2012-11-30 05:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-01-09 21:34 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-09 21:34 . 2012-11-30 05:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-09 21:34 . 2012-11-30 05:45 243200 ----a-w- c:\windows\system32\wow64.dll
2013-01-09 21:34 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-01-09 21:34 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-01-09 21:34 . 2012-11-30 04:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-09 21:34 . 2012-11-30 03:23 338432 ----a-w- c:\windows\system32\conhost.exe
2013-01-09 21:34 . 2012-11-30 02:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-09 21:34 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 21:32 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 21:32 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2010-03-19 07:53 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 21:56 . 2010-03-19 07:53 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 16:32 . 2012-04-22 10:41 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 16:32 . 2011-05-14 12:42 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-25 22:05 . 2010-03-21 12:06 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-25 22:05 . 2010-03-21 12:06 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-25 22:05 . 2010-03-21 12:06 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-25 22:05 . 2010-03-21 12:06 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-19 20:50 . 2010-11-05 18:53 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll
2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-12-19 20:09 . 2010-07-07 01:54 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-12-19 20:08 . 2010-07-07 01:53 1151488 ----a-w- c:\windows\system32\aticfx64.dll
2012-12-19 20:06 . 2010-07-07 01:46 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-12-19 19:59 . 2012-12-19 19:59 5087744 ----a-w- c:\windows\system32\atiumd6a.dll
2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-12-19 19:49 . 2009-11-04 15:31 7370752 ----a-w- c:\windows\system32\atidxx64.dll
2012-12-19 19:44 . 2010-11-05 18:54 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-12-19 19:44 . 2012-12-19 19:44 6786560 ----a-w- c:\windows\system32\atiumd64.dll
2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-12-19 19:33 . 2012-12-19 19:33 619008 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2010-07-07 01:15 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-12-19 19:31 . 2010-07-07 01:14 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-12-19 19:31 . 2010-07-07 01:14 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-12-19 19:30 . 2010-07-07 01:14 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-19 14:45 . 2012-12-19 14:45 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-12-19 14:44 . 2012-12-19 14:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-12-19 14:44 . 2012-12-19 14:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-12-19 14:44 . 2012-12-19 14:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll
2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-12-19 14:34 . 2012-12-19 14:34 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-12-16 17:11 . 2012-12-22 02:02 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 02:02 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-09 19:11 . 2010-03-21 21:05 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-09 19:11 . 2010-03-21 21:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-30 04:45 . 2013-01-09 21:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-12 12:28 . 2012-12-12 21:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-12 11:52 . 2012-12-12 21:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-10 15:43 . 2012-11-10 15:43 252296 ----a-w- c:\windows\system32\javaws.exe
2012-11-10 15:43 . 2012-11-10 15:43 188808 ----a-w- c:\windows\system32\javaw.exe
2012-11-10 15:43 . 2012-11-10 15:43 188808 ----a-w- c:\windows\system32\java.exe
2012-11-10 15:43 . 2012-11-10 15:43 627600 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-09 05:45 . 2012-12-12 21:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 21:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-06 11:11 . 2012-11-06 11:11 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-02-11 3253656]
"Akamai NetSession Interface"="c:\users\Bruger\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-20 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-04 380928]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-11-19 2791936]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bruger\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2013-1-25 3560832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 31744]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-05-03 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736]
R3 X6va005;X6va005;c:\users\Bruger\AppData\Local\Temp\0057BAC.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-30 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-11-26 138304]
S2 NTServiceSystem;NTServiceSystem;c:\windows\SysWOW64\NTServer\service.exe [2013-01-08 91728]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 5556520]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-13 1274880]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 18216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Indhold af mappen 'Planlagte Opgaver'
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 16:32]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 15:48]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 15:48]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000Core.job
- c:\users\Bruger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02 22:57]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000UA.job
- c:\users\Bruger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02 22:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-11-26 18:38 82136 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAAUD"="c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe" [BU]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Yderligere scanning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.youtube.com/user/nillor0?feature=mhw4
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Bruger\AppData\Roaming\Mozilla\Firefox\Profiles\6rsi3ybe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#!welcome
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-Europe MapleStory_is1 - c:\program files (x86)\NEXON\Europe MapleStory\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Bruger\AppData\Local\Temp\0057BAC.tmp"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,9c,b5,85,78,c7,4e,4c,9c,83,6e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,9c,b5,85,78,c7,4e,4c,9c,83,6e,\
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,c5,ba,ec,ca,28,a1,92,7d,4a,0a,c3,93,a4,a6,29,87,ff,03,41,55,
78,fc,af,7c,a2,e0,87,1e,44,e0,3c,c3,6b,37,8f,7b,96,1f,42,30,2d,77,d9,52,41,\
"rkeysecu"=hex:7b,ac,9d,ad,82,eb,28,77,27,2d,06,30,46,37,fb,5c
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000_Classes\Wow6432Node\CLSID\{5fab6c72-1b6b-4638-8829-5be5c6fd2a10}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):71,3a,34,eb,9a,ff,a2,03,93,5a,5d,b7,18,1c,89,73,f8,36,1b,68,cf,
40,5c,19,87,4e,67,d1,7b,76,9c,fe,a5,fa,bd,6b,bf,de,5a,de,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2013-02-03 20:00:24
ComboFix-quarantined-files.txt 2013-02-03 19:00
ComboFix2.txt 2013-02-03 17:35
ComboFix3.txt 2013-02-03 13:55
.
Pre-Kørsel: 265.328.693.248 byte ledig
Post-Kørsel: 267.874.750.464 byte ledig
.
- - End Of File - - 7E84BDD8CEEEDCA5EC83652C3C563A1F
OTL logfile created on: 03-02-2013 20:06:48 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bruger\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy
3,99 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 39,13% Memory free
7,98 Gb Paging File | 5,09 Gb Available in Paging File | 63,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 249,56 Gb Free Space | 26,79% Space Free | Partition Type: NTFS
Computer Name: BRUGER-PC | User Name: Bruger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Bruger\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
PRC - C:\Windows\SysWOW64\NTServer\service.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programmer\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programmer\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Steam\SDL.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll ()
MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\libglesv2.dll ()
MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\libegl.dll ()
MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDad.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NTServiceSystem) -- C:\Windows\SysWOW64\NTServer\service.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Programmer\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (wlidsvc) -- C:\Programmer\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (LBTServ) -- C:\Programmer\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (wlcrasvc) -- C:\Programmer\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WTouchService) -- C:\Programmer\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\lgandadb.sys (Google Inc)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/user/nillor0?feature=mhw4
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 4B 7D F0 28 C8 CA 01 [binary data]
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\SearchScopes,DefaultScope = {4C430FFD-3E0B-45C9-B13E-BC32314A0D74}
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\SearchScopes\{4C430FFD-3E0B-45C9-B13E-BC32314A0D74}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7SKPB_daDK371
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\SearchScopes\{7DC0055E-1C76-479B-9C92-9D2459569A1F}: "URL" = http://search.portalsepeti.com/?hl=tr&tbm=web&q={searchTerms}&oem=MUH&uid=WD-WCAV56241704_WDCWD10EARS-00Y5B1&tm=1358546600
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "navegaki"
FF - prefs.js..browser.startup.homepage: "http://www.quakelive.com/#!welcome"
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.110.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.3.0.11079
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "74.115.1.13"
FF - prefs.js..network.proxy.http_port: 80
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Bruger\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bruger\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bruger\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bruger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-12 15:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-07-09 23:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-01-09 15:47:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Bruger\AppData\Roaming\IDM\idmmzcc3 [2011-02-11 23:19:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Bruger\AppData\Roaming\IDM\idmmzcc3 [2011-02-11 23:19:52 | 000,000,000 | ---D | M]
[2012-09-15 16:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\Extensions
[2012-09-15 16:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012-05-19 20:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\Firefox\Profiles\6rsi3ybe.default\extensions
[2011-06-29 13:04:20 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Bruger\AppData\Roaming\mozilla\Firefox\Profiles\6rsi3ybe.default\extensions\battlefieldheroespatcher@ea.com
[2011-07-10 14:21:52 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Bruger\AppData\Roaming\mozilla\Firefox\Profiles\6rsi3ybe.default\extensions\battlefieldplay4free@ea.com
[2011-12-11 02:04:19 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\firefox\profiles\6rsi3ybe.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012-05-19 20:16:04 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\firefox\profiles\6rsi3ybe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012-04-21 23:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012-10-30 15:20:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010-06-08 13:31:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-14 14:47:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-11-24 00:33:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-03-12 10:59:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-06-10 15:56:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012-04-21 23:13:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012-11-12 15:34:32 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011-07-09 23:13:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013-01-18 23:04:07 | 000,005,010 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\navegaki.xml
========== Chrome ==========
CHR - homepage: http://www.youtube.com/playlist?list...w&feature=plcp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.youtube.com/playlist?list...w&feature=plcp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\npBP4FUpdater.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\BP4FUpdater.exe
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\npBFHUpdater.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\BFHUpdater.exe
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: Downloader Detector (Enabled) = C:\Program Files (x86)\Downloader\npdd.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Bruger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Bruger\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube Options for Google Chrome\u2122 = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.104_0\
CHR - Extension: YouTube = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Battlefield Heroes = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.196.0_0\
CHR - Extension: Adblock Plus = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-s\u00F8gning = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Battlefield Play4Free = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\
CHR - Extension: Battlefield Heroes = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.145.0_0\
CHR - Extension: avast! WebRep = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_1\
CHR - Extension: 4chan Plus = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\2.5.5_0\
CHR - Extension: Gmail = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013-02-03 19:58:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmer\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmer\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmer\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmer\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [Akamai NetSession Interface] C:\Users\Bruger\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bruger\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab...i_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary...r.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7ADDC6-52E6-47B8-AC4E-86D090AC1BF0}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programmer\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013-02-03 20:00:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013-02-03 14:37:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013-02-03 14:37:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013-02-03 14:37:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013-02-03 12:33:27 | 000,000,000 | ---D | C] -- C:\Users\Bruger\Documents\ProcAlyzer Dumps
[2013-02-03 12:27:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-02-03 12:25:33 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\Bruger\Desktop\ComboFix.exe
[2013-02-03 12:00:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-02-03 11:59:12 | 000,000,000 | ---D | C] -- C:\JRT
[2013-02-03 11:59:07 | 000,547,275 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Bruger\Desktop\JRT.exe
[2013-02-03 11:50:49 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{94E4EFB3-A776-4521-A41D-2A5861723B9C}
[2013-02-02 22:39:36 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{02155C00-241D-4FF8-B2E1-14100759040E}
[2013-02-02 12:14:12 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{E4657B68-3E84-4AF3-B787-EA1BDE309D1A}
[2013-02-01 13:48:24 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{C0DB8895-72E6-4886-A1E1-07CEC6E5267A}
[2013-01-31 13:42:35 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{C39DD8AB-5E30-41F3-9D04-DE1133ED8752}
[2013-01-30 12:49:19 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{90AE50FD-9303-485D-937E-50F229AC7A54}
[2013-01-29 21:20:13 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Roaming\Malwarebytes
[2013-01-29 21:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-01-29 21:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-01-29 21:19:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013-01-29 15:57:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-01-29 15:44:07 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{FD25824F-E47D-4522-B2DD-3173B26B4885}
[2013-01-28 16:15:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bruger\Desktop\OTL.exe
[2013-01-28 15:16:44 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{2591BA1E-11E1-4963-AF84-D1AC5A065C1F}
[2013-01-27 13:47:19 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{80A4E37A-80C7-4E1A-808C-4BBF52CD4A63}
[2013-01-27 11:44:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-01-27 11:44:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013-01-27 11:44:14 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-01-26 19:07:05 | 000,000,000 | ---D | C] -- C:\Users\Bruger\Desktop\Tripcode_Explorer
[2013-01-26 13:46:12 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{06ACEED0-7B74-4A95-958F-9FBCB1F4E237}
[2013-01-25 13:45:19 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{AA35EEC0-44DB-47B2-BF64-08FA2011CBE6}
[2013-01-24 15:45:22 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{7C4DF284-AEF0-4E4D-88D5-561E60381DC8}
[2013-01-23 19:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2013-01-23 13:48:50 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{45505061-2BE5-40B7-8A58-462E53843719}
[2013-01-22 20:27:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013-01-22 20:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013-01-22 20:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013-01-22 15:55:21 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{0C0A1DB9-B608-4D53-A710-2777A970D2FF}
[2013-01-21 19:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013-01-21 19:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013-01-21 19:40:16 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013-01-21 19:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013-01-21 19:39:48 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\Programs
[2013-01-21 16:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013-01-21 16:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013-01-21 16:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013-01-21 16:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013-01-20 13:48:43 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{FAB92882-37BC-4912-A450-E36FAEA73A2F}
[2013-01-19 13:47:37 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{9BBCFB09-E8F7-44CC-ADF3-A98D7E45C7C5}
[2013-01-19 01:46:57 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{7E574572-E413-458C-A8B9-0226847DAC40}
[2013-01-18 23:03:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NTServer
[2013-01-18 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{F4DDDC70-C22D-4BFC-AE2C-EF4E6E297811}
[2013-01-17 11:49:37 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{667BE21D-13E4-4AF4-87A6-07B5A7B8E929}
[2013-01-16 15:48:58 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{1E8AF24E-87A1-4258-92D1-70B1D3BA48BF}
[2013-01-15 15:48:34 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{DB4E1AE5-94DE-4C99-8BFB-34ABEE2BE75B}
[2013-01-14 13:49:28 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{077AC819-7F9D-4268-A83E-489C10E7CD18}
[2013-01-13 13:21:41 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{42950187-9F23-44D9-9F6F-9D406D865F5C}
[2013-01-12 13:20:52 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{BD0EA2A4-A61F-4F32-905A-3A4B2EF2869E}
[2013-01-11 11:44:17 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{3C5581A0-6740-475A-83C5-48A6CFE224AB}
[2013-01-10 15:26:36 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{5CBBC934-179C-4066-8F26-090E0F9576B9}
[2013-01-09 22:36:49 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013-01-09 22:36:48 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013-01-09 22:36:11 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013-01-09 22:36:09 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013-01-09 22:35:56 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013-01-09 22:35:56 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013-01-09 22:35:56 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013-01-09 22:35:56 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013-01-09 22:35:56 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013-01-09 22:35:56 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013-01-09 22:35:56 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013-01-09 22:35:56 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013-01-09 22:35:56 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013-01-09 22:35:56 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013-01-09 22:35:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013-01-09 22:35:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013-01-09 22:35:55 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013-01-09 22:35:54 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013-01-09 22:35:54 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013-01-09 22:35:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013-01-09 22:35:54 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013-01-09 22:35:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013-01-09 22:35:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013-01-09 22:35:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013-01-09 22:35:52 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013-01-09 22:35:52 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013-01-09 22:35:52 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013-01-09 22:35:51 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013-01-09 22:35:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013-01-09 22:35:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013-01-09 22:35:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013-01-09 22:35:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013-01-09 22:35:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013-01-09 22:35:32 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013-01-09 22:35:27 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013-01-09 22:35:27 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013-01-09 22:34:09 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013-01-09 22:34:07 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013-01-09 22:34:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013-01-09 22:34:03 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013-01-09 22:34:02 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013-01-09 22:34:02 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-01-09 22:34:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013-01-09 22:34:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-01-09 22:34:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013-01-09 22:34:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-01-09 22:34:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013-01-09 22:33:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013-01-09 22:33:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013-01-09 22:33:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-01-09 22:33:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013-01-09 22:33:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013-01-09 22:33:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013-01-09 22:33:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013-01-09 22:33:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013-01-09 22:33:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013-01-09 22:33:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-01-09 22:33:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-01-09 22:33:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013-01-09 22:33:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013-01-09 22:33:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-01-09 22:33:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013-01-09 22:33:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013-01-09 22:33:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013-01-09 22:33:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013-01-09 22:33:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-01-09 22:33:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-01-09 22:33:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-01-09 22:33:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-01-09 22:33:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013-01-09 22:33:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013-01-09 22:33:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013-01-09 22:33:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013-01-09 22:33:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013-01-09 22:33:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013-01-09 22:33:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013-01-09 22:33:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-01-09 22:33:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-01-09 22:33:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013-01-09 22:33:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013-01-09 22:33:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013-01-09 22:33:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013-01-09 22:33:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013-01-09 22:33:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013-01-09 22:33:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013-01-09 22:33:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013-01-09 22:33:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013-01-09 22:33:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013-01-09 22:33:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013-01-09 22:33:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013-01-09 22:33:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-01-09 22:33:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-01-09 22:33:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-01-09 22:33:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013-01-09 22:33:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013-01-09 22:33:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013-01-09 22:33:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013-01-09 22:33:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-01-09 22:32:24 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013-01-09 15:44:22 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{C53FB7B9-BDFE-402D-AF6B-AD6EA5A040AA}
[2013-01-08 15:46:58 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{D609CD34-3B93-496D-952B-43A393614954}
[2013-01-07 13:43:20 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{BAB20A47-6E48-46DA-A644-0904F6F21FEE}
[2013-01-06 14:08:43 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{EF1C9AFA-7510-47DB-AA90-15062C205288}
[2013-01-06 01:26:03 | 000,000,000 | ---D | C] -- C:\Users\Bruger\Documents\Essentials
[2013-01-06 01:19:41 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{D93E9ABD-EFD9-4612-A009-F5BE9BD746C8}
[2013-01-05 13:19:14 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{1F1978E7-3F16-475D-9AF4-D61890DD6D03}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013-02-03 20:10:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000UA.job
[2013-02-03 19:58:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013-02-03 19:47:48 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\Bruger\Desktop\ComboFix.exe
[2013-02-03 19:36:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-02-03 19:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-02-03 12:00:00 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-02-03 12:00:00 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-02-03 11:59:00 | 000,547,275 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Bruger\Desktop\JRT.exe
[2013-02-03 11:50:03 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013-02-03 11:49:22 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-02-03 11:48:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-02-03 11:48:18 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2013-02-02 22:36:12 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-02-02 22:36:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013-01-29 15:46:01 | 000,001,051 | ---- | M] () -- C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013-01-28 16:15:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bruger\Desktop\OTL.exe
[2013-01-28 15:15:30 | 000,013,806 | ---- | M] () -- C:\Windows\SysNative\Pen_Tablet.dat
[2013-01-27 03:28:26 | 000,000,173 | ---- | M] () -- C:\Users\Bruger\AppData\Local\msmathematics.qat.Bruger
[2013-01-27 01:56:40 | 000,000,132 | ---- | M] () -- C:\Users\Bruger\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013-01-25 06:23:38 | 000,042,880 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2013-01-25 06:23:36 | 000,028,544 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2013-01-23 19:16:02 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
[2013-01-22 21:43:35 | 000,000,512 | ---- | M] () -- C:\Users\Bruger\Desktop\MBR.dat
[2013-01-22 20:26:37 | 000,001,108 | ---- | M] () -- C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013-01-22 20:26:33 | 000,000,909 | ---- | M] () -- C:\Users\Bruger\Desktop\ERUNT.lnk
[2013-01-19 15:17:06 | 000,001,456 | ---- | M] () -- C:\Users\Bruger\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013-01-18 23:04:08 | 000,000,427 | ---- | M] () -- C:\Windows\SysWow64\ntserverbind.ini
[2013-01-18 23:03:29 | 000,002,216 | ---- | M] () -- C:\Users\Bruger\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013-01-18 23:03:29 | 000,001,533 | ---- | M] () -- C:\Users\Bruger\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013-01-18 23:03:21 | 000,002,207 | ---- | M] () -- C:\Users\Bruger\Application Data\Microsoft\Internet Explorer\Quick Launch\portalsepeti.lnk
[2013-01-12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-01-12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-01-12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013-01-11 14:56:40 | 000,234,496 | ---- | M] () -- C:\Users\Bruger\Documents\gamepad.exe
[2013-01-10 15:21:31 | 004,934,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-01-09 23:06:20 | 001,380,626 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-01-09 23:06:20 | 000,661,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-01-09 23:06:20 | 000,516,486 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2013-01-09 23:06:20 | 000,125,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-01-09 23:06:20 | 000,102,986 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2013-01-09 23:06:10 | 001,380,626 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-01-09 17:32:26 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-01-09 17:32:25 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013-02-03 14:37:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013-02-03 14:37:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013-02-03 14:37:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013-02-03 14:37:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013-02-03 14:37:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-02-02 22:36:12 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-01-25 06:23:38 | 000,042,880 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2013-01-25 06:23:36 | 000,028,544 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2013-01-23 19:16:02 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
[2013-01-22 21:43:35 | 000,000,512 | ---- | C] () -- C:\Users\Bruger\Desktop\MBR.dat
[2013-01-22 20:26:37 | 000,001,108 | ---- | C] () -- C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013-01-22 20:26:33 | 000,000,909 | ---- | C] () -- C:\Users\Bruger\Desktop\ERUNT.lnk
[2013-01-21 19:40:24 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013-01-18 23:03:21 | 000,002,207 | ---- | C] () -- C:\Users\Bruger\Application Data\Microsoft\Internet Explorer\Quick Launch\portalsepeti.lnk
[2013-01-18 23:03:19 | 000,000,427 | ---- | C] () -- C:\Windows\SysWow64\ntserverbind.ini
[2013-01-11 14:56:39 | 000,234,496 | ---- | C] () -- C:\Users\Bruger\Documents\gamepad.exe
[2012-12-23 00:38:13 | 000,001,456 | ---- | C] () -- C:\Users\Bruger\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012-12-23 00:28:51 | 000,000,132 | ---- | C] () -- C:\Users\Bruger\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2012-11-08 18:12:40 | 000,000,132 | ---- | C] () -- C:\Users\Bruger\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012-09-09 18:51:29 | 000,266,021 | ---- | C] () -- C:\Windows\QLPrism Uninstaller.exe
[2012-08-29 15:33:55 | 000,000,173 | ---- | C] () -- C:\Users\Bruger\AppData\Local\msmathematics.qat.Bruger
[2012-07-02 23:49:02 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012-05-02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012-02-15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-02-15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011-12-14 04:55:24 | 000,081,920 | ---- | C] () -- C:\Windows\qlprism-uninstall.exe
[2011-12-04 18:37:08 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\un-gamma.exe
[2011-10-25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-08-06 23:40:13 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011-08-06 23:40:13 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011-07-29 19:51:30 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011-06-27 00:19:51 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011-02-12 03:24:58 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
========== ZeroAccess Check ==========
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012-12-26 12:10:34 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\.minecraft
[2012-09-20 21:18:58 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\.spotflux
[2010-10-17 12:36:33 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Ableton
[2010-06-26 20:31:20 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Anabel
[2011-08-10 16:18:57 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\AtomZombieData
[2012-05-25 12:46:01 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Audacity
[2012-11-07 18:54:00 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Awesomium
[2012-01-20 14:33:39 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\BigHugeEngine
[2010-05-02 21:24:21 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Bioshock2
[2010-05-31 17:11:22 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\bizarre creations
[2010-05-08 15:26:31 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Blender Foundation
[2012-09-08 15:59:59 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Braid
[2011-07-29 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Broken Rules
[2011-07-27 16:01:42 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Crayon Physics Deluxe
[2010-05-31 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\DAEMON Tools Lite
[2012-06-27 16:16:45 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\digipen
[2013-02-03 19:58:32 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\DMCache
[2011-02-05 22:55:28 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Downloaded Installations
[2013-02-03 11:50:20 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Dropbox
[2010-06-28 14:39:35 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Facebook
[2012-06-02 11:57:22 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\fltk.org
[2010-11-19 16:22:46 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\GameRanger
[2011-07-10 10:15:46 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\go
[2011-01-28 21:08:37 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Gyazo
[2010-10-18 14:09:05 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Hardcore
[2013-02-02 22:28:42 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\IDM
[2011-07-29 19:56:54 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Lazy 8 Studios
[2010-03-20 20:49:46 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Leadertech
[2011-03-11 23:18:27 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\LolClient
[2012-06-08 17:27:20 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\LoneSurvivor
[2011-05-14 16:20:50 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Mount&Blade Warband
[2012-09-23 21:02:35 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Mumble
[2012-07-27 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Need for Speed World
[2011-12-20 17:49:33 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Nicalis
[2010-12-25 18:43:51 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\NPLUTO Corporation
[2011-10-07 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\OpenOffice.org
[2011-07-27 15:17:37 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Origin
[2012-01-15 02:17:46 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\RenPy
[2012-07-03 16:17:47 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\RotMG.Production
[2012-07-01 15:25:13 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Screaming Bee
[2012-11-08 14:39:28 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012-12-03 16:08:01 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\StepMania 5
[2011-01-26 22:16:44 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Subversion
[2012-08-16 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Thinstall
[2011-08-20 14:02:18 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\TinyAndBig
[2011-07-10 21:12:25 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\TS3Client
[2011-07-10 16:18:30 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\ts3overlay
[2013-02-02 22:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\uTorrent
[2012-03-17 23:56:16 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\wargaming.net
[2011-09-16 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Windows Live Writer
[2012-09-25 18:17:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Thinstall
[2012-09-25 18:17:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Thinstall
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C9FD258B
< End of report >
Are you aware that your internet connection is going through a server in San Francisco, have you aloud this for one of your game sites ?
Open OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code:
:processes
killallprocesses
:OTL
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\SearchScopes\{7DC0055E-1C76-479B-9C92-9D2459569A1F}: "URL" = http://search.portalsepeti.com/?hl=tr&tbm=web&q={searchTerms}&oem=MUH&uid=WD-WCAV56241704_WDCWD10EARS-00Y5B1&tm=1358546600
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
FF - prefs.js..browser.search.defaultenginename: "navegaki"
FF - prefs.js..network.proxy.http: "74.115.1.13"
FF - prefs.js..network.proxy.http_port: 80
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
- Then click the Run Fix button at the top. <--Not run Scan
- Let the program run unhindered, reboot when it is done
- Then post the results of the log it produces
Also rescan with OTL and post a new log please
I don't know about that san francisco thing. I've probably aloowed it one some game site, since i have a bad habbit of pressing accept and next until my game installs :v
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7DC0055E-1C76-479B-9C92-9D2459569A1F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DC0055E-1C76-479B-9C92-9D2459569A1F}\ not found.
HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "navegaki" removed from browser.search.defaultenginename
Prefs.js: "74.115.1.13" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.
C:\Users\Bruger\Desktop\cmd.bat deleted successfully.
C:\Users\Bruger\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Bruger
->Temp folder emptied: 9287 bytes
->Temporary Internet Files folder emptied: 935583 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1860299 bytes
->Google Chrome cache emptied: 356545523 bytes
->Flash cache emptied: 941 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 453977 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 343,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02042013_160347
Files\Folders moved on Reboot...
C:\Users\Bruger\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...