Page 6 of 9 FirstFirst ... 23456789 LastLast
Results 51 to 60 of 81

Thread: Portal sepeti homepage swap

  1. #51
    Member
    Join Date
    Jan 2013
    Posts
    54

    Default

    I don't recognise either of those urls so i guess they are atleast part of the problem.
    I got a feeling that you're close to a solution!

  2. #52
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Firefox::


    Code:
    Firefox::
    FF - prefs.js: browser.search.selectedEngine - navegaki
    FF - prefs.js..browser.search.defaultenginename: "navegaki"
    FF - prefs.js..browser.search.selectedEngine: "navegaki"
    FF - prefs.js: keyword.URL - hxxp://search.portalsepeti.com?q=
    FF - prefs.js..keyword.URL: "http://search.portalsepeti.com?q="
    
    Folder::
    C:\Program Files (x86)\Troysoftware
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.




    Then run DDS and post a new log please


    Download DDS from one of the links below to your desktop

    Link 1
    Link 2

    • Double click the tool to run it.
    • A black Screen will open, just read the contents and do nothing.
    • When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
    • Copy/Paste the contents of 'DDS.txt' into your post.
    • 'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #53
    Member
    Join Date
    Jan 2013
    Posts
    54

    Default

    ComboFix 13-02-03.02 - Bruger 03-02-2013 18:21:45.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.4087.2400 [GMT 1:00]
    Kører fra: c:\users\Bruger\Desktop\ComboFix.exe
    Kommandoer benyttet :: c:\users\Bruger\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Troysoftware
    c:\program files (x86)\Troysoftware\sfxcallback.exe
    .
    .
    ((((((((((((((((((((((((((((( Filer skabt fra 2013-01-03 til 2013-02-03 )))))))))))))))))))))))))))))))))))
    .
    .
    2013-02-03 17:33 . 2013-02-03 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-03 11:04 . 2013-02-03 11:04 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\offreg.dll
    2013-02-03 11:00 . 2013-02-03 11:00 -------- d-----w- c:\windows\ERUNT
    2013-02-03 10:59 . 2013-02-03 11:00 -------- d-----w- C:\JRT
    2013-02-02 21:58 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\mpengine.dll
    2013-01-29 20:20 . 2013-01-29 20:20 -------- d-----w- c:\users\Bruger\AppData\Roaming\Malwarebytes
    2013-01-29 20:19 . 2013-01-29 20:19 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-29 20:19 . 2013-02-02 21:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-01-29 14:57 . 2013-01-29 14:57 -------- d-----w- C:\_OTL
    2013-01-27 10:44 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-25 12:45 . 2013-01-26 00:45 -------- d-----w- c:\users\Bruger\AppData\Local\{AA35EEC0-44DB-47B2-BF64-08FA2011CBE6}
    2013-01-25 05:23 . 2013-01-25 05:23 42880 ----a-w- c:\windows\SysWow64\xfcodec.dll
    2013-01-25 05:23 . 2013-01-25 05:23 28544 ----a-w- c:\windows\system32\xfcodec64.dll
    2013-01-22 19:26 . 2013-01-22 19:26 -------- d-----w- c:\program files (x86)\ERUNT
    2013-01-21 18:40 . 2013-02-03 11:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-01-21 18:40 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
    2013-01-21 18:40 . 2013-01-21 18:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2013-01-21 18:39 . 2013-01-21 18:39 -------- d-----w- c:\users\Bruger\AppData\Local\Programs
    2013-01-21 15:48 . 2013-01-21 15:48 -------- d-----w- c:\programdata\ATI
    2013-01-21 15:47 . 2013-01-21 15:47 -------- d-----w- c:\program files (x86)\AMD AVT
    2013-01-21 15:47 . 2013-01-21 15:47 -------- d-----w- c:\program files (x86)\AMD APP
    2013-01-18 22:03 . 2013-02-02 21:29 -------- d-----w- c:\windows\SysWow64\NTServer
    2013-01-18 22:03 . 2013-01-09 08:49 802760 ----a-w- c:\windows\SysWow64\navegaki.exe
    2013-01-15 14:56 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll
    2013-01-09 21:36 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-09 21:36 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-09 21:36 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 21:36 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-09 21:36 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-09 21:36 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-09 21:36 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 21:36 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-09 21:36 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
    2013-01-09 21:36 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
    2013-01-09 21:34 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2013-01-09 21:34 . 2012-11-30 04:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2013-01-09 21:34 . 2012-11-30 05:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
    2013-01-09 21:34 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
    2013-01-09 21:34 . 2012-11-30 05:45 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-01-09 21:34 . 2012-11-30 05:45 243200 ----a-w- c:\windows\system32\wow64.dll
    2013-01-09 21:34 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2013-01-09 21:34 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2013-01-09 21:34 . 2012-11-30 04:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-01-09 21:34 . 2012-11-30 03:23 338432 ----a-w- c:\windows\system32\conhost.exe
    2013-01-09 21:34 . 2012-11-30 02:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-01-09 21:34 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2013-01-09 21:32 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-09 21:32 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-17 00:28 . 2010-03-19 07:53 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-09 21:56 . 2010-03-19 07:53 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-09 16:32 . 2012-04-22 10:41 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 16:32 . 2011-05-14 12:42 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-25 22:05 . 2010-03-21 12:06 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-12-25 22:05 . 2010-03-21 12:06 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-12-25 22:05 . 2010-03-21 12:06 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-12-25 22:05 . 2010-03-21 12:06 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-12-19 20:50 . 2010-11-05 18:53 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll
    2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll
    2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-12-19 20:09 . 2010-07-07 01:54 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-12-19 20:08 . 2010-07-07 01:53 1151488 ----a-w- c:\windows\system32\aticfx64.dll
    2012-12-19 20:06 . 2010-07-07 01:46 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-12-19 19:59 . 2012-12-19 19:59 5087744 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll
    2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe
    2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-12-19 19:49 . 2009-11-04 15:31 7370752 ----a-w- c:\windows\system32\atidxx64.dll
    2012-12-19 19:44 . 2010-11-05 18:54 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-12-19 19:44 . 2012-12-19 19:44 6786560 ----a-w- c:\windows\system32\atiumd64.dll
    2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll
    2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-12-19 19:33 . 2012-12-19 19:33 619008 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-12-19 19:31 . 2010-07-07 01:15 130048 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-12-19 19:31 . 2010-07-07 01:14 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-12-19 19:31 . 2010-07-07 01:14 104448 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-12-19 19:30 . 2010-07-07 01:14 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-12-19 14:45 . 2012-12-19 14:45 222720 ----a-w- c:\windows\system32\clinfo.exe
    2012-12-19 14:44 . 2012-12-19 14:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-12-19 14:44 . 2012-12-19 14:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-12-19 14:44 . 2012-12-19 14:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll
    2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-12-19 14:34 . 2012-12-19 14:34 54784 ----a-w- c:\windows\system32\OpenCL.dll
    2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-12-16 17:11 . 2012-12-22 02:02 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-22 02:02 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-22 02:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-22 02:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-09 19:11 . 2010-03-21 21:05 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-12-09 19:11 . 2010-03-21 21:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-11-30 04:45 . 2013-01-09 21:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-12 12:28 . 2012-12-12 21:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-12 11:52 . 2012-12-12 21:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-10 15:43 . 2012-11-10 15:43 252296 ----a-w- c:\windows\system32\javaws.exe
    2012-11-10 15:43 . 2012-11-10 15:43 188808 ----a-w- c:\windows\system32\javaw.exe
    2012-11-10 15:43 . 2012-11-10 15:43 188808 ----a-w- c:\windows\system32\java.exe
    2012-11-10 15:43 . 2012-11-10 15:43 627600 ----a-w- c:\windows\system32\deployJava1.dll
    2012-11-09 05:45 . 2012-12-12 21:08 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-12 21:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-06 11:11 . 2012-11-06 11:11 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
    .
    .
    ((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Bemærk* tomme linier & lovlige standard linier vises ikke
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-02-11 3253656]
    "Akamai NetSession Interface"="c:\users\Bruger\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-20 39408]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
    "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-04 380928]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-11-19 2791936]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
    .
    c:\users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Bruger\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2013-1-25 3560832]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
    R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
    R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
    R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
    R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 31744]
    R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-05-03 131912]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736]
    R3 X6va005;X6va005;c:\users\Bruger\AppData\Local\Temp\0057BAC.tmp [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-30 834544]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-11-26 138304]
    S2 NTServiceSystem;NTServiceSystem;c:\windows\SysWOW64\NTServer\service.exe [2013-01-08 91728]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
    S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 5556520]
    S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
    S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-13 1274880]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 18216]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Indhold af mappen 'Planlagte Opgaver'
    .
    2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 16:32]
    .
    2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 15:48]
    .
    2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 15:48]
    .
    2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000Core.job
    - c:\users\Bruger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02 22:57]
    .
    2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000UA.job
    - c:\users\Bruger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02 22:57]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2010-11-26 18:38 82136 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VIAAUD"="c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe" [BU]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    ------- Yderligere scanning -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.youtube.com/user/nillor0?feature=mhw4
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
    FF - ProfilePath - c:\users\Bruger\AppData\Roaming\Mozilla\Firefox\Profiles\6rsi3ybe.default\
    FF - prefs.js: browser.search.selectedEngine - navegaki
    FF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#!welcome
    FF - prefs.js: keyword.URL - hxxp://search.portalsepeti.com?q=
    .
    - - - - TOMME GENVEJE FJERNET - - - -
    .
    Notify-SDWinLogon - SDWinLogon.dll
    AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
    AddRemove-Europe MapleStory_is1 - c:\program files (x86)\NEXON\Europe MapleStory\unins000.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Bruger\AppData\Local\Temp\0057BAC.tmp"
    .
    --------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,9c,b5,85,78,c7,4e,4c,9c,83,6e,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,9c,b5,85,78,c7,4e,4c,9c,83,6e,\
    .
    [HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\SecuROM\License information*]
    "datasecu"=hex:0f,c5,ba,ec,ca,28,a1,92,7d,4a,0a,c3,93,a4,a6,29,87,ff,03,41,55,
    78,fc,af,7c,a2,e0,87,1e,44,e0,3c,c3,6b,37,8f,7b,96,1f,42,30,2d,77,d9,52,41,\
    "rkeysecu"=hex:7b,ac,9d,ad,82,eb,28,77,27,2d,06,30,46,37,fb,5c
    .
    [HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000_Classes\Wow6432Node\CLSID\{5fab6c72-1b6b-4638-8829-5be5c6fd2a10}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):71,3a,34,eb,9a,ff,a2,03,93,5a,5d,b7,18,1c,89,73,f8,36,1b,68,cf,
    40,5c,19,87,4e,67,d1,7b,76,9c,fe,a5,fa,bd,6b,bf,de,5a,de,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Gennemført tid: 2013-02-03 18:35:14
    ComboFix-quarantined-files.txt 2013-02-03 17:35
    ComboFix2.txt 2013-02-03 13:55
    .
    Pre-Kørsel: 266.483.494.912 byte ledig
    Post-Kørsel: 266.413.142.016 byte ledig
    .
    - - End Of File - - 50418D249A14C88B45300C9D95F2515E

  4. #54
    Member
    Join Date
    Jan 2013
    Posts
    54

    Default

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.11.2
    Run by Bruger at 18:44:14 on 2013-02-03
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.4087.1728 [GMT 1:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\WTouch\WTouchService.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\WTouch\WTouchUser.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Windows\SysWOW64\NTServer\service.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Xfire\Xfire.exe
    C:\Program Files (x86)\Xfire\xfire64.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Logitech\SetPointG\SetPointII.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WTablet\Pen_TabletUser.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Xfire\xfire64.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\explorer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Windows\system32\notepad.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.youtube.com/user/nillor0?feature=mhw4
    BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Hjælp til logon til Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    uRun: [Akamai NetSession Interface] "C:\Users\Bruger\AppData\Local\Akamai\netsession_win.exe"
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    StartupFolder: C:\Users\Bruger\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bruger\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Bruger\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Bruger\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - <orphaned>
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    TCP: NameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{8B7ADDC6-52E6-47B8-AC4E-86D090AC1BF0} : DHCPNameServer = 208.67.222.222 208.67.220.220
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Bruger\AppData\Roaming\Mozilla\Firefox\Profiles\6rsi3ybe.default\
    FF - prefs.js: browser.search.selectedEngine - navegaki
    FF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#!welcome
    FF - prefs.js: keyword.URL - hxxp://search.portalsepeti.com?q=
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-10-30 984144]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-10-30 370288]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-10-30 25232]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-30 71600]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-12 44808]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-29 8704]
    R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2010-11-26 138304]
    R2 NTServiceSystem;NTServiceSystem;C:\Windows\SysWOW64\NTServer\service.exe [2013-1-18 91728]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-21 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-21 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-21 168384]
    R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2010-3-22 5556520]
    R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2010-3-22 127784]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-19 239616]
    R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-3-19 1274880]
    R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-3-22 18216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2011-9-11 19456]
    S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2011-9-11 27648]
    S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2011-9-11 27136]
    S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2011-9-11 34304]
    S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\lgandadb.sys [2011-9-11 31744]
    S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-5-3 131912]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-21 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-26 59392]
    S3 WatAdminSvc;Tjenesten Windows Aktivering;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-22 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-02-03 13:37:44 98816 ----a-w- C:\Windows\sed.exe
    2013-02-03 13:37:44 256000 ----a-w- C:\Windows\PEV.exe
    2013-02-03 13:37:44 208896 ----a-w- C:\Windows\MBR.exe
    2013-02-03 11:04:04 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\offreg.dll
    2013-02-03 11:00:15 -------- d-----w- C:\Windows\ERUNT
    2013-02-03 10:59:12 -------- d-----w- C:\JRT
    2013-02-03 10:50:49 -------- d-----w- C:\Users\Bruger\AppData\Local\{94E4EFB3-A776-4521-A41D-2A5861723B9C}
    2013-02-02 21:58:20 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\mpengine.dll
    2013-02-02 21:39:36 -------- d-----w- C:\Users\Bruger\AppData\Local\{02155C00-241D-4FF8-B2E1-14100759040E}
    2013-02-02 11:14:12 -------- d-----w- C:\Users\Bruger\AppData\Local\{E4657B68-3E84-4AF3-B787-EA1BDE309D1A}
    2013-02-01 12:48:24 -------- d-----w- C:\Users\Bruger\AppData\Local\{C0DB8895-72E6-4886-A1E1-07CEC6E5267A}
    2013-01-31 12:42:35 -------- d-----w- C:\Users\Bruger\AppData\Local\{C39DD8AB-5E30-41F3-9D04-DE1133ED8752}
    2013-01-30 11:49:19 -------- d-----w- C:\Users\Bruger\AppData\Local\{90AE50FD-9303-485D-937E-50F229AC7A54}
    2013-01-29 20:20:13 -------- d-----w- C:\Users\Bruger\AppData\Roaming\Malwarebytes
    2013-01-29 20:19:49 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-01-29 20:19:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-29 14:57:46 -------- d-----w- C:\_OTL
    2013-01-29 14:44:07 -------- d-----w- C:\Users\Bruger\AppData\Local\{FD25824F-E47D-4522-B2DD-3173B26B4885}
    2013-01-28 14:16:44 -------- d-----w- C:\Users\Bruger\AppData\Local\{2591BA1E-11E1-4963-AF84-D1AC5A065C1F}
    2013-01-27 12:47:19 -------- d-----w- C:\Users\Bruger\AppData\Local\{80A4E37A-80C7-4E1A-808C-4BBF52CD4A63}
    2013-01-27 10:44:14 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-26 12:46:12 -------- d-----w- C:\Users\Bruger\AppData\Local\{06ACEED0-7B74-4A95-958F-9FBCB1F4E237}
    2013-01-25 12:45:19 -------- d-----w- C:\Users\Bruger\AppData\Local\{AA35EEC0-44DB-47B2-BF64-08FA2011CBE6}
    2013-01-25 05:23:38 42880 ----a-w- C:\Windows\SysWow64\xfcodec.dll
    2013-01-25 05:23:36 28544 ----a-w- C:\Windows\System32\xfcodec64.dll
    2013-01-24 14:45:22 -------- d-----w- C:\Users\Bruger\AppData\Local\{7C4DF284-AEF0-4E4D-88D5-561E60381DC8}
    2013-01-23 12:48:50 -------- d-----w- C:\Users\Bruger\AppData\Local\{45505061-2BE5-40B7-8A58-462E53843719}
    2013-01-22 14:55:21 -------- d-----w- C:\Users\Bruger\AppData\Local\{0C0A1DB9-B608-4D53-A710-2777A970D2FF}
    2013-01-21 18:40:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-01-21 18:40:16 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2013-01-21 18:40:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-01-21 18:39:48 -------- d-----w- C:\Users\Bruger\AppData\Local\Programs
    2013-01-21 15:47:55 -------- d-----w- C:\Program Files (x86)\AMD AVT
    2013-01-21 15:47:25 -------- d-----w- C:\Program Files (x86)\AMD APP
    2013-01-21 14:20:08 -------- d-----w- C:\Users\Bruger\AppData\Local\{C8372F4E-B80A-4AE0-99C7-1F51F0FF1D88}
    2013-01-20 12:48:43 -------- d-----w- C:\Users\Bruger\AppData\Local\{FAB92882-37BC-4912-A450-E36FAEA73A2F}
    2013-01-19 12:47:37 -------- d-----w- C:\Users\Bruger\AppData\Local\{9BBCFB09-E8F7-44CC-ADF3-A98D7E45C7C5}
    2013-01-19 00:46:57 -------- d-----w- C:\Users\Bruger\AppData\Local\{7E574572-E413-458C-A8B9-0226847DAC40}
    2013-01-18 22:03:19 802760 ----a-w- C:\Windows\SysWow64\navegaki.exe
    2013-01-18 22:03:19 -------- d-----w- C:\Windows\SysWow64\NTServer
    2013-01-18 12:46:25 -------- d-----w- C:\Users\Bruger\AppData\Local\{F4DDDC70-C22D-4BFC-AE2C-EF4E6E297811}
    2013-01-17 10:49:37 -------- d-----w- C:\Users\Bruger\AppData\Local\{667BE21D-13E4-4AF4-87A6-07B5A7B8E929}
    2013-01-16 14:48:58 -------- d-----w- C:\Users\Bruger\AppData\Local\{1E8AF24E-87A1-4258-92D1-70B1D3BA48BF}
    2013-01-15 14:48:34 -------- d-----w- C:\Users\Bruger\AppData\Local\{DB4E1AE5-94DE-4C99-8BFB-34ABEE2BE75B}
    2013-01-14 12:49:28 -------- d-----w- C:\Users\Bruger\AppData\Local\{077AC819-7F9D-4268-A83E-489C10E7CD18}
    2013-01-13 12:21:41 -------- d-----w- C:\Users\Bruger\AppData\Local\{42950187-9F23-44D9-9F6F-9D406D865F5C}
    2013-01-12 12:20:52 -------- d-----w- C:\Users\Bruger\AppData\Local\{BD0EA2A4-A61F-4F32-905A-3A4B2EF2869E}
    2013-01-11 10:44:17 -------- d-----w- C:\Users\Bruger\AppData\Local\{3C5581A0-6740-475A-83C5-48A6CFE224AB}
    2013-01-10 14:26:36 -------- d-----w- C:\Users\Bruger\AppData\Local\{5CBBC934-179C-4066-8F26-090E0F9576B9}
    2013-01-09 21:36:49 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2013-01-09 21:36:48 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-01-09 21:36:15 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2013-01-09 21:36:14 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2013-01-09 21:36:13 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2013-01-09 21:36:13 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2013-01-09 21:36:11 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2013-01-09 21:36:11 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2013-01-09 21:36:09 800768 ----a-w- C:\Windows\System32\usp10.dll
    2013-01-09 21:36:08 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2013-01-09 21:34:09 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2013-01-09 21:34:08 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2013-01-09 21:34:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2013-01-09 21:34:03 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-01-09 21:34:02 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-01-09 21:34:02 338432 ----a-w- C:\Windows\System32\conhost.exe
    2013-01-09 21:34:02 243200 ----a-w- C:\Windows\System32\wow64.dll
    2013-01-09 21:34:02 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2013-01-09 21:34:02 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-01-09 21:34:02 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2013-01-09 21:34:00 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2013-01-09 21:32:24 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2013-01-09 21:32:18 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-09 14:44:22 -------- d-----w- C:\Users\Bruger\AppData\Local\{C53FB7B9-BDFE-402D-AF6B-AD6EA5A040AA}
    2013-01-08 14:46:58 -------- d-----w- C:\Users\Bruger\AppData\Local\{D609CD34-3B93-496D-952B-43A393614954}
    2013-01-07 12:43:20 -------- d-----w- C:\Users\Bruger\AppData\Local\{BAB20A47-6E48-46DA-A644-0904F6F21FEE}
    2013-01-06 13:08:43 -------- d-----w- C:\Users\Bruger\AppData\Local\{EF1C9AFA-7510-47DB-AA90-15062C205288}
    2013-01-06 00:19:41 -------- d-----w- C:\Users\Bruger\AppData\Local\{D93E9ABD-EFD9-4612-A009-F5BE9BD746C8}
    2013-01-05 12:19:14 -------- d-----w- C:\Users\Bruger\AppData\Local\{1F1978E7-3F16-475D-9AF4-D61890DD6D03}
    2013-01-04 18:33:35 -------- d-----w- C:\Users\Bruger\AppData\Local\{C5CA2A1E-494A-4CB6-8B39-7C6BBB349CD6}
    .
    ==================== Find3M ====================
    .
    2013-01-17 00:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-09 16:32:26 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 16:32:25 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-25 22:05:17 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-12-25 22:05:17 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-12-25 22:05:17 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-12-25 22:05:17 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll
    2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll
    2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
    2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
    2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll
    2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll
    2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll
    2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe
    2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe
    2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll
    2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2012-12-19 19:54:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2012-12-19 19:49:00 7370752 ----a-w- C:\Windows\System32\atidxx64.dll
    2012-12-19 19:44:28 4162048 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2012-12-19 19:44:12 6786560 ----a-w- C:\Windows\System32\atiumd64.dll
    2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\atimpc64.dll
    2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
    2012-12-19 19:33:42 619008 ----a-w- C:\Windows\System32\atiadlxx.dll
    2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2012-12-19 19:33:32 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2012-12-19 19:33:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
    2012-12-19 19:33:14 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2012-12-19 19:33:14 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
    2012-12-19 19:33:10 41984 ----a-w- C:\Windows\System32\atig6txx.dll
    2012-12-19 19:33:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2012-12-19 19:32:54 552960 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2012-12-19 19:31:14 130048 ----a-w- C:\Windows\System32\atiuxp64.dll
    2012-12-19 19:31:08 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2012-12-19 19:31:00 104448 ----a-w- C:\Windows\System32\atiu9p64.dll
    2012-12-19 19:30:52 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2012-12-19 19:30:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2012-12-19 14:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe
    2012-12-19 14:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll
    2012-12-19 14:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
    2012-12-19 14:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll
    2012-12-19 14:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2012-12-19 14:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll
    2012-12-19 14:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2012-12-19 14:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll
    2012-12-19 14:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-09 19:11:49 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-12-09 19:11:49 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-11-30 05:38:45 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 04:45:15 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-10 15:43:20 627600 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-06 11:11:52 96256 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
    .
    ============= FINISH: 18:44:29,55 ===============

  5. #55
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Firefox::


    Code:
    Firefox::
    FF - ProfilePath - C:\Users\Bruger\AppData\Roaming\Mozilla\Firefox\Profiles\6rsi3ybe.default\
    FF - prefs.js: browser.search.selectedEngine - navegaki
    FF - prefs.js: keyword.URL - hxxp://search.portalsepeti.com?q=
    
    File::
    C:\Windows\SysWow64\navegaki.exe
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.




    Then run a new scan with OTL and post the new log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #56
    Member
    Join Date
    Jan 2013
    Posts
    54

    Default

    ComboFix 13-02-03.03 - Bruger 03-02-2013 19:49:31.3.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.4087.2068 [GMT 1:00]
    Kører fra: c:\users\Bruger\Desktop\ComboFix.exe
    Kommandoer benyttet :: c:\users\Bruger\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\SysWow64\navegaki.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Bruger\AppData\Local\{C8372F4E-B80A-4AE0-99C7-1F51F0FF1D88}
    c:\windows\SysWow64\navegaki.exe
    .
    .
    ((((((((((((((((((((((((((((( Filer skabt fra 2013-01-03 til 2013-02-03 )))))))))))))))))))))))))))))))))))
    .
    .
    2013-02-03 18:58 . 2013-02-03 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-03 11:04 . 2013-02-03 11:04 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\offreg.dll
    2013-02-03 11:00 . 2013-02-03 11:00 -------- d-----w- c:\windows\ERUNT
    2013-02-03 10:59 . 2013-02-03 11:00 -------- d-----w- C:\JRT
    2013-02-02 21:58 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\mpengine.dll
    2013-01-29 20:20 . 2013-01-29 20:20 -------- d-----w- c:\users\Bruger\AppData\Roaming\Malwarebytes
    2013-01-29 20:19 . 2013-01-29 20:19 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-29 20:19 . 2013-02-02 21:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-01-29 14:57 . 2013-01-29 14:57 -------- d-----w- C:\_OTL
    2013-01-27 10:44 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-25 12:45 . 2013-01-26 00:45 -------- d-----w- c:\users\Bruger\AppData\Local\{AA35EEC0-44DB-47B2-BF64-08FA2011CBE6}
    2013-01-25 05:23 . 2013-01-25 05:23 42880 ----a-w- c:\windows\SysWow64\xfcodec.dll
    2013-01-25 05:23 . 2013-01-25 05:23 28544 ----a-w- c:\windows\system32\xfcodec64.dll
    2013-01-22 19:26 . 2013-01-22 19:26 -------- d-----w- c:\program files (x86)\ERUNT
    2013-01-21 18:40 . 2013-02-03 11:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-01-21 18:40 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
    2013-01-21 18:40 . 2013-01-21 18:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2013-01-21 18:39 . 2013-01-21 18:39 -------- d-----w- c:\users\Bruger\AppData\Local\Programs
    2013-01-21 15:48 . 2013-01-21 15:48 -------- d-----w- c:\programdata\ATI
    2013-01-21 15:47 . 2013-01-21 15:47 -------- d-----w- c:\program files (x86)\AMD AVT
    2013-01-21 15:47 . 2013-01-21 15:47 -------- d-----w- c:\program files (x86)\AMD APP
    2013-01-18 22:03 . 2013-02-02 21:29 -------- d-----w- c:\windows\SysWow64\NTServer
    2013-01-15 14:56 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll
    2013-01-09 21:36 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-09 21:36 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-09 21:36 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 21:36 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-09 21:36 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-09 21:36 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-09 21:36 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 21:36 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-09 21:36 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
    2013-01-09 21:36 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
    2013-01-09 21:34 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
    2013-01-09 21:34 . 2012-11-30 04:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2013-01-09 21:34 . 2012-11-30 05:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
    2013-01-09 21:34 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
    2013-01-09 21:34 . 2012-11-30 05:45 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-01-09 21:34 . 2012-11-30 05:45 243200 ----a-w- c:\windows\system32\wow64.dll
    2013-01-09 21:34 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2013-01-09 21:34 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2013-01-09 21:34 . 2012-11-30 04:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-01-09 21:34 . 2012-11-30 03:23 338432 ----a-w- c:\windows\system32\conhost.exe
    2013-01-09 21:34 . 2012-11-30 02:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-01-09 21:34 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2013-01-09 21:32 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-09 21:32 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-17 00:28 . 2010-03-19 07:53 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-09 21:56 . 2010-03-19 07:53 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-09 16:32 . 2012-04-22 10:41 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 16:32 . 2011-05-14 12:42 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-25 22:05 . 2010-03-21 12:06 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-12-25 22:05 . 2010-03-21 12:06 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-12-25 22:05 . 2010-03-21 12:06 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-12-25 22:05 . 2010-03-21 12:06 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-12-19 20:50 . 2010-11-05 18:53 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll
    2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll
    2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-12-19 20:09 . 2010-07-07 01:54 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-12-19 20:08 . 2010-07-07 01:53 1151488 ----a-w- c:\windows\system32\aticfx64.dll
    2012-12-19 20:06 . 2010-07-07 01:46 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-12-19 19:59 . 2012-12-19 19:59 5087744 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll
    2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe
    2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-12-19 19:49 . 2009-11-04 15:31 7370752 ----a-w- c:\windows\system32\atidxx64.dll
    2012-12-19 19:44 . 2010-11-05 18:54 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-12-19 19:44 . 2012-12-19 19:44 6786560 ----a-w- c:\windows\system32\atiumd64.dll
    2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll
    2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-12-19 19:33 . 2012-12-19 19:33 619008 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-12-19 19:31 . 2010-07-07 01:15 130048 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-12-19 19:31 . 2010-07-07 01:14 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-12-19 19:31 . 2010-07-07 01:14 104448 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-12-19 19:30 . 2010-07-07 01:14 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-12-19 14:45 . 2012-12-19 14:45 222720 ----a-w- c:\windows\system32\clinfo.exe
    2012-12-19 14:44 . 2012-12-19 14:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-12-19 14:44 . 2012-12-19 14:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-12-19 14:44 . 2012-12-19 14:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll
    2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-12-19 14:34 . 2012-12-19 14:34 54784 ----a-w- c:\windows\system32\OpenCL.dll
    2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-12-16 17:11 . 2012-12-22 02:02 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-22 02:02 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-22 02:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-22 02:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-09 19:11 . 2010-03-21 21:05 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-12-09 19:11 . 2010-03-21 21:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-11-30 04:45 . 2013-01-09 21:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-11-12 12:28 . 2012-12-12 21:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-12 11:52 . 2012-12-12 21:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-10 15:43 . 2012-11-10 15:43 252296 ----a-w- c:\windows\system32\javaws.exe
    2012-11-10 15:43 . 2012-11-10 15:43 188808 ----a-w- c:\windows\system32\javaw.exe
    2012-11-10 15:43 . 2012-11-10 15:43 188808 ----a-w- c:\windows\system32\java.exe
    2012-11-10 15:43 . 2012-11-10 15:43 627600 ----a-w- c:\windows\system32\deployJava1.dll
    2012-11-09 05:45 . 2012-12-12 21:08 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-12 21:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-06 11:11 . 2012-11-06 11:11 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
    .
    .
    ((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Bemærk* tomme linier & lovlige standard linier vises ikke
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-02-11 3253656]
    "Akamai NetSession Interface"="c:\users\Bruger\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-20 39408]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
    "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-04 380928]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-11-19 2791936]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
    .
    c:\users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Bruger\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2013-1-25 3560832]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
    R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
    R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
    R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
    R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 31744]
    R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-05-03 131912]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736]
    R3 X6va005;X6va005;c:\users\Bruger\AppData\Local\Temp\0057BAC.tmp [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-30 834544]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-11-26 138304]
    S2 NTServiceSystem;NTServiceSystem;c:\windows\SysWOW64\NTServer\service.exe [2013-01-08 91728]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
    S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 5556520]
    S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
    S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-13 1274880]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 18216]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Indhold af mappen 'Planlagte Opgaver'
    .
    2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 16:32]
    .
    2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 15:48]
    .
    2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 15:48]
    .
    2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000Core.job
    - c:\users\Bruger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02 22:57]
    .
    2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000UA.job
    - c:\users\Bruger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02 22:57]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2010-11-26 18:38 82136 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VIAAUD"="c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe" [BU]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    ------- Yderligere scanning -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.youtube.com/user/nillor0?feature=mhw4
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    FF - ProfilePath - c:\users\Bruger\AppData\Roaming\Mozilla\Firefox\Profiles\6rsi3ybe.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#!welcome
    .
    - - - - TOMME GENVEJE FJERNET - - - -
    .
    Notify-SDWinLogon - SDWinLogon.dll
    AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
    AddRemove-Europe MapleStory_is1 - c:\program files (x86)\NEXON\Europe MapleStory\unins000.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Bruger\AppData\Local\Temp\0057BAC.tmp"
    .
    --------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,9c,b5,85,78,c7,4e,4c,9c,83,6e,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,9c,b5,85,78,c7,4e,4c,9c,83,6e,\
    .
    [HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\SecuROM\License information*]
    "datasecu"=hex:0f,c5,ba,ec,ca,28,a1,92,7d,4a,0a,c3,93,a4,a6,29,87,ff,03,41,55,
    78,fc,af,7c,a2,e0,87,1e,44,e0,3c,c3,6b,37,8f,7b,96,1f,42,30,2d,77,d9,52,41,\
    "rkeysecu"=hex:7b,ac,9d,ad,82,eb,28,77,27,2d,06,30,46,37,fb,5c
    .
    [HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000_Classes\Wow6432Node\CLSID\{5fab6c72-1b6b-4638-8829-5be5c6fd2a10}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):71,3a,34,eb,9a,ff,a2,03,93,5a,5d,b7,18,1c,89,73,f8,36,1b,68,cf,
    40,5c,19,87,4e,67,d1,7b,76,9c,fe,a5,fa,bd,6b,bf,de,5a,de,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Gennemført tid: 2013-02-03 20:00:24
    ComboFix-quarantined-files.txt 2013-02-03 19:00
    ComboFix2.txt 2013-02-03 17:35
    ComboFix3.txt 2013-02-03 13:55
    .
    Pre-Kørsel: 265.328.693.248 byte ledig
    Post-Kørsel: 267.874.750.464 byte ledig
    .
    - - End Of File - - 7E84BDD8CEEEDCA5EC83652C3C563A1F

  7. #57
    Member
    Join Date
    Jan 2013
    Posts
    54

    Default

    OTL logfile created on: 03-02-2013 20:06:48 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bruger\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

    3,99 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 39,13% Memory free
    7,98 Gb Paging File | 5,09 Gb Available in Paging File | 63,74% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931,41 Gb Total Space | 249,56 Gb Free Space | 26,79% Space Free | Partition Type: NTFS

    Computer Name: BRUGER-PC | User Name: Bruger | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Bruger\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
    PRC - C:\Windows\SysWOW64\NTServer\service.exe ()
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Programmer\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Programmer\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
    PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
    PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\Steam\SDL.dll ()
    MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
    MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
    MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
    MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
    MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
    MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll ()
    MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll ()
    MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\libglesv2.dll ()
    MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\libegl.dll ()
    MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll ()
    MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDad.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (NTServiceSystem) -- C:\Windows\SysWOW64\NTServer\service.exe ()
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
    SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
    SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (avast! Antivirus) -- C:\Programmer\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
    SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
    SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
    SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
    SRV - (wlidsvc) -- C:\Programmer\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
    SRV - (LBTServ) -- C:\Programmer\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV - (wlcrasvc) -- C:\Programmer\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    SRV - (WTouchService) -- C:\Programmer\WTouch\WTouchService.exe (Wacom Technology, Corp.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
    DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
    DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
    DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
    DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
    DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
    DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
    DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
    DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
    DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
    DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\lgandadb.sys (Google Inc)
    DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
    DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
    DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
    DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
    DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
    DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
    DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
    DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
    DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/user/nillor0?feature=mhw4
    IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
    IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 4B 7D F0 28 C8 CA 01 [binary data]
    IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\SearchScopes,DefaultScope = {4C430FFD-3E0B-45C9-B13E-BC32314A0D74}
    IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\SearchScopes\{4C430FFD-3E0B-45C9-B13E-BC32314A0D74}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7SKPB_daDK371
    IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\SearchScopes\{7DC0055E-1C76-479B-9C92-9D2459569A1F}: "URL" = http://search.portalsepeti.com/?hl=tr&tbm=web&q={searchTerms}&oem=MUH&uid=WD-WCAV56241704_WDCWD10EARS-00Y5B1&tm=1358546600
    IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "navegaki"
    FF - prefs.js..browser.startup.homepage: "http://www.quakelive.com/#!welcome"
    FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.110.0
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.53.2
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1
    FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
    FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
    FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.3.0.11079
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
    FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
    FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.1.9
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..network.proxy.http: "74.115.1.13"
    FF - prefs.js..network.proxy.http_port: 80
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
    FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Bruger\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bruger\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bruger\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bruger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-12 15:34:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-07-09 23:13:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-01-09 15:47:20 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Bruger\AppData\Roaming\IDM\idmmzcc3 [2011-02-11 23:19:52 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Bruger\AppData\Roaming\IDM\idmmzcc3 [2011-02-11 23:19:52 | 000,000,000 | ---D | M]

    [2012-09-15 16:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\Extensions
    [2012-09-15 16:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
    [2012-05-19 20:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\Firefox\Profiles\6rsi3ybe.default\extensions
    [2011-06-29 13:04:20 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Bruger\AppData\Roaming\mozilla\Firefox\Profiles\6rsi3ybe.default\extensions\battlefieldheroespatcher@ea.com
    [2011-07-10 14:21:52 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Bruger\AppData\Roaming\mozilla\Firefox\Profiles\6rsi3ybe.default\extensions\battlefieldplay4free@ea.com
    [2011-12-11 02:04:19 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\firefox\profiles\6rsi3ybe.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
    [2012-05-19 20:16:04 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\firefox\profiles\6rsi3ybe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012-04-21 23:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012-10-30 15:20:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2010-06-08 13:31:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010-08-14 14:47:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010-11-24 00:33:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011-03-12 10:59:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011-06-10 15:56:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2012-04-21 23:13:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2012-11-12 15:34:32 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011-07-09 23:13:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2013-01-18 23:04:07 | 000,005,010 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\navegaki.xml

    ========== Chrome ==========

    CHR - homepage: http://www.youtube.com/playlist?list...w&feature=plcp
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}
    CHR - default_search_provider: suggest_url = ,
    CHR - homepage: http://www.youtube.com/playlist?list...w&feature=plcp
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\npBP4FUpdater.dll
    CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\BP4FUpdater.exe
    CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\npBFHUpdater.dll
    CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\BFHUpdater.exe
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
    CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
    CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
    CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
    CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll
    CHR - plugin: Downloader Detector (Enabled) = C:\Program Files (x86)\Downloader\npdd.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Bruger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Bruger\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube Options for Google Chrome\u2122 = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.104_0\
    CHR - Extension: YouTube = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Battlefield Heroes = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.196.0_0\
    CHR - Extension: Adblock Plus = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
    CHR - Extension: Google-s\u00F8gning = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Battlefield Play4Free = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\
    CHR - Extension: Battlefield Heroes = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.145.0_0\
    CHR - Extension: avast! WebRep = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_1\
    CHR - Extension: 4chan Plus = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\2.5.5_0\
    CHR - Extension: Gmail = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013-02-03 19:58:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmer\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmer\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmer\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmer\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
    O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [Akamai NetSession Interface] C:\Users\Bruger\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)

  8. #58
    Member
    Join Date
    Jan 2013
    Posts
    54

    Default

    O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bruger\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
    O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.1.0)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_01)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_01)
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab...i_4.1.71.0.cab (SysInfo Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary...r.cab56986.cab (Minesweeper Flags Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7ADDC6-52E6-47B8-AC4E-86D090AC1BF0}: DhcpNameServer = 208.67.222.222 208.67.220.220
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programmer\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013-02-03 20:00:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013-02-03 14:37:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013-02-03 14:37:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013-02-03 14:37:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013-02-03 12:33:27 | 000,000,000 | ---D | C] -- C:\Users\Bruger\Documents\ProcAlyzer Dumps
    [2013-02-03 12:27:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013-02-03 12:25:33 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\Bruger\Desktop\ComboFix.exe
    [2013-02-03 12:00:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013-02-03 11:59:12 | 000,000,000 | ---D | C] -- C:\JRT
    [2013-02-03 11:59:07 | 000,547,275 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Bruger\Desktop\JRT.exe
    [2013-02-03 11:50:49 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{94E4EFB3-A776-4521-A41D-2A5861723B9C}
    [2013-02-02 22:39:36 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{02155C00-241D-4FF8-B2E1-14100759040E}
    [2013-02-02 12:14:12 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{E4657B68-3E84-4AF3-B787-EA1BDE309D1A}
    [2013-02-01 13:48:24 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{C0DB8895-72E6-4886-A1E1-07CEC6E5267A}
    [2013-01-31 13:42:35 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{C39DD8AB-5E30-41F3-9D04-DE1133ED8752}
    [2013-01-30 12:49:19 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{90AE50FD-9303-485D-937E-50F229AC7A54}
    [2013-01-29 21:20:13 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Roaming\Malwarebytes
    [2013-01-29 21:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013-01-29 21:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013-01-29 21:19:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013-01-29 15:57:46 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013-01-29 15:44:07 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{FD25824F-E47D-4522-B2DD-3173B26B4885}
    [2013-01-28 16:15:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bruger\Desktop\OTL.exe
    [2013-01-28 15:16:44 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{2591BA1E-11E1-4963-AF84-D1AC5A065C1F}
    [2013-01-27 13:47:19 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{80A4E37A-80C7-4E1A-808C-4BBF52CD4A63}
    [2013-01-27 11:44:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013-01-27 11:44:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013-01-27 11:44:14 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013-01-26 19:07:05 | 000,000,000 | ---D | C] -- C:\Users\Bruger\Desktop\Tripcode_Explorer
    [2013-01-26 13:46:12 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{06ACEED0-7B74-4A95-958F-9FBCB1F4E237}
    [2013-01-25 13:45:19 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{AA35EEC0-44DB-47B2-BF64-08FA2011CBE6}
    [2013-01-24 15:45:22 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{7C4DF284-AEF0-4E4D-88D5-561E60381DC8}
    [2013-01-23 19:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
    [2013-01-23 13:48:50 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{45505061-2BE5-40B7-8A58-462E53843719}
    [2013-01-22 20:27:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2013-01-22 20:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013-01-22 20:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2013-01-22 15:55:21 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{0C0A1DB9-B608-4D53-A710-2777A970D2FF}
    [2013-01-21 19:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013-01-21 19:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013-01-21 19:40:16 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
    [2013-01-21 19:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013-01-21 19:39:48 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\Programs
    [2013-01-21 16:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2013-01-21 16:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
    [2013-01-21 16:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2013-01-21 16:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
    [2013-01-20 13:48:43 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{FAB92882-37BC-4912-A450-E36FAEA73A2F}
    [2013-01-19 13:47:37 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{9BBCFB09-E8F7-44CC-ADF3-A98D7E45C7C5}
    [2013-01-19 01:46:57 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{7E574572-E413-458C-A8B9-0226847DAC40}
    [2013-01-18 23:03:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NTServer
    [2013-01-18 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{F4DDDC70-C22D-4BFC-AE2C-EF4E6E297811}
    [2013-01-17 11:49:37 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{667BE21D-13E4-4AF4-87A6-07B5A7B8E929}
    [2013-01-16 15:48:58 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{1E8AF24E-87A1-4258-92D1-70B1D3BA48BF}
    [2013-01-15 15:48:34 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{DB4E1AE5-94DE-4C99-8BFB-34ABEE2BE75B}
    [2013-01-14 13:49:28 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{077AC819-7F9D-4268-A83E-489C10E7CD18}
    [2013-01-13 13:21:41 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{42950187-9F23-44D9-9F6F-9D406D865F5C}
    [2013-01-12 13:20:52 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{BD0EA2A4-A61F-4F32-905A-3A4B2EF2869E}
    [2013-01-11 11:44:17 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{3C5581A0-6740-475A-83C5-48A6CFE224AB}
    [2013-01-10 15:26:36 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{5CBBC934-179C-4066-8F26-090E0F9576B9}
    [2013-01-09 22:36:49 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2013-01-09 22:36:48 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2013-01-09 22:36:11 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2013-01-09 22:36:09 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
    [2013-01-09 22:35:56 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
    [2013-01-09 22:35:56 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
    [2013-01-09 22:35:56 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
    [2013-01-09 22:35:56 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
    [2013-01-09 22:35:56 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
    [2013-01-09 22:35:56 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
    [2013-01-09 22:35:56 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
    [2013-01-09 22:35:56 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
    [2013-01-09 22:35:56 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
    [2013-01-09 22:35:56 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
    [2013-01-09 22:35:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
    [2013-01-09 22:35:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
    [2013-01-09 22:35:55 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
    [2013-01-09 22:35:54 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
    [2013-01-09 22:35:54 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
    [2013-01-09 22:35:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
    [2013-01-09 22:35:54 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
    [2013-01-09 22:35:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
    [2013-01-09 22:35:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
    [2013-01-09 22:35:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
    [2013-01-09 22:35:52 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
    [2013-01-09 22:35:52 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
    [2013-01-09 22:35:52 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
    [2013-01-09 22:35:51 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
    [2013-01-09 22:35:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
    [2013-01-09 22:35:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
    [2013-01-09 22:35:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
    [2013-01-09 22:35:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
    [2013-01-09 22:35:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
    [2013-01-09 22:35:32 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
    [2013-01-09 22:35:27 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
    [2013-01-09 22:35:27 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
    [2013-01-09 22:34:09 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2013-01-09 22:34:07 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2013-01-09 22:34:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2013-01-09 22:34:03 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013-01-09 22:34:02 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2013-01-09 22:34:02 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013-01-09 22:34:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2013-01-09 22:34:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013-01-09 22:34:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2013-01-09 22:34:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013-01-09 22:34:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2013-01-09 22:33:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2013-01-09 22:33:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2013-01-09 22:33:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013-01-09 22:33:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2013-01-09 22:33:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2013-01-09 22:33:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2013-01-09 22:33:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2013-01-09 22:33:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2013-01-09 22:33:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2013-01-09 22:33:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013-01-09 22:33:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013-01-09 22:33:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2013-01-09 22:33:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2013-01-09 22:33:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013-01-09 22:33:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2013-01-09 22:33:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2013-01-09 22:33:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2013-01-09 22:33:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2013-01-09 22:33:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013-01-09 22:33:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013-01-09 22:33:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013-01-09 22:33:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013-01-09 22:33:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2013-01-09 22:33:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2013-01-09 22:33:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2013-01-09 22:33:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2013-01-09 22:33:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2013-01-09 22:33:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2013-01-09 22:33:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2013-01-09 22:33:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013-01-09 22:33:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013-01-09 22:33:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2013-01-09 22:33:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2013-01-09 22:33:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2013-01-09 22:33:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2013-01-09 22:33:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2013-01-09 22:33:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2013-01-09 22:33:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2013-01-09 22:33:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2013-01-09 22:33:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2013-01-09 22:33:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2013-01-09 22:33:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2013-01-09 22:33:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2013-01-09 22:33:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013-01-09 22:33:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013-01-09 22:33:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013-01-09 22:33:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2013-01-09 22:33:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2013-01-09 22:33:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2013-01-09 22:33:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2013-01-09 22:33:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013-01-09 22:32:24 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
    [2013-01-09 15:44:22 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{C53FB7B9-BDFE-402D-AF6B-AD6EA5A040AA}
    [2013-01-08 15:46:58 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{D609CD34-3B93-496D-952B-43A393614954}
    [2013-01-07 13:43:20 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{BAB20A47-6E48-46DA-A644-0904F6F21FEE}
    [2013-01-06 14:08:43 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{EF1C9AFA-7510-47DB-AA90-15062C205288}
    [2013-01-06 01:26:03 | 000,000,000 | ---D | C] -- C:\Users\Bruger\Documents\Essentials
    [2013-01-06 01:19:41 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{D93E9ABD-EFD9-4612-A009-F5BE9BD746C8}
    [2013-01-05 13:19:14 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{1F1978E7-3F16-475D-9AF4-D61890DD6D03}
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013-02-03 20:10:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000UA.job
    [2013-02-03 19:58:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013-02-03 19:47:48 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\Bruger\Desktop\ComboFix.exe
    [2013-02-03 19:36:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013-02-03 19:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013-02-03 12:00:00 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013-02-03 12:00:00 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013-02-03 11:59:00 | 000,547,275 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Bruger\Desktop\JRT.exe
    [2013-02-03 11:50:03 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
    [2013-02-03 11:49:22 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013-02-03 11:48:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013-02-03 11:48:18 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
    [2013-02-02 22:36:12 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013-02-02 22:36:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2013-01-29 15:46:01 | 000,001,051 | ---- | M] () -- C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013-01-28 16:15:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bruger\Desktop\OTL.exe
    [2013-01-28 15:15:30 | 000,013,806 | ---- | M] () -- C:\Windows\SysNative\Pen_Tablet.dat
    [2013-01-27 03:28:26 | 000,000,173 | ---- | M] () -- C:\Users\Bruger\AppData\Local\msmathematics.qat.Bruger
    [2013-01-27 01:56:40 | 000,000,132 | ---- | M] () -- C:\Users\Bruger\AppData\Roaming\Adobe PNG Format CS6 Prefs
    [2013-01-25 06:23:38 | 000,042,880 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
    [2013-01-25 06:23:36 | 000,028,544 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
    [2013-01-23 19:16:02 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
    [2013-01-22 21:43:35 | 000,000,512 | ---- | M] () -- C:\Users\Bruger\Desktop\MBR.dat
    [2013-01-22 20:26:37 | 000,001,108 | ---- | M] () -- C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013-01-22 20:26:33 | 000,000,909 | ---- | M] () -- C:\Users\Bruger\Desktop\ERUNT.lnk
    [2013-01-19 15:17:06 | 000,001,456 | ---- | M] () -- C:\Users\Bruger\AppData\Local\Adobe Save for Web 13.0 Prefs
    [2013-01-18 23:04:08 | 000,000,427 | ---- | M] () -- C:\Windows\SysWow64\ntserverbind.ini
    [2013-01-18 23:03:29 | 000,002,216 | ---- | M] () -- C:\Users\Bruger\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013-01-18 23:03:29 | 000,001,533 | ---- | M] () -- C:\Users\Bruger\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013-01-18 23:03:21 | 000,002,207 | ---- | M] () -- C:\Users\Bruger\Application Data\Microsoft\Internet Explorer\Quick Launch\portalsepeti.lnk
    [2013-01-12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013-01-12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013-01-12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013-01-11 14:56:40 | 000,234,496 | ---- | M] () -- C:\Users\Bruger\Documents\gamepad.exe
    [2013-01-10 15:21:31 | 004,934,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013-01-09 23:06:20 | 001,380,626 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013-01-09 23:06:20 | 000,661,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013-01-09 23:06:20 | 000,516,486 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
    [2013-01-09 23:06:20 | 000,125,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013-01-09 23:06:20 | 000,102,986 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
    [2013-01-09 23:06:10 | 001,380,626 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013-01-09 17:32:26 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013-01-09 17:32:25 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013-02-03 14:37:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013-02-03 14:37:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013-02-03 14:37:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013-02-03 14:37:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013-02-03 14:37:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013-02-02 22:36:12 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013-01-25 06:23:38 | 000,042,880 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
    [2013-01-25 06:23:36 | 000,028,544 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
    [2013-01-23 19:16:02 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
    [2013-01-22 21:43:35 | 000,000,512 | ---- | C] () -- C:\Users\Bruger\Desktop\MBR.dat
    [2013-01-22 20:26:37 | 000,001,108 | ---- | C] () -- C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013-01-22 20:26:33 | 000,000,909 | ---- | C] () -- C:\Users\Bruger\Desktop\ERUNT.lnk
    [2013-01-21 19:40:24 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013-01-18 23:03:21 | 000,002,207 | ---- | C] () -- C:\Users\Bruger\Application Data\Microsoft\Internet Explorer\Quick Launch\portalsepeti.lnk
    [2013-01-18 23:03:19 | 000,000,427 | ---- | C] () -- C:\Windows\SysWow64\ntserverbind.ini
    [2013-01-11 14:56:39 | 000,234,496 | ---- | C] () -- C:\Users\Bruger\Documents\gamepad.exe
    [2012-12-23 00:38:13 | 000,001,456 | ---- | C] () -- C:\Users\Bruger\AppData\Local\Adobe Save for Web 13.0 Prefs
    [2012-12-23 00:28:51 | 000,000,132 | ---- | C] () -- C:\Users\Bruger\AppData\Roaming\Adobe GIF Format CS6 Prefs
    [2012-11-08 18:12:40 | 000,000,132 | ---- | C] () -- C:\Users\Bruger\AppData\Roaming\Adobe PNG Format CS6 Prefs
    [2012-09-09 18:51:29 | 000,266,021 | ---- | C] () -- C:\Windows\QLPrism Uninstaller.exe
    [2012-08-29 15:33:55 | 000,000,173 | ---- | C] () -- C:\Users\Bruger\AppData\Local\msmathematics.qat.Bruger
    [2012-07-02 23:49:02 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
    [2012-05-02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012-02-15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012-02-15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2011-12-14 04:55:24 | 000,081,920 | ---- | C] () -- C:\Windows\qlprism-uninstall.exe
    [2011-12-04 18:37:08 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\un-gamma.exe
    [2011-10-25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
    [2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011-08-06 23:40:13 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
    [2011-08-06 23:40:13 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
    [2011-07-29 19:51:30 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2011-06-27 00:19:51 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
    [2011-02-12 03:24:58 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012-12-26 12:10:34 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\.minecraft
    [2012-09-20 21:18:58 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\.spotflux
    [2010-10-17 12:36:33 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Ableton
    [2010-06-26 20:31:20 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Anabel
    [2011-08-10 16:18:57 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\AtomZombieData
    [2012-05-25 12:46:01 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Audacity
    [2012-11-07 18:54:00 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Awesomium
    [2012-01-20 14:33:39 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\BigHugeEngine
    [2010-05-02 21:24:21 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Bioshock2
    [2010-05-31 17:11:22 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\bizarre creations
    [2010-05-08 15:26:31 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Blender Foundation
    [2012-09-08 15:59:59 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Braid
    [2011-07-29 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Broken Rules
    [2011-07-27 16:01:42 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Crayon Physics Deluxe
    [2010-05-31 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\DAEMON Tools Lite
    [2012-06-27 16:16:45 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\digipen
    [2013-02-03 19:58:32 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\DMCache
    [2011-02-05 22:55:28 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Downloaded Installations
    [2013-02-03 11:50:20 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Dropbox
    [2010-06-28 14:39:35 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Facebook
    [2012-06-02 11:57:22 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\fltk.org
    [2010-11-19 16:22:46 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\GameRanger
    [2011-07-10 10:15:46 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\go
    [2011-01-28 21:08:37 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Gyazo
    [2010-10-18 14:09:05 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Hardcore
    [2013-02-02 22:28:42 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\IDM
    [2011-07-29 19:56:54 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Lazy 8 Studios
    [2010-03-20 20:49:46 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Leadertech
    [2011-03-11 23:18:27 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\LolClient
    [2012-06-08 17:27:20 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\LoneSurvivor
    [2011-05-14 16:20:50 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Mount&Blade Warband
    [2012-09-23 21:02:35 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Mumble
    [2012-07-27 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Need for Speed World
    [2011-12-20 17:49:33 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Nicalis
    [2010-12-25 18:43:51 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\NPLUTO Corporation
    [2011-10-07 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\OpenOffice.org
    [2011-07-27 15:17:37 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Origin
    [2012-01-15 02:17:46 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\RenPy
    [2012-07-03 16:17:47 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\RotMG.Production
    [2012-07-01 15:25:13 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Screaming Bee
    [2012-11-08 14:39:28 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2012-12-03 16:08:01 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\StepMania 5
    [2011-01-26 22:16:44 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Subversion
    [2012-08-16 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Thinstall
    [2011-08-20 14:02:18 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\TinyAndBig
    [2011-07-10 21:12:25 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\TS3Client
    [2011-07-10 16:18:30 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\ts3overlay
    [2013-02-02 22:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\uTorrent
    [2012-03-17 23:56:16 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\wargaming.net
    [2011-09-16 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Windows Live Writer
    [2012-09-25 18:17:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Thinstall
    [2012-09-25 18:17:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Thinstall

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C9FD258B

    < End of report >

  9. #59
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Are you aware that your internet connection is going through a server in San Francisco, have you aloud this for one of your game sites ?

    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :processes
      killallprocesses
      
      :OTL
      IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\SearchScopes\{7DC0055E-1C76-479B-9C92-9D2459569A1F}: "URL" = http://search.portalsepeti.com/?hl=tr&tbm=web&q={searchTerms}&oem=MUH&uid=WD-WCAV56241704_WDCWD10EARS-00Y5B1&tm=1358546600
      IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
      FF - prefs.js..browser.search.defaultenginename: "navegaki"
      FF - prefs.js..network.proxy.http: "74.115.1.13"
      FF - prefs.js..network.proxy.http_port: 80
      
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces


    Also rescan with OTL and post a new log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #60
    Member
    Join Date
    Jan 2013
    Posts
    54

    Default

    I don't know about that san francisco thing. I've probably aloowed it one some game site, since i have a bad habbit of pressing accept and next until my game installs :v


    All processes killed
    ========== PROCESSES ==========
    ========== OTL ==========
    Registry key HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7DC0055E-1C76-479B-9C92-9D2459569A1F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DC0055E-1C76-479B-9C92-9D2459569A1F}\ not found.
    HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Prefs.js: "navegaki" removed from browser.search.defaultenginename
    Prefs.js: "74.115.1.13" removed from network.proxy.http
    Prefs.js: 80 removed from network.proxy.http_port
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP-konfiguration
    DNS Resolver Cache blev t›mt.
    C:\Users\Bruger\Desktop\cmd.bat deleted successfully.
    C:\Users\Bruger\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Bruger
    ->Temp folder emptied: 9287 bytes
    ->Temporary Internet Files folder emptied: 935583 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 1860299 bytes
    ->Google Chrome cache emptied: 356545523 bytes
    ->Flash cache emptied: 941 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 402 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 453977 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 840 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 343,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02042013_160347

    Files\Folders moved on Reboot...
    C:\Users\Bruger\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •