Portal sepeti homepage swap

ken545 · Feb 2, 2013

You can use the instructions for any dated restore point. Lets skip that for the moment

Download Junkware Removal Tool to your desktop

shut down your protection software now to avoid potential conflicts.
run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
on completion, a log (JRT.txt) is saved to your desktop and will automatically open
post the contents of JRT.txt into your next message.

Nillor · Feb 3, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by Bruger on 03-02-2013 at 12:00:19,10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0055c089-8582-441b-a0bf-17b458c2a3a8}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

~~~ FireFox

Successfully deleted the following from C:\Users\Bruger\AppData\Roaming\mozilla\firefox\profiles\6rsi3ybe.default\prefs.js

user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !impor
user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-re
user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+");
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-r

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03-02-2013 at 12:09:39,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ken545 · Feb 3, 2013

Good Morning,

You had other bad stuff in there beside portal sepeti.

You also have a trojan on your OTL log

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Nillor · Feb 3, 2013

The tutorial for deactivating the spybot s&d protectian seems outdated.
everywhere i look it's how to do it on an older version.
this is how it looks to me

ken545 · Feb 3, 2013

Do this first...Important

Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking

Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect

Please do not proceed until the TeaTimer is disabled

Nillor · Feb 3, 2013

Those things aren't there.
The only things i can press are on the picture i posted

Nillor · Feb 3, 2013

looks like i don't have the teatimer, so can i just proceed?
this is the message i get

"Combofix has noticed that the following real-time scanner(s) are active:
antispyware: spybot - search and destroy.
Antivirus and the likes are known for interrupting combofix's progress. this leads to unpredictable results and even possible damage on the computer. please deactivate these scanners before you click "OK"."

ken545 · Feb 3, 2013

Yes, proceed

Nillor · Feb 3, 2013

ComboFix 13-02-02.05 - Bruger 03-02-2013 14:39:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.4087.2280 [GMT 1:00]
Kører fra: c:\users\Bruger\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Bruger\AppData\Roaming\WTouch
c:\users\Bruger\AppData\Roaming\WTouch\WTouch.xml
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2013-01-03 til 2013-02-03 )))))))))))))))))))))))))))))))))))
.
.
2013-02-03 13:51 . 2013-02-03 13:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-03 11:04 . 2013-02-03 11:04 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\offreg.dll
2013-02-03 11:00 . 2013-02-03 11:00 -------- d-----w- c:\windows\ERUNT
2013-02-03 10:59 . 2013-02-03 11:00 -------- d-----w- C:\JRT
2013-02-02 21:58 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\mpengine.dll
2013-01-29 20:20 . 2013-01-29 20:20 -------- d-----w- c:\users\Bruger\AppData\Roaming\Malwarebytes
2013-01-29 20:19 . 2013-01-29 20:19 -------- d-----w- c:\programdata\Malwarebytes
2013-01-29 20:19 . 2013-02-02 21:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-29 14:57 . 2013-01-29 14:57 -------- d-----w- C:\_OTL
2013-01-27 10:44 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-25 12:45 . 2013-01-26 00:45 -------- d-----w- c:\users\Bruger\AppData\Local\{AA35EEC0-44DB-47B2-BF64-08FA2011CBE6}
2013-01-25 05:23 . 2013-01-25 05:23 42880 ----a-w- c:\windows\SysWow64\xfcodec.dll
2013-01-25 05:23 . 2013-01-25 05:23 28544 ----a-w- c:\windows\system32\xfcodec64.dll
2013-01-22 19:26 . 2013-01-22 19:26 -------- d-----w- c:\program files (x86)\ERUNT
2013-01-21 18:40 . 2013-02-03 11:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-21 18:40 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-01-21 18:40 . 2013-01-21 18:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-01-21 18:39 . 2013-01-21 18:39 -------- d-----w- c:\users\Bruger\AppData\Local\Programs
2013-01-21 15:48 . 2013-01-21 15:48 -------- d-----w- c:\programdata\ATI
2013-01-21 15:47 . 2013-01-21 15:47 -------- d-----w- c:\program files (x86)\AMD AVT
2013-01-21 15:47 . 2013-01-21 15:47 -------- d-----w- c:\program files (x86)\AMD APP
2013-01-18 22:03 . 2013-02-02 21:29 -------- d-----w- c:\windows\SysWow64\NTServer
2013-01-18 22:03 . 2013-01-09 08:49 802760 ----a-w- c:\windows\SysWow64\navegaki.exe
2013-01-18 22:03 . 2013-01-18 22:06 -------- d-----w- c:\program files (x86)\Troysoftware
2013-01-15 14:56 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll
2013-01-09 21:36 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 21:36 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 21:36 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 21:36 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 21:36 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 21:36 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 21:36 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 21:36 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 21:36 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 21:36 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-09 21:34 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 21:34 . 2012-11-30 04:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-01-09 21:34 . 2012-11-30 05:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-01-09 21:34 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-09 21:34 . 2012-11-30 05:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-09 21:34 . 2012-11-30 05:45 243200 ----a-w- c:\windows\system32\wow64.dll
2013-01-09 21:34 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-01-09 21:34 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-01-09 21:34 . 2012-11-30 04:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-09 21:34 . 2012-11-30 03:23 338432 ----a-w- c:\windows\system32\conhost.exe
2013-01-09 21:34 . 2012-11-30 02:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-09 21:34 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 21:32 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 21:32 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2010-03-19 07:53 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 21:56 . 2010-03-19 07:53 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 16:32 . 2012-04-22 10:41 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 16:32 . 2011-05-14 12:42 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-25 22:05 . 2010-03-21 12:06 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-25 22:05 . 2010-03-21 12:06 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-25 22:05 . 2010-03-21 12:06 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-25 22:05 . 2010-03-21 12:06 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-19 20:50 . 2010-11-05 18:53 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll
2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-12-19 20:09 . 2010-07-07 01:54 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-12-19 20:08 . 2010-07-07 01:53 1151488 ----a-w- c:\windows\system32\aticfx64.dll
2012-12-19 20:06 . 2010-07-07 01:46 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-12-19 19:59 . 2012-12-19 19:59 5087744 ----a-w- c:\windows\system32\atiumd6a.dll
2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-12-19 19:49 . 2009-11-04 15:31 7370752 ----a-w- c:\windows\system32\atidxx64.dll
2012-12-19 19:44 . 2010-11-05 18:54 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-12-19 19:44 . 2012-12-19 19:44 6786560 ----a-w- c:\windows\system32\atiumd64.dll
2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-12-19 19:33 . 2012-12-19 19:33 619008 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2010-07-07 01:15 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-12-19 19:31 . 2010-07-07 01:14 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-12-19 19:31 . 2010-07-07 01:14 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-12-19 19:30 . 2010-07-07 01:14 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-19 14:45 . 2012-12-19 14:45 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-12-19 14:44 . 2012-12-19 14:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-12-19 14:44 . 2012-12-19 14:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-12-19 14:44 . 2012-12-19 14:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll
2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-12-19 14:34 . 2012-12-19 14:34 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-12-16 17:11 . 2012-12-22 02:02 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 02:02 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-09 19:11 . 2010-03-21 21:05 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-09 19:11 . 2010-03-21 21:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-30 04:45 . 2013-01-09 21:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-12 12:28 . 2012-12-12 21:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-12 11:52 . 2012-12-12 21:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-10 15:43 . 2012-11-10 15:43 252296 ----a-w- c:\windows\system32\javaws.exe
2012-11-10 15:43 . 2012-11-10 15:43 188808 ----a-w- c:\windows\system32\javaw.exe
2012-11-10 15:43 . 2012-11-10 15:43 188808 ----a-w- c:\windows\system32\java.exe
2012-11-10 15:43 . 2012-11-10 15:43 627600 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-09 05:45 . 2012-12-12 21:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 21:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-06 11:11 . 2012-11-06 11:11 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-02-11 3253656]
"Akamai NetSession Interface"="c:\users\Bruger\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-20 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-04 380928]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-11-19 2791936]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bruger\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2013-1-25 3560832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 31744]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-05-03 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736]
R3 X6va005;X6va005;c:\users\Bruger\AppData\Local\Temp\0057BAC.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-30 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-11-26 138304]
S2 NTServiceSystem;NTServiceSystem;c:\windows\SysWOW64\NTServer\service.exe [2013-01-08 91728]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 5556520]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-13 1274880]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 18216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Indhold af mappen 'Planlagte Opgaver'
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 16:32]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 15:48]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 15:48]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000Core.job
- c:\users\Bruger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02 22:57]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000UA.job
- c:\users\Bruger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02 22:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-11-26 18:38 82136 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Yderligere scanning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.youtube.com/user/nillor0?feature=mhw4
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\users\Bruger\AppData\Roaming\Mozilla\Firefox\Profiles\6rsi3ybe.default\
FF - prefs.js: browser.search.selectedEngine - navegaki
FF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#!welcome
FF - prefs.js: keyword.URL - hxxp://search.portalsepeti.com?q=
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM-Run-VIAAUD - c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-Europe MapleStory_is1 - c:\program files (x86)\NEXON\Europe MapleStory\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Bruger\AppData\Local\Temp\0057BAC.tmp"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,9c,b5,85,78,c7,4e,4c,9c,83,6e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,9c,b5,85,78,c7,4e,4c,9c,83,6e,\
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,c5,ba,ec,ca,28,a1,92,7d,4a,0a,c3,93,a4,a6,29,87,ff,03,41,55,
78,fc,af,7c,a2,e0,87,1e,44,e0,3c,c3,6b,37,8f,7b,96,1f,42,30,2d,77,d9,52,41,\
"rkeysecu"=hex:7b,ac,9d,ad,82,eb,28,77,27,2d,06,30,46,37,fb,5c
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000_Classes\Wow6432Node\CLSID\{5fab6c72-1b6b-4638-8829-5be5c6fd2a10}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):71,3a,34,eb,9a,ff,a2,03,93,5a,5d,b7,18,1c,89,73,f8,36,1b,68,cf,
40,5c,19,87,4e,67,d1,7b,76,9c,fe,a5,fa,bd,6b,bf,de,5a,de,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2013-02-03 14:55:24
ComboFix-quarantined-files.txt 2013-02-03 13:55
.
Pre-Kørsel: 267.015.557.120 byte ledig
Post-Kørsel: 266.699.341.824 byte ledig
.
- - End Of File - - 26F7504849D06D771B7EBBD49781E97F

ken545 · Feb 3, 2013

navegaki.com <-- This is related to Portal Sepeti

Troysoftware <-- This came on board at the same time as the rest, is this something you use ?

Nillor · Feb 3, 2013

I don't recognise either of those urls so i guess they are atleast part of the problem.
I got a feeling that you're close to a solution!

ken545 · Feb 3, 2013

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Firefox::

Code:

Firefox::
FF - prefs.js: browser.search.selectedEngine - navegaki
FF - prefs.js..browser.search.defaultenginename: "navegaki"
FF - prefs.js..browser.search.selectedEngine: "navegaki"
FF - prefs.js: keyword.URL - hxxp://search.portalsepeti.com?q=
FF - prefs.js..keyword.URL: "http://search.portalsepeti.com?q="

Folder::
C:\Program Files (x86)\Troysoftware

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Then run DDS and post a new log please

Download DDS from one of the links below to your desktop

Link 1
Link 2

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)

Nillor · Feb 3, 2013

ComboFix 13-02-03.02 - Bruger 03-02-2013 18:21:45.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.4087.2400 [GMT 1:00]
Kører fra: c:\users\Bruger\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Bruger\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Troysoftware
c:\program files (x86)\Troysoftware\sfxcallback.exe
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2013-01-03 til 2013-02-03 )))))))))))))))))))))))))))))))))))
.
.
2013-02-03 17:33 . 2013-02-03 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-03 11:04 . 2013-02-03 11:04 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\offreg.dll
2013-02-03 11:00 . 2013-02-03 11:00 -------- d-----w- c:\windows\ERUNT
2013-02-03 10:59 . 2013-02-03 11:00 -------- d-----w- C:\JRT
2013-02-02 21:58 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\mpengine.dll
2013-01-29 20:20 . 2013-01-29 20:20 -------- d-----w- c:\users\Bruger\AppData\Roaming\Malwarebytes
2013-01-29 20:19 . 2013-01-29 20:19 -------- d-----w- c:\programdata\Malwarebytes
2013-01-29 20:19 . 2013-02-02 21:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-29 14:57 . 2013-01-29 14:57 -------- d-----w- C:\_OTL
2013-01-27 10:44 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-25 12:45 . 2013-01-26 00:45 -------- d-----w- c:\users\Bruger\AppData\Local\{AA35EEC0-44DB-47B2-BF64-08FA2011CBE6}
2013-01-25 05:23 . 2013-01-25 05:23 42880 ----a-w- c:\windows\SysWow64\xfcodec.dll
2013-01-25 05:23 . 2013-01-25 05:23 28544 ----a-w- c:\windows\system32\xfcodec64.dll
2013-01-22 19:26 . 2013-01-22 19:26 -------- d-----w- c:\program files (x86)\ERUNT
2013-01-21 18:40 . 2013-02-03 11:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-21 18:40 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-01-21 18:40 . 2013-01-21 18:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-01-21 18:39 . 2013-01-21 18:39 -------- d-----w- c:\users\Bruger\AppData\Local\Programs
2013-01-21 15:48 . 2013-01-21 15:48 -------- d-----w- c:\programdata\ATI
2013-01-21 15:47 . 2013-01-21 15:47 -------- d-----w- c:\program files (x86)\AMD AVT
2013-01-21 15:47 . 2013-01-21 15:47 -------- d-----w- c:\program files (x86)\AMD APP
2013-01-18 22:03 . 2013-02-02 21:29 -------- d-----w- c:\windows\SysWow64\NTServer
2013-01-18 22:03 . 2013-01-09 08:49 802760 ----a-w- c:\windows\SysWow64\navegaki.exe
2013-01-15 14:56 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll
2013-01-09 21:36 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 21:36 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 21:36 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 21:36 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 21:36 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 21:36 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 21:36 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 21:36 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 21:36 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 21:36 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-09 21:34 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 21:34 . 2012-11-30 04:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-01-09 21:34 . 2012-11-30 05:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-01-09 21:34 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-09 21:34 . 2012-11-30 05:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-09 21:34 . 2012-11-30 05:45 243200 ----a-w- c:\windows\system32\wow64.dll
2013-01-09 21:34 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-01-09 21:34 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-01-09 21:34 . 2012-11-30 04:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-09 21:34 . 2012-11-30 03:23 338432 ----a-w- c:\windows\system32\conhost.exe
2013-01-09 21:34 . 2012-11-30 02:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-09 21:34 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 21:32 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 21:32 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2010-03-19 07:53 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 21:56 . 2010-03-19 07:53 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 16:32 . 2012-04-22 10:41 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 16:32 . 2011-05-14 12:42 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-25 22:05 . 2010-03-21 12:06 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-25 22:05 . 2010-03-21 12:06 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-25 22:05 . 2010-03-21 12:06 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-25 22:05 . 2010-03-21 12:06 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-19 20:50 . 2010-11-05 18:53 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll
2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-12-19 20:09 . 2010-07-07 01:54 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-12-19 20:08 . 2010-07-07 01:53 1151488 ----a-w- c:\windows\system32\aticfx64.dll
2012-12-19 20:06 . 2010-07-07 01:46 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-12-19 19:59 . 2012-12-19 19:59 5087744 ----a-w- c:\windows\system32\atiumd6a.dll
2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-12-19 19:49 . 2009-11-04 15:31 7370752 ----a-w- c:\windows\system32\atidxx64.dll
2012-12-19 19:44 . 2010-11-05 18:54 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-12-19 19:44 . 2012-12-19 19:44 6786560 ----a-w- c:\windows\system32\atiumd64.dll
2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-12-19 19:33 . 2012-12-19 19:33 619008 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2010-07-07 01:15 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-12-19 19:31 . 2010-07-07 01:14 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-12-19 19:31 . 2010-07-07 01:14 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-12-19 19:30 . 2010-07-07 01:14 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-19 14:45 . 2012-12-19 14:45 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-12-19 14:44 . 2012-12-19 14:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-12-19 14:44 . 2012-12-19 14:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-12-19 14:44 . 2012-12-19 14:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll
2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-12-19 14:34 . 2012-12-19 14:34 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-12-16 17:11 . 2012-12-22 02:02 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 02:02 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-09 19:11 . 2010-03-21 21:05 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-09 19:11 . 2010-03-21 21:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-30 04:45 . 2013-01-09 21:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-12 12:28 . 2012-12-12 21:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-12 11:52 . 2012-12-12 21:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-10 15:43 . 2012-11-10 15:43 252296 ----a-w- c:\windows\system32\javaws.exe
2012-11-10 15:43 . 2012-11-10 15:43 188808 ----a-w- c:\windows\system32\javaw.exe
2012-11-10 15:43 . 2012-11-10 15:43 188808 ----a-w- c:\windows\system32\java.exe
2012-11-10 15:43 . 2012-11-10 15:43 627600 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-09 05:45 . 2012-12-12 21:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 21:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-06 11:11 . 2012-11-06 11:11 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-02-11 3253656]
"Akamai NetSession Interface"="c:\users\Bruger\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-20 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-04 380928]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-11-19 2791936]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bruger\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2013-1-25 3560832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 31744]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-05-03 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736]
R3 X6va005;X6va005;c:\users\Bruger\AppData\Local\Temp\0057BAC.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-30 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-11-26 138304]
S2 NTServiceSystem;NTServiceSystem;c:\windows\SysWOW64\NTServer\service.exe [2013-01-08 91728]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 5556520]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-13 1274880]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 18216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Indhold af mappen 'Planlagte Opgaver'
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 16:32]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 15:48]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 15:48]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000Core.job
- c:\users\Bruger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02 22:57]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000UA.job
- c:\users\Bruger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02 22:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-11-26 18:38 82136 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAAUD"="c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe" [BU]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Yderligere scanning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.youtube.com/user/nillor0?feature=mhw4
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\users\Bruger\AppData\Roaming\Mozilla\Firefox\Profiles\6rsi3ybe.default\
FF - prefs.js: browser.search.selectedEngine - navegaki
FF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#!welcome
FF - prefs.js: keyword.URL - hxxp://search.portalsepeti.com?q=
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-Europe MapleStory_is1 - c:\program files (x86)\NEXON\Europe MapleStory\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Bruger\AppData\Local\Temp\0057BAC.tmp"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,9c,b5,85,78,c7,4e,4c,9c,83,6e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,9c,b5,85,78,c7,4e,4c,9c,83,6e,\
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,c5,ba,ec,ca,28,a1,92,7d,4a,0a,c3,93,a4,a6,29,87,ff,03,41,55,
78,fc,af,7c,a2,e0,87,1e,44,e0,3c,c3,6b,37,8f,7b,96,1f,42,30,2d,77,d9,52,41,\
"rkeysecu"=hex:7b,ac,9d,ad,82,eb,28,77,27,2d,06,30,46,37,fb,5c
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000_Classes\Wow6432Node\CLSID\{5fab6c72-1b6b-4638-8829-5be5c6fd2a10}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):71,3a,34,eb,9a,ff,a2,03,93,5a,5d,b7,18,1c,89,73,f8,36,1b,68,cf,
40,5c,19,87,4e,67,d1,7b,76,9c,fe,a5,fa,bd,6b,bf,de,5a,de,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2013-02-03 18:35:14
ComboFix-quarantined-files.txt 2013-02-03 17:35
ComboFix2.txt 2013-02-03 13:55
.
Pre-Kørsel: 266.483.494.912 byte ledig
Post-Kørsel: 266.413.142.016 byte ledig
.
- - End Of File - - 50418D249A14C88B45300C9D95F2515E

Nillor · Feb 3, 2013

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.11.2
Run by Bruger at 18:44:14 on 2013-02-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.4087.1728 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\SysWOW64\NTServer\service.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Xfire\xfire64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\notepad.exe
C:\Windows\system32\AUDIODG.EXE
C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bruger\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.youtube.com/user/nillor0?feature=mhw4
BHO: IDMIEHlprObj Class: {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Hjælp til logon til Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [Akamai NetSession Interface] "C:\Users\Bruger\AppData\Local\Akamai\netsession_win.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Bruger\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bruger\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Bruger\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Bruger\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{8B7ADDC6-52E6-47B8-AC4E-86D090AC1BF0} : DHCPNameServer = 208.67.222.222 208.67.220.220
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bruger\AppData\Roaming\Mozilla\Firefox\Profiles\6rsi3ybe.default\
FF - prefs.js: browser.search.selectedEngine - navegaki
FF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#!welcome
FF - prefs.js: keyword.URL - hxxp://search.portalsepeti.com?q=
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-10-30 984144]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-10-30 370288]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-10-30 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-30 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-11-12 44808]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-29 8704]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2010-11-26 138304]
R2 NTServiceSystem;NTServiceSystem;C:\Windows\SysWOW64\NTServer\service.exe [2013-1-18 91728]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-21 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-21 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-21 168384]
R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2010-3-22 5556520]
R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2010-3-22 127784]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-19 239616]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-3-19 1274880]
R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-3-22 18216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2011-9-11 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2011-9-11 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2011-9-11 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2011-9-11 34304]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\lgandadb.sys [2011-9-11 31744]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-5-3 131912]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-26 59392]
S3 WatAdminSvc;Tjenesten Windows Aktivering;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-22 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-02-03 13:37:44 98816 ----a-w- C:\Windows\sed.exe
2013-02-03 13:37:44 256000 ----a-w- C:\Windows\PEV.exe
2013-02-03 13:37:44 208896 ----a-w- C:\Windows\MBR.exe
2013-02-03 11:04:04 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\offreg.dll
2013-02-03 11:00:15 -------- d-----w- C:\Windows\ERUNT
2013-02-03 10:59:12 -------- d-----w- C:\JRT
2013-02-03 10:50:49 -------- d-----w- C:\Users\Bruger\AppData\Local\{94E4EFB3-A776-4521-A41D-2A5861723B9C}
2013-02-02 21:58:20 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\mpengine.dll
2013-02-02 21:39:36 -------- d-----w- C:\Users\Bruger\AppData\Local\{02155C00-241D-4FF8-B2E1-14100759040E}
2013-02-02 11:14:12 -------- d-----w- C:\Users\Bruger\AppData\Local\{E4657B68-3E84-4AF3-B787-EA1BDE309D1A}
2013-02-01 12:48:24 -------- d-----w- C:\Users\Bruger\AppData\Local\{C0DB8895-72E6-4886-A1E1-07CEC6E5267A}
2013-01-31 12:42:35 -------- d-----w- C:\Users\Bruger\AppData\Local\{C39DD8AB-5E30-41F3-9D04-DE1133ED8752}
2013-01-30 11:49:19 -------- d-----w- C:\Users\Bruger\AppData\Local\{90AE50FD-9303-485D-937E-50F229AC7A54}
2013-01-29 20:20:13 -------- d-----w- C:\Users\Bruger\AppData\Roaming\Malwarebytes
2013-01-29 20:19:49 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-29 20:19:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-29 14:57:46 -------- d-----w- C:\_OTL
2013-01-29 14:44:07 -------- d-----w- C:\Users\Bruger\AppData\Local\{FD25824F-E47D-4522-B2DD-3173B26B4885}
2013-01-28 14:16:44 -------- d-----w- C:\Users\Bruger\AppData\Local\{2591BA1E-11E1-4963-AF84-D1AC5A065C1F}
2013-01-27 12:47:19 -------- d-----w- C:\Users\Bruger\AppData\Local\{80A4E37A-80C7-4E1A-808C-4BBF52CD4A63}
2013-01-27 10:44:14 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-26 12:46:12 -------- d-----w- C:\Users\Bruger\AppData\Local\{06ACEED0-7B74-4A95-958F-9FBCB1F4E237}
2013-01-25 12:45:19 -------- d-----w- C:\Users\Bruger\AppData\Local\{AA35EEC0-44DB-47B2-BF64-08FA2011CBE6}
2013-01-25 05:23:38 42880 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2013-01-25 05:23:36 28544 ----a-w- C:\Windows\System32\xfcodec64.dll
2013-01-24 14:45:22 -------- d-----w- C:\Users\Bruger\AppData\Local\{7C4DF284-AEF0-4E4D-88D5-561E60381DC8}
2013-01-23 12:48:50 -------- d-----w- C:\Users\Bruger\AppData\Local\{45505061-2BE5-40B7-8A58-462E53843719}
2013-01-22 14:55:21 -------- d-----w- C:\Users\Bruger\AppData\Local\{0C0A1DB9-B608-4D53-A710-2777A970D2FF}
2013-01-21 18:40:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-01-21 18:40:16 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-01-21 18:40:07 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-01-21 18:39:48 -------- d-----w- C:\Users\Bruger\AppData\Local\Programs
2013-01-21 15:47:55 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-01-21 15:47:25 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-01-21 14:20:08 -------- d-----w- C:\Users\Bruger\AppData\Local\{C8372F4E-B80A-4AE0-99C7-1F51F0FF1D88}
2013-01-20 12:48:43 -------- d-----w- C:\Users\Bruger\AppData\Local\{FAB92882-37BC-4912-A450-E36FAEA73A2F}
2013-01-19 12:47:37 -------- d-----w- C:\Users\Bruger\AppData\Local\{9BBCFB09-E8F7-44CC-ADF3-A98D7E45C7C5}
2013-01-19 00:46:57 -------- d-----w- C:\Users\Bruger\AppData\Local\{7E574572-E413-458C-A8B9-0226847DAC40}
2013-01-18 22:03:19 802760 ----a-w- C:\Windows\SysWow64\navegaki.exe
2013-01-18 22:03:19 -------- d-----w- C:\Windows\SysWow64\NTServer
2013-01-18 12:46:25 -------- d-----w- C:\Users\Bruger\AppData\Local\{F4DDDC70-C22D-4BFC-AE2C-EF4E6E297811}
2013-01-17 10:49:37 -------- d-----w- C:\Users\Bruger\AppData\Local\{667BE21D-13E4-4AF4-87A6-07B5A7B8E929}
2013-01-16 14:48:58 -------- d-----w- C:\Users\Bruger\AppData\Local\{1E8AF24E-87A1-4258-92D1-70B1D3BA48BF}
2013-01-15 14:48:34 -------- d-----w- C:\Users\Bruger\AppData\Local\{DB4E1AE5-94DE-4C99-8BFB-34ABEE2BE75B}
2013-01-14 12:49:28 -------- d-----w- C:\Users\Bruger\AppData\Local\{077AC819-7F9D-4268-A83E-489C10E7CD18}
2013-01-13 12:21:41 -------- d-----w- C:\Users\Bruger\AppData\Local\{42950187-9F23-44D9-9F6F-9D406D865F5C}
2013-01-12 12:20:52 -------- d-----w- C:\Users\Bruger\AppData\Local\{BD0EA2A4-A61F-4F32-905A-3A4B2EF2869E}
2013-01-11 10:44:17 -------- d-----w- C:\Users\Bruger\AppData\Local\{3C5581A0-6740-475A-83C5-48A6CFE224AB}
2013-01-10 14:26:36 -------- d-----w- C:\Users\Bruger\AppData\Local\{5CBBC934-179C-4066-8F26-090E0F9576B9}
2013-01-09 21:36:49 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 21:36:48 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 21:36:15 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 21:36:14 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 21:36:13 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 21:36:13 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-09 21:36:11 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-09 21:36:11 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-09 21:36:09 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-01-09 21:36:08 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-01-09 21:34:09 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-01-09 21:34:08 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-01-09 21:34:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-01-09 21:34:03 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-09 21:34:02 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-09 21:34:02 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-01-09 21:34:02 243200 ----a-w- C:\Windows\System32\wow64.dll
2013-01-09 21:34:02 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-01-09 21:34:02 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-09 21:34:02 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-01-09 21:34:00 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 21:32:24 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-09 21:32:18 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-09 14:44:22 -------- d-----w- C:\Users\Bruger\AppData\Local\{C53FB7B9-BDFE-402D-AF6B-AD6EA5A040AA}
2013-01-08 14:46:58 -------- d-----w- C:\Users\Bruger\AppData\Local\{D609CD34-3B93-496D-952B-43A393614954}
2013-01-07 12:43:20 -------- d-----w- C:\Users\Bruger\AppData\Local\{BAB20A47-6E48-46DA-A644-0904F6F21FEE}
2013-01-06 13:08:43 -------- d-----w- C:\Users\Bruger\AppData\Local\{EF1C9AFA-7510-47DB-AA90-15062C205288}
2013-01-06 00:19:41 -------- d-----w- C:\Users\Bruger\AppData\Local\{D93E9ABD-EFD9-4612-A009-F5BE9BD746C8}
2013-01-05 12:19:14 -------- d-----w- C:\Users\Bruger\AppData\Local\{1F1978E7-3F16-475D-9AF4-D61890DD6D03}
2013-01-04 18:33:35 -------- d-----w- C:\Users\Bruger\AppData\Local\{C5CA2A1E-494A-4CB6-8B39-7C6BBB349CD6}
.
==================== Find3M ====================
.
2013-01-17 00:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-09 16:32:26 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-09 16:32:25 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-25 22:05:17 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-12-25 22:05:17 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-12-25 22:05:17 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-12-25 22:05:17 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll
2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll
2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll
2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe
2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-12-19 19:54:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-12-19 19:49:00 7370752 ----a-w- C:\Windows\System32\atidxx64.dll
2012-12-19 19:44:28 4162048 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-12-19 19:44:12 6786560 ----a-w- C:\Windows\System32\atiumd64.dll
2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-12-19 19:33:42 619008 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-12-19 19:33:32 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-12-19 19:33:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-12-19 19:33:14 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-12-19 19:33:14 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-12-19 19:33:10 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-12-19 19:33:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-12-19 19:32:54 552960 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-12-19 19:31:14 130048 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-12-19 19:31:08 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-12-19 19:31:00 104448 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-12-19 19:30:52 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-12-19 19:30:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-12-19 14:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe
2012-12-19 14:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-12-19 14:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-12-19 14:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-12-19 14:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-12-19 14:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll
2012-12-19 14:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-12-19 14:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-12-19 14:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-09 19:11:49 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-09 19:11:49 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:38:45 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 04:45:15 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-10 15:43:20 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-06 11:11:52 96256 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
.
============= FINISH: 18:44:29,55 ===============

ken545 · Feb 3, 2013

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Firefox::

Code:

Firefox::
FF - ProfilePath - C:\Users\Bruger\AppData\Roaming\Mozilla\Firefox\Profiles\6rsi3ybe.default\
FF - prefs.js: browser.search.selectedEngine - navegaki
FF - prefs.js: keyword.URL - hxxp://search.portalsepeti.com?q=

File::
C:\Windows\SysWow64\navegaki.exe

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Then run a new scan with OTL and post the new log please

Nillor · Feb 3, 2013

ComboFix 13-02-03.03 - Bruger 03-02-2013 19:49:31.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.4087.2068 [GMT 1:00]
Kører fra: c:\users\Bruger\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Bruger\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\navegaki.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bruger\AppData\Local\{C8372F4E-B80A-4AE0-99C7-1F51F0FF1D88}
c:\windows\SysWow64\navegaki.exe
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2013-01-03 til 2013-02-03 )))))))))))))))))))))))))))))))))))
.
.
2013-02-03 18:58 . 2013-02-03 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-03 11:04 . 2013-02-03 11:04 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\offreg.dll
2013-02-03 11:00 . 2013-02-03 11:00 -------- d-----w- c:\windows\ERUNT
2013-02-03 10:59 . 2013-02-03 11:00 -------- d-----w- C:\JRT
2013-02-02 21:58 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{973E3FD7-C329-4B78-979B-CD255ACE070E}\mpengine.dll
2013-01-29 20:20 . 2013-01-29 20:20 -------- d-----w- c:\users\Bruger\AppData\Roaming\Malwarebytes
2013-01-29 20:19 . 2013-01-29 20:19 -------- d-----w- c:\programdata\Malwarebytes
2013-01-29 20:19 . 2013-02-02 21:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-29 14:57 . 2013-01-29 14:57 -------- d-----w- C:\_OTL
2013-01-27 10:44 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-25 12:45 . 2013-01-26 00:45 -------- d-----w- c:\users\Bruger\AppData\Local\{AA35EEC0-44DB-47B2-BF64-08FA2011CBE6}
2013-01-25 05:23 . 2013-01-25 05:23 42880 ----a-w- c:\windows\SysWow64\xfcodec.dll
2013-01-25 05:23 . 2013-01-25 05:23 28544 ----a-w- c:\windows\system32\xfcodec64.dll
2013-01-22 19:26 . 2013-01-22 19:26 -------- d-----w- c:\program files (x86)\ERUNT
2013-01-21 18:40 . 2013-02-03 11:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-21 18:40 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-01-21 18:40 . 2013-01-21 18:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-01-21 18:39 . 2013-01-21 18:39 -------- d-----w- c:\users\Bruger\AppData\Local\Programs
2013-01-21 15:48 . 2013-01-21 15:48 -------- d-----w- c:\programdata\ATI
2013-01-21 15:47 . 2013-01-21 15:47 -------- d-----w- c:\program files (x86)\AMD AVT
2013-01-21 15:47 . 2013-01-21 15:47 -------- d-----w- c:\program files (x86)\AMD APP
2013-01-18 22:03 . 2013-02-02 21:29 -------- d-----w- c:\windows\SysWow64\NTServer
2013-01-15 14:56 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll
2013-01-09 21:36 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 21:36 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 21:36 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 21:36 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 21:36 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 21:36 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 21:36 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 21:36 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 21:36 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 21:36 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-09 21:34 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 21:34 . 2012-11-30 04:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-01-09 21:34 . 2012-11-30 05:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-01-09 21:34 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-09 21:34 . 2012-11-30 05:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-09 21:34 . 2012-11-30 05:45 243200 ----a-w- c:\windows\system32\wow64.dll
2013-01-09 21:34 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-01-09 21:34 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-01-09 21:34 . 2012-11-30 04:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-09 21:34 . 2012-11-30 03:23 338432 ----a-w- c:\windows\system32\conhost.exe
2013-01-09 21:34 . 2012-11-30 02:44 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-09 21:34 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 21:32 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 21:32 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 00:28 . 2010-03-19 07:53 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-09 21:56 . 2010-03-19 07:53 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 16:32 . 2012-04-22 10:41 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 16:32 . 2011-05-14 12:42 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-25 22:05 . 2010-03-21 12:06 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-25 22:05 . 2010-03-21 12:06 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-25 22:05 . 2010-03-21 12:06 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-25 22:05 . 2010-03-21 12:06 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-19 20:50 . 2010-11-05 18:53 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll
2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-12-19 20:09 . 2010-07-07 01:54 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-12-19 20:08 . 2010-07-07 01:53 1151488 ----a-w- c:\windows\system32\aticfx64.dll
2012-12-19 20:06 . 2010-07-07 01:46 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-12-19 19:59 . 2012-12-19 19:59 5087744 ----a-w- c:\windows\system32\atiumd6a.dll
2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-12-19 19:49 . 2009-11-04 15:31 7370752 ----a-w- c:\windows\system32\atidxx64.dll
2012-12-19 19:44 . 2010-11-05 18:54 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-12-19 19:44 . 2012-12-19 19:44 6786560 ----a-w- c:\windows\system32\atiumd64.dll
2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-12-19 19:33 . 2012-12-19 19:33 619008 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2010-07-07 01:15 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-12-19 19:31 . 2010-07-07 01:14 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-12-19 19:31 . 2010-07-07 01:14 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-12-19 19:30 . 2010-07-07 01:14 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-19 14:45 . 2012-12-19 14:45 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-12-19 14:44 . 2012-12-19 14:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-12-19 14:44 . 2012-12-19 14:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-12-19 14:44 . 2012-12-19 14:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll
2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-12-19 14:34 . 2012-12-19 14:34 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-12-16 17:11 . 2012-12-22 02:02 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 02:02 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 02:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-09 19:11 . 2010-03-21 21:05 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-09 19:11 . 2010-03-21 21:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-30 04:45 . 2013-01-09 21:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-12 12:28 . 2012-12-12 21:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-12 11:52 . 2012-12-12 21:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-10 15:43 . 2012-11-10 15:43 252296 ----a-w- c:\windows\system32\javaws.exe
2012-11-10 15:43 . 2012-11-10 15:43 188808 ----a-w- c:\windows\system32\javaw.exe
2012-11-10 15:43 . 2012-11-10 15:43 188808 ----a-w- c:\windows\system32\java.exe
2012-11-10 15:43 . 2012-11-10 15:43 627600 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-09 05:45 . 2012-12-12 21:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 21:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-06 11:11 . 2012-11-06 11:11 96256 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-02-11 3253656]
"Akamai NetSession Interface"="c:\users\Bruger\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-20 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-04 380928]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-11-19 2791936]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bruger\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2013-1-25 3560832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-12-07 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-12-07 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-12-07 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-12-07 34304]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 31744]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-05-03 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1255736]
R3 X6va005;X6va005;c:\users\Bruger\AppData\Local\Temp\0057BAC.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-30 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-11-26 138304]
S2 NTServiceSystem;NTServiceSystem;c:\windows\SysWOW64\NTServer\service.exe [2013-01-08 91728]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 5556520]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 127784]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-13 1274880]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 18216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Indhold af mappen 'Planlagte Opgaver'
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 16:32]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 15:48]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-20 15:48]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000Core.job
- c:\users\Bruger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02 22:57]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000UA.job
- c:\users\Bruger\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02 22:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruger\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-11-26 18:38 82136 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAAUD"="c:\program files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe" [BU]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Yderligere scanning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.youtube.com/user/nillor0?feature=mhw4
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\Bruger\AppData\Roaming\Mozilla\Firefox\Profiles\6rsi3ybe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.quakelive.com/#!welcome
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-Europe MapleStory_is1 - c:\program files (x86)\NEXON\Europe MapleStory\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Bruger\AppData\Local\Temp\0057BAC.tmp"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,9c,b5,85,78,c7,4e,4c,9c,83,6e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,9c,b5,85,78,c7,4e,4c,9c,83,6e,\
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\SecuROM\License information*]
"datasecu"=hex:0f,c5,ba,ec,ca,28,a1,92,7d,4a,0a,c3,93,a4,a6,29,87,ff,03,41,55,
78,fc,af,7c,a2,e0,87,1e,44,e0,3c,c3,6b,37,8f,7b,96,1f,42,30,2d,77,d9,52,41,\
"rkeysecu"=hex:7b,ac,9d,ad,82,eb,28,77,27,2d,06,30,46,37,fb,5c
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000_Classes\Wow6432Node\CLSID\{5fab6c72-1b6b-4638-8829-5be5c6fd2a10}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):71,3a,34,eb,9a,ff,a2,03,93,5a,5d,b7,18,1c,89,73,f8,36,1b,68,cf,
40,5c,19,87,4e,67,d1,7b,76,9c,fe,a5,fa,bd,6b,bf,de,5a,de,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2013-02-03 20:00:24
ComboFix-quarantined-files.txt 2013-02-03 19:00
ComboFix2.txt 2013-02-03 17:35
ComboFix3.txt 2013-02-03 13:55
.
Pre-Kørsel: 265.328.693.248 byte ledig
Post-Kørsel: 267.874.750.464 byte ledig
.
- - End Of File - - 7E84BDD8CEEEDCA5EC83652C3C563A1F

Nillor · Feb 3, 2013

OTL logfile created on: 03-02-2013 20:06:48 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bruger\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3,99 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 39,13% Memory free
7,98 Gb Paging File | 5,09 Gb Available in Paging File | 63,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 249,56 Gb Free Space | 26,79% Space Free | Partition Type: NTFS

Computer Name: BRUGER-PC | User Name: Bruger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bruger\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
PRC - C:\Windows\SysWOW64\NTServer\service.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programmer\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programmer\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Steam\SDL.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll ()
MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\libglesv2.dll ()
MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\libegl.dll ()
MOD - C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDad.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NTServiceSystem) -- C:\Windows\SysWOW64\NTServer\service.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avast! Antivirus) -- C:\Programmer\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Desura Install Service) -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe (Desura Pty Ltd)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (wlidsvc) -- C:\Programmer\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (LBTServ) -- C:\Programmer\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (wlcrasvc) -- C:\Programmer\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WTouchService) -- C:\Programmer\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\drivers\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\lgandadb.sys (Google Inc)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/user/nillor0?feature=mhw4
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 4B 7D F0 28 C8 CA 01 [binary data]
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\SearchScopes,DefaultScope = {4C430FFD-3E0B-45C9-B13E-BC32314A0D74}
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\SearchScopes\{4C430FFD-3E0B-45C9-B13E-BC32314A0D74}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7SKPB_daDK371
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\SearchScopes\{7DC0055E-1C76-479B-9C92-9D2459569A1F}: "URL" = http://search.portalsepeti.com/?hl=tr&tbm=web&q={searchTerms}&oem=MUH&uid=WD-WCAV56241704_WDCWD10EARS-00Y5B1&tm=1358546600
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "navegaki"
FF - prefs.js..browser.startup.homepage: "http://www.quakelive.com/#!welcome"
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.110.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.3.0.11079
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:7.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "74.115.1.13"
FF - prefs.js..network.proxy.http_port: 80
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Bruger\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bruger\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bruger\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bruger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-12 15:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-07-09 23:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-01-09 15:47:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Bruger\AppData\Roaming\IDM\idmmzcc3 [2011-02-11 23:19:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Bruger\AppData\Roaming\IDM\idmmzcc3 [2011-02-11 23:19:52 | 000,000,000 | ---D | M]

[2012-09-15 16:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\Extensions
[2012-09-15 16:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012-05-19 20:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\Firefox\Profiles\6rsi3ybe.default\extensions
[2011-06-29 13:04:20 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Bruger\AppData\Roaming\mozilla\Firefox\Profiles\6rsi3ybe.default\extensions\battlefieldheroespatcher@ea.com
[2011-07-10 14:21:52 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Bruger\AppData\Roaming\mozilla\Firefox\Profiles\6rsi3ybe.default\extensions\battlefieldplay4free@ea.com
[2011-12-11 02:04:19 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\firefox\profiles\6rsi3ybe.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2012-05-19 20:16:04 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Bruger\AppData\Roaming\mozilla\firefox\profiles\6rsi3ybe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012-04-21 23:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012-10-30 15:20:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010-06-08 13:31:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-14 14:47:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-11-24 00:33:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-03-12 10:59:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-06-10 15:56:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012-04-21 23:13:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012-11-12 15:34:32 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011-07-09 23:13:52 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013-01-18 23:04:07 | 000,005,010 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\navegaki.xml

========== Chrome ==========

CHR - homepage: http://www.youtube.com/playlist?list=FLcctdmA37swZQOi-TKPMChw&feature=plcp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.youtube.com/playlist?list=FLcctdmA37swZQOi-TKPMChw&feature=plcp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\npBP4FUpdater.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\BP4FUpdater.exe
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\npBFHUpdater.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\BFHUpdater.exe
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files (x86)\DNA\plugins\npbtdna.dll
CHR - plugin: Downloader Detector (Enabled) = C:\Program Files (x86)\Downloader\npdd.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Bruger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Bruger\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube Options for Google Chrome\u2122 = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.104_0\
CHR - Extension: YouTube = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Battlefield Heroes = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.196.0_0\
CHR - Extension: Adblock Plus = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-s\u00F8gning = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Battlefield Play4Free = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\
CHR - Extension: Battlefield Heroes = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.145.0_0\
CHR - Extension: avast! WebRep = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_1\
CHR - Extension: 4chan Plus = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\2.5.5_0\
CHR - Extension: Gmail = C:\Users\Bruger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013-02-03 19:58:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmer\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmer\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmer\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmer\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [Akamai NetSession Interface] C:\Users\Bruger\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)

Nillor · Feb 3, 2013

O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bruger\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7ADDC6-52E6-47B8-AC4E-86D090AC1BF0}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programmer\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-02-03 20:00:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013-02-03 14:37:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013-02-03 14:37:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013-02-03 14:37:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013-02-03 12:33:27 | 000,000,000 | ---D | C] -- C:\Users\Bruger\Documents\ProcAlyzer Dumps
[2013-02-03 12:27:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-02-03 12:25:33 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\Bruger\Desktop\ComboFix.exe
[2013-02-03 12:00:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-02-03 11:59:12 | 000,000,000 | ---D | C] -- C:\JRT
[2013-02-03 11:59:07 | 000,547,275 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Bruger\Desktop\JRT.exe
[2013-02-03 11:50:49 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{94E4EFB3-A776-4521-A41D-2A5861723B9C}
[2013-02-02 22:39:36 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{02155C00-241D-4FF8-B2E1-14100759040E}
[2013-02-02 12:14:12 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{E4657B68-3E84-4AF3-B787-EA1BDE309D1A}
[2013-02-01 13:48:24 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{C0DB8895-72E6-4886-A1E1-07CEC6E5267A}
[2013-01-31 13:42:35 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{C39DD8AB-5E30-41F3-9D04-DE1133ED8752}
[2013-01-30 12:49:19 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{90AE50FD-9303-485D-937E-50F229AC7A54}
[2013-01-29 21:20:13 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Roaming\Malwarebytes
[2013-01-29 21:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-01-29 21:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-01-29 21:19:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013-01-29 15:57:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-01-29 15:44:07 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{FD25824F-E47D-4522-B2DD-3173B26B4885}
[2013-01-28 16:15:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bruger\Desktop\OTL.exe
[2013-01-28 15:16:44 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{2591BA1E-11E1-4963-AF84-D1AC5A065C1F}
[2013-01-27 13:47:19 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{80A4E37A-80C7-4E1A-808C-4BBF52CD4A63}
[2013-01-27 11:44:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-01-27 11:44:14 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013-01-27 11:44:14 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-01-26 19:07:05 | 000,000,000 | ---D | C] -- C:\Users\Bruger\Desktop\Tripcode_Explorer
[2013-01-26 13:46:12 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{06ACEED0-7B74-4A95-958F-9FBCB1F4E237}
[2013-01-25 13:45:19 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{AA35EEC0-44DB-47B2-BF64-08FA2011CBE6}
[2013-01-24 15:45:22 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{7C4DF284-AEF0-4E4D-88D5-561E60381DC8}
[2013-01-23 19:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2013-01-23 13:48:50 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{45505061-2BE5-40B7-8A58-462E53843719}
[2013-01-22 20:27:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013-01-22 20:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013-01-22 20:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013-01-22 15:55:21 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{0C0A1DB9-B608-4D53-A710-2777A970D2FF}
[2013-01-21 19:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013-01-21 19:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013-01-21 19:40:16 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013-01-21 19:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013-01-21 19:39:48 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\Programs
[2013-01-21 16:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013-01-21 16:47:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013-01-21 16:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013-01-21 16:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013-01-20 13:48:43 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{FAB92882-37BC-4912-A450-E36FAEA73A2F}
[2013-01-19 13:47:37 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{9BBCFB09-E8F7-44CC-ADF3-A98D7E45C7C5}
[2013-01-19 01:46:57 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{7E574572-E413-458C-A8B9-0226847DAC40}
[2013-01-18 23:03:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NTServer
[2013-01-18 13:46:25 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{F4DDDC70-C22D-4BFC-AE2C-EF4E6E297811}
[2013-01-17 11:49:37 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{667BE21D-13E4-4AF4-87A6-07B5A7B8E929}
[2013-01-16 15:48:58 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{1E8AF24E-87A1-4258-92D1-70B1D3BA48BF}
[2013-01-15 15:48:34 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{DB4E1AE5-94DE-4C99-8BFB-34ABEE2BE75B}
[2013-01-14 13:49:28 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{077AC819-7F9D-4268-A83E-489C10E7CD18}
[2013-01-13 13:21:41 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{42950187-9F23-44D9-9F6F-9D406D865F5C}
[2013-01-12 13:20:52 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{BD0EA2A4-A61F-4F32-905A-3A4B2EF2869E}
[2013-01-11 11:44:17 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{3C5581A0-6740-475A-83C5-48A6CFE224AB}
[2013-01-10 15:26:36 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{5CBBC934-179C-4066-8F26-090E0F9576B9}
[2013-01-09 22:36:49 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013-01-09 22:36:48 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013-01-09 22:36:11 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013-01-09 22:36:09 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013-01-09 22:35:56 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013-01-09 22:35:56 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013-01-09 22:35:56 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013-01-09 22:35:56 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013-01-09 22:35:56 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013-01-09 22:35:56 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013-01-09 22:35:56 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013-01-09 22:35:56 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013-01-09 22:35:56 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013-01-09 22:35:56 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013-01-09 22:35:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013-01-09 22:35:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013-01-09 22:35:55 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013-01-09 22:35:54 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013-01-09 22:35:54 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013-01-09 22:35:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013-01-09 22:35:54 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013-01-09 22:35:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013-01-09 22:35:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013-01-09 22:35:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013-01-09 22:35:52 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013-01-09 22:35:52 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013-01-09 22:35:52 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013-01-09 22:35:51 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013-01-09 22:35:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013-01-09 22:35:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013-01-09 22:35:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013-01-09 22:35:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013-01-09 22:35:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013-01-09 22:35:32 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013-01-09 22:35:27 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013-01-09 22:35:27 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013-01-09 22:34:09 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013-01-09 22:34:07 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013-01-09 22:34:03 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013-01-09 22:34:03 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013-01-09 22:34:02 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013-01-09 22:34:02 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013-01-09 22:34:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013-01-09 22:34:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-01-09 22:34:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013-01-09 22:34:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-01-09 22:34:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013-01-09 22:33:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013-01-09 22:33:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013-01-09 22:33:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-01-09 22:33:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013-01-09 22:33:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013-01-09 22:33:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013-01-09 22:33:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013-01-09 22:33:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013-01-09 22:33:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013-01-09 22:33:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-01-09 22:33:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-01-09 22:33:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013-01-09 22:33:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013-01-09 22:33:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-01-09 22:33:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013-01-09 22:33:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013-01-09 22:33:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013-01-09 22:33:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013-01-09 22:33:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-01-09 22:33:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-01-09 22:33:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-01-09 22:33:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-01-09 22:33:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013-01-09 22:33:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013-01-09 22:33:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013-01-09 22:33:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013-01-09 22:33:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013-01-09 22:33:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013-01-09 22:33:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013-01-09 22:33:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-01-09 22:33:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-01-09 22:33:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013-01-09 22:33:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013-01-09 22:33:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013-01-09 22:33:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013-01-09 22:33:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013-01-09 22:33:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013-01-09 22:33:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013-01-09 22:33:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013-01-09 22:33:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013-01-09 22:33:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013-01-09 22:33:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013-01-09 22:33:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013-01-09 22:33:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013-01-09 22:33:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-01-09 22:33:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-01-09 22:33:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-01-09 22:33:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013-01-09 22:33:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013-01-09 22:33:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013-01-09 22:33:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013-01-09 22:33:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-01-09 22:32:24 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013-01-09 15:44:22 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{C53FB7B9-BDFE-402D-AF6B-AD6EA5A040AA}
[2013-01-08 15:46:58 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{D609CD34-3B93-496D-952B-43A393614954}
[2013-01-07 13:43:20 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{BAB20A47-6E48-46DA-A644-0904F6F21FEE}
[2013-01-06 14:08:43 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{EF1C9AFA-7510-47DB-AA90-15062C205288}
[2013-01-06 01:26:03 | 000,000,000 | ---D | C] -- C:\Users\Bruger\Documents\Essentials
[2013-01-06 01:19:41 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{D93E9ABD-EFD9-4612-A009-F5BE9BD746C8}
[2013-01-05 13:19:14 | 000,000,000 | ---D | C] -- C:\Users\Bruger\AppData\Local\{1F1978E7-3F16-475D-9AF4-D61890DD6D03}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-02-03 20:10:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3995930073-3555480574-2151513988-1000UA.job
[2013-02-03 19:58:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013-02-03 19:47:48 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\Bruger\Desktop\ComboFix.exe
[2013-02-03 19:36:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-02-03 19:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-02-03 12:00:00 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-02-03 12:00:00 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-02-03 11:59:00 | 000,547,275 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Bruger\Desktop\JRT.exe
[2013-02-03 11:50:03 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013-02-03 11:49:22 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-02-03 11:48:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-02-03 11:48:18 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2013-02-02 22:36:12 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-02-02 22:36:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013-01-29 15:46:01 | 000,001,051 | ---- | M] () -- C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013-01-28 16:15:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bruger\Desktop\OTL.exe
[2013-01-28 15:15:30 | 000,013,806 | ---- | M] () -- C:\Windows\SysNative\Pen_Tablet.dat
[2013-01-27 03:28:26 | 000,000,173 | ---- | M] () -- C:\Users\Bruger\AppData\Local\msmathematics.qat.Bruger
[2013-01-27 01:56:40 | 000,000,132 | ---- | M] () -- C:\Users\Bruger\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013-01-25 06:23:38 | 000,042,880 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2013-01-25 06:23:36 | 000,028,544 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2013-01-23 19:16:02 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
[2013-01-22 21:43:35 | 000,000,512 | ---- | M] () -- C:\Users\Bruger\Desktop\MBR.dat
[2013-01-22 20:26:37 | 000,001,108 | ---- | M] () -- C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013-01-22 20:26:33 | 000,000,909 | ---- | M] () -- C:\Users\Bruger\Desktop\ERUNT.lnk
[2013-01-19 15:17:06 | 000,001,456 | ---- | M] () -- C:\Users\Bruger\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013-01-18 23:04:08 | 000,000,427 | ---- | M] () -- C:\Windows\SysWow64\ntserverbind.ini
[2013-01-18 23:03:29 | 000,002,216 | ---- | M] () -- C:\Users\Bruger\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013-01-18 23:03:29 | 000,001,533 | ---- | M] () -- C:\Users\Bruger\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013-01-18 23:03:21 | 000,002,207 | ---- | M] () -- C:\Users\Bruger\Application Data\Microsoft\Internet Explorer\Quick Launch\portalsepeti.lnk
[2013-01-12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-01-12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-01-12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013-01-11 14:56:40 | 000,234,496 | ---- | M] () -- C:\Users\Bruger\Documents\gamepad.exe
[2013-01-10 15:21:31 | 004,934,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-01-09 23:06:20 | 001,380,626 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-01-09 23:06:20 | 000,661,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-01-09 23:06:20 | 000,516,486 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2013-01-09 23:06:20 | 000,125,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-01-09 23:06:20 | 000,102,986 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2013-01-09 23:06:10 | 001,380,626 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-01-09 17:32:26 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-01-09 17:32:25 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-02-03 14:37:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013-02-03 14:37:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013-02-03 14:37:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013-02-03 14:37:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013-02-03 14:37:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-02-02 22:36:12 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-01-25 06:23:38 | 000,042,880 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2013-01-25 06:23:36 | 000,028,544 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2013-01-23 19:16:02 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
[2013-01-22 21:43:35 | 000,000,512 | ---- | C] () -- C:\Users\Bruger\Desktop\MBR.dat
[2013-01-22 20:26:37 | 000,001,108 | ---- | C] () -- C:\Users\Bruger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013-01-22 20:26:33 | 000,000,909 | ---- | C] () -- C:\Users\Bruger\Desktop\ERUNT.lnk
[2013-01-21 19:40:24 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013-01-18 23:03:21 | 000,002,207 | ---- | C] () -- C:\Users\Bruger\Application Data\Microsoft\Internet Explorer\Quick Launch\portalsepeti.lnk
[2013-01-18 23:03:19 | 000,000,427 | ---- | C] () -- C:\Windows\SysWow64\ntserverbind.ini
[2013-01-11 14:56:39 | 000,234,496 | ---- | C] () -- C:\Users\Bruger\Documents\gamepad.exe
[2012-12-23 00:38:13 | 000,001,456 | ---- | C] () -- C:\Users\Bruger\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012-12-23 00:28:51 | 000,000,132 | ---- | C] () -- C:\Users\Bruger\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2012-11-08 18:12:40 | 000,000,132 | ---- | C] () -- C:\Users\Bruger\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012-09-09 18:51:29 | 000,266,021 | ---- | C] () -- C:\Windows\QLPrism Uninstaller.exe
[2012-08-29 15:33:55 | 000,000,173 | ---- | C] () -- C:\Users\Bruger\AppData\Local\msmathematics.qat.Bruger
[2012-07-02 23:49:02 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012-05-02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012-02-15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-02-15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011-12-14 04:55:24 | 000,081,920 | ---- | C] () -- C:\Windows\qlprism-uninstall.exe
[2011-12-04 18:37:08 | 000,109,056 | ---- | C] () -- C:\Windows\SysWow64\un-gamma.exe
[2011-10-25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-08-06 23:40:13 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011-08-06 23:40:13 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011-07-29 19:51:30 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011-06-27 00:19:51 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011-02-12 03:24:58 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

========== ZeroAccess Check ==========

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012-12-26 12:10:34 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\.minecraft
[2012-09-20 21:18:58 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\.spotflux
[2010-10-17 12:36:33 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Ableton
[2010-06-26 20:31:20 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Anabel
[2011-08-10 16:18:57 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\AtomZombieData
[2012-05-25 12:46:01 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Audacity
[2012-11-07 18:54:00 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Awesomium
[2012-01-20 14:33:39 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\BigHugeEngine
[2010-05-02 21:24:21 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Bioshock2
[2010-05-31 17:11:22 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\bizarre creations
[2010-05-08 15:26:31 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Blender Foundation
[2012-09-08 15:59:59 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Braid
[2011-07-29 19:51:33 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Broken Rules
[2011-07-27 16:01:42 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Crayon Physics Deluxe
[2010-05-31 12:54:45 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\DAEMON Tools Lite
[2012-06-27 16:16:45 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\digipen
[2013-02-03 19:58:32 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\DMCache
[2011-02-05 22:55:28 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Downloaded Installations
[2013-02-03 11:50:20 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Dropbox
[2010-06-28 14:39:35 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Facebook
[2012-06-02 11:57:22 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\fltk.org
[2010-11-19 16:22:46 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\GameRanger
[2011-07-10 10:15:46 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\go
[2011-01-28 21:08:37 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Gyazo
[2010-10-18 14:09:05 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Hardcore
[2013-02-02 22:28:42 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\IDM
[2011-07-29 19:56:54 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Lazy 8 Studios
[2010-03-20 20:49:46 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Leadertech
[2011-03-11 23:18:27 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\LolClient
[2012-06-08 17:27:20 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\LoneSurvivor
[2011-05-14 16:20:50 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Mount&Blade Warband
[2012-09-23 21:02:35 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Mumble
[2012-07-27 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Need for Speed World
[2011-12-20 17:49:33 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Nicalis
[2010-12-25 18:43:51 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\NPLUTO Corporation
[2011-10-07 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\OpenOffice.org
[2011-07-27 15:17:37 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Origin
[2012-01-15 02:17:46 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\RenPy
[2012-07-03 16:17:47 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\RotMG.Production
[2012-07-01 15:25:13 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Screaming Bee
[2012-11-08 14:39:28 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012-12-03 16:08:01 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\StepMania 5
[2011-01-26 22:16:44 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Subversion
[2012-08-16 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Thinstall
[2011-08-20 14:02:18 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\TinyAndBig
[2011-07-10 21:12:25 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\TS3Client
[2011-07-10 16:18:30 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\ts3overlay
[2013-02-02 22:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\uTorrent
[2012-03-17 23:56:16 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\wargaming.net
[2011-09-16 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\Bruger\AppData\Roaming\Windows Live Writer
[2012-09-25 18:17:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Thinstall
[2012-09-25 18:17:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Thinstall

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP

1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C9FD258B

< End of report >

ken545 · Feb 3, 2013

Are you aware that your internet connection is going through a server in San Francisco, have you aloud this for one of your game sites ?

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\..\SearchScopes\{7DC0055E-1C76-479B-9C92-9D2459569A1F}: "URL" = http://search.portalsepeti.com/?hl=tr&tbm=web&q={searchTerms}&oem=MUH&uid=WD-WCAV56241704_WDCWD10EARS-00Y5B1&tm=1358546600
IE - HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
FF - prefs.js..browser.search.defaultenginename: "navegaki"
FF - prefs.js..network.proxy.http: "74.115.1.13"
FF - prefs.js..network.proxy.http_port: 80


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Also rescan with OTL and post a new log please

Nillor · Feb 4, 2013

I don't know about that san francisco thing. I've probably aloowed it one some game site, since i have a bad habbit of pressing accept and next until my game installs :v

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7DC0055E-1C76-479B-9C92-9D2459569A1F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DC0055E-1C76-479B-9C92-9D2459569A1F}\ not found.
HKU\S-1-5-21-3995930073-3555480574-2151513988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "navegaki" removed from browser.search.defaultenginename
Prefs.js: "74.115.1.13" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.
C:\Users\Bruger\Desktop\cmd.bat deleted successfully.
C:\Users\Bruger\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Bruger
->Temp folder emptied: 9287 bytes
->Temporary Internet Files folder emptied: 935583 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1860299 bytes
->Google Chrome cache emptied: 356545523 bytes
->Flash cache emptied: 941 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 453977 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 343,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02042013_160347

Files\Folders moved on Reboot...
C:\Users\Bruger\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Portal sepeti homepage swap

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

New member

New member

Emeritus-Security Expert

New member