CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

ChinkyThai Nybegynder

21. september 2012 - 11:35 Der er 45 kommentarer

Hjælp Please med firewall / tjenerster

Hej Eksperten.
Internettet virker fint samt med at downloade forskellige programmer men da jeg skulle til at fix min iphone fordi den var gået i stå af en eller anden grund så kom den op med popup der sagde at tjenesten ikke var tilgængelig lige nu prøv igen senere. Kan hverken opdatere eller gendanne min mobil.
Firewall laver samme nummer. Kan ikke søge efter opdateringer mere og kan heller ik aktivere den igen.

Har en Windows Vista Home Basic.
2007 Microsoft Corporation.
Service Pack 2.
32-bit operativsystem.

Har taget en Hijackthis scan og kom op med:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:13:15, on 21-09-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Users\Naasu\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=91&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll
O2 - BHO: Download and Sa - {145D2A09-3C23-CF24-67CA-3455F8245A01} - C:\ProgramData\Download and Sa\5057c85a968f3.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Host-process Windows (Rundll32.exe)] C:\Users\Naasu\AppData\Roaming\csrss.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F4C8AF9B51306D74E79BBEB5F0B61AB6] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user')
O4 - Startup: Indholdsfortegnelse i OneNote.onetoc2
O8 - Extra context menu item: &AOL Toolbar-søgning - C:\ProgramData\AOL\ieToolbar\resources\da-DK\local\search.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Naasu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Naasu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Casino Classic - {0EE18140-BC5C-4C0B-9C7C-7B601DAFC7FB} - (no file) (HKCU)
O9 - Extra button: Jackpot City Online Casino - {94C4F333-026D-4E79-9F9E-A18BFE30734D} - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://games.bigfishgames.com/en_cinematycoon/online/cinematycoon.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51EBE8B1-F87E-496D-9AA6-0177D1388248}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Tjenesten Google Update (gupdate1c9e0051064810a) (gupdate1c9e0051064810a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Synes godt om

ChinkyThai Nybegynder

21. september 2012 - 18:27 #1

Nogle der supportere der frisk på at tag imod mit spørgsmål?
Skal have fixet det hurtigst muligt.

Synes godt om

f-arn Guru

22. september 2012 - 11:05 #2

Du får nok ikke din Firewall/tjenester til at virke, før du fjerner de tydelige infektioner du har.

Synes godt om

ChinkyThai Nybegynder

22. september 2012 - 19:51 #3

Er det muligt og guide mig igennem da jeg ikke er den mest begavet til computer? Please fortæl mig hvad jeg skal gøre for at fixe det her problem?

Synes godt om

ChinkyThai Nybegynder

22. september 2012 - 19:55 #4

Hvad skal der fjernes og hvordan? Har desværre ikke styr på det med at fjerne skadeligt software eller virus da jeg bare bruger scannings programmer der finder og automatisk retter dem men tyder jo bare på det ikke helt virker :/

Synes godt om

f-arn Guru

22. september 2012 - 20:58 #5

Hent "Malwarebytes' Anti-Malware" her

eller her

Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "Fuld system skan" under fanebladet "skanner"
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" gem loggen og send den herind sammen med logs fra DDS.

Du kan også bruge denne DDS.

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af begge herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet.

Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator.

NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer.

Jeg vil gerne se: (Lavet i den rækkefølge)

1. Log fra Malwarebytes. (Opdateret)

2. Logs fra DDS. (DDS.txt og Attach.txt)

Synes godt om

ChinkyThai Nybegynder

22. september 2012 - 21:24 #6

ok følger din guide og så vender jeg tilbage så hurtigst muligt.

Synes godt om

ChinkyThai Nybegynder

23. september 2012 - 08:18 #7

Malwarebytes Anti-Malware (Prøveversion) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.22.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Naasu :: NAASU-PC [administrator]

Beskyttelse: Slået til

22-09-2012 21:51:05
mbam-log-2012-09-22 (21-51-05).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 618858
Tid gået: 9 time(e), 8 minut(ter), 45 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 1
C:\ProgramData\Download and Sa\5057c85a968f3.dll (PUP.DownloadnSave) -> Ingen handling valgt.

Registreringsdatabasenøgler Inficeret: 10
HKCR\CLSID\{145D2A09-3C23-CF24-67CA-3455F8245A01} (PUP.DownloadnSave) -> Ingen handling valgt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{145D2A09-3C23-CF24-67CA-3455F8245A01} (PUP.DownloadnSave) -> Ingen handling valgt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{145D2A09-3C23-CF24-67CA-3455F8245A01} (PUP.DownloadnSave) -> Ingen handling valgt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{145D2A09-3C23-CF24-67CA-3455F8245A01} (PUP.DownloadnSave) -> Ingen handling valgt.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Ingen handling valgt.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Ingen handling valgt.
HKCU\SOFTWARE\MNTK1K67YO (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
HKCU\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Sat i karantæne og slettet succesfuldt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Sat i karantæne og slettet succesfuldt.

Registreringsdatabaseværdier Inficeret: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\Naasu\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n. -> Sat i karantæne og slettet succesfuldt.

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 1
C:\Users\Naasu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurity) -> Sat i karantæne og slettet succesfuldt.

Inficerede Filer: 58
C:\ProgramData\Download and Sa\5057c85a968f3.dll (PUP.DownloadnSave) -> Ingen handling valgt.
C:\ProgramData\82yDVC1l.exe (Malware.Packer.Gen) -> Sat i karantæne og slettet succesfuldt.
C:\ProgramData\82yDVC1l.exe_ (Malware.Packer.Gen) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTCF31.tmp (Trojan.Dropper) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTDA38.tmp (Trojan.Scar) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTE06F.tmp (Trojan.LVBP) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTE790.tmp (Trojan.Scar) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTE7CF.tmp (Trojan.Dropper) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTEB.tmp (Trojan.Dropper) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTEF3E.tmp (Trojan.Scar) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTFF2B.tmp (Trojan.Scar) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTFFA3.tmp (Trojan.LVBP) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRT1B1E.tmp (Trojan.LVBP) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\B115.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\5AAD.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\656.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\6B9D.tmp (Trojan.Agent) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRT24FF.tmp (Trojan.Dropper) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTCD9B.tmp (Trojan.Dropper) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\3C2A.tmp (Trojan.Agent) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\EA9C.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\EBC4.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\274E.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\3081.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\9B35.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\A4C.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\4E.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\1420.tmp (Trojan.Dropper) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\1563.tmp (Trojan.Dropper) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\D374.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\D410.tmp (Trojan.Agent) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\D7B8.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRT3069.tmp (Trojan.Dropper) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRT318D.tmp (Trojan.Dropper) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRT3C92.tmp (Trojan.Scar) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRT4162.tmp (Trojan.LVBP) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRT4DE2.tmp (Trojan.Dropper) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRT677A.tmp (Trojan.Dropper) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRT7261.tmp (Trojan.Scar) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRT91C4.tmp (Trojan.Dropper) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRT924.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRT9D48.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTA12E.tmp (Trojan.LVBP) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTA801.tmp (Trojan.Scar) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTBBB0.tmp (Trojan.LVBP) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTC31F.tmp (Trojan.LVBP) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\VRTCB1C.tmp (Trojan.Dropper) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\E243.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\E5EB.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Local\Temp\F94C.tmp (Trojan.Inject) -> Sat i karantæne og slettet succesfuldt.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Sat i karantæne og slettet succesfuldt.
C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd9757cfcb129c.0000 (Rootkit.0Access) -> Sat i karantæne og slettet succesfuldt.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n (Trojan.Agent.BVXGen) -> Sat i karantæne og slettet succesfuldt.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@ (Rootkit.Zaccess) -> Sat i karantæne og slettet succesfuldt.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Sat i karantæne og slettet succesfuldt.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@ (Rootkit.0Access) -> Sat i karantæne og slettet succesfuldt.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@ (Trojan.Small) -> Sat i karantæne og slettet succesfuldt.
C:\Users\Naasu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum Support Site.url (Rogue.LiveSecurity) -> Sat i karantæne og slettet succesfuldt.

(færdig)

Synes godt om

ChinkyThai Nybegynder

23. september 2012 - 08:19 #8

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Naasu at 7:45:20 on 2012-09-23
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.45.1030.18.1790.750 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\System32\lpksetup.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\wsqmcons.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.dk/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=91&bd=Presario&pf=cnnb
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://search.myheritage.com
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
uURLSearchHooks: H - No File
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: Download and Sa Class: {145d2a09-3c23-cf24-67ca-3455f8245a01} - c:\programdata\download and sa\5057c85a968f3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
dRunOnce: [<NO NAME>] OSK.exe
StartupFolder: c:\users\naasu\appdata\roaming\microsoft\windows\start menu\programs\startup\Indholdsfortegnelse i OneNote.onetoc2
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar-søgning - c:\programdata\aol\ietoolbar\resources\da-dk\local\search.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\naasu\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\naasu\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://games.bigfishgames.com/en_cinematycoon/online/cinematycoon.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 89.150.129.22 89.150.129.10 89.150.129.22
TCP: Interfaces\{271AD4A9-EE6B-463E-89B7-6C90A8E0CFD7} : DhcpNameServer = 89.150.129.22 89.150.129.10 89.150.129.22
TCP: Interfaces\{51EBE8B1-F87E-496D-9AA6-0177D1388248} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{51EBE8B1-F87E-496D-9AA6-0177D1388248} : DhcpNameServer = 89.150.129.22 89.150.129.10 89.150.129.22
TCP: Interfaces\{59253500-0D95-4F0D-A961-9A6D2F188A0B} : DhcpNameServer = 212.88.64.14 212.242.40.3
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\naasu\appdata\roaming\mozilla\firefox\profiles\4urlrbyc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - component: c:\users\naasu\appdata\roaming\mozilla\firefox\profiles\4urlrbyc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\naasu\appdata\roaming\mozilla\firefox\profiles\4urlrbyc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\users\naasu\appdata\roaming\mozilla\firefox\profiles\4urlrbyc.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\users\naasu\appdata\roaming\mozilla\firefox\profiles\4urlrbyc.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\naasu\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-23 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-10-23 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-10-23 656320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-23 162640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-23 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-23 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-23 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-23 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-23 40384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-11-8 193840]
R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2012-6-22 20336]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-22 22856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2012-6-22 30600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-26 250288]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-16 54632]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-2-16 103040]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-22 40776]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2012-6-22 19792]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2012-7-9 44032]
.
=============== Created Last 30 ================
.
2012-09-23 05:37:40 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9ae092af-cbb2-4ad7-bada-edc291678e49}\offreg.dll
2012-09-22 19:45:44 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-22 19:38:29 -------- d-----w- c:\users\naasu\appdata\roaming\Malwarebytes
2012-09-22 19:35:46 -------- d-----w- c:\programdata\Malwarebytes
2012-09-22 19:35:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-22 19:35:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-20 23:37:27 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9ae092af-cbb2-4ad7-bada-edc291678e49}\mpengine.dll
2012-09-20 20:47:06 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{22dc7c4e-bee0-42d6-ab15-4aaea1a74f34}\gapaengine.dll
2012-09-20 20:46:29 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-20 20:37:35 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-20 18:10:26 -------- d-----w- c:\users\naasu\appdata\roaming\SUPERAntiSpyware.com
2012-09-20 18:10:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-20 18:10:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-19 23:03:46 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-19 22:30:22 -------- d-----w- C:\sn0wbreeze
2012-09-19 19:19:22 -------- d-----w- c:\users\naasu\appdata\local\FixItCenter
2012-09-19 13:53:43 -------- d-----w- c:\windows\MATS
2012-09-19 13:53:42 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-09-19 00:28:44 -------- d-----w- c:\program files\iPod
2012-09-19 00:28:32 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-19 00:17:23 -------- d-----w- c:\program files\Bonjour
2012-09-18 10:07:58 -------- d-----w- c:\programdata\6F63AB0800513A38188F9A88E56C34E5
2012-09-18 09:24:47 -------- d-----w- c:\users\naasu\.shsh
2012-09-18 02:36:51 -------- d-----w- c:\programdata\6F63AB0800513A38188F9A882F3B707C
2012-09-18 02:30:33 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-18 02:30:33 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-09-18 02:30:00 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2012-09-18 01:17:12 -------- d-----w- c:\users\naasu\appdata\roaming\SendSpace
2012-09-18 01:01:05 -------- d-----w- c:\programdata\Premium
2012-09-18 01:00:43 -------- d-----w- c:\programdata\Download and Sa
2012-09-18 00:59:35 -------- d-----w- c:\programdata\InstallMate
2012-09-18 00:34:19 -------- d-----w- c:\users\naasu\appdata\local\libimobiledevice
2012-09-17 18:58:06 -------- d-----w- c:\users\naasu\appdata\roaming\redsn0w
2012-09-16 23:21:39 -------- d-----w- c:\users\naasu\appdata\local\com.zipeg
2012-09-16 23:21:35 -------- d-----w- c:\users\naasu\appdata\local\Zipeg
2012-09-16 23:17:07 -------- d-----w- c:\users\naasu\appdata\roaming\Philipp Winterberg
2012-09-16 18:21:58 -------- d-----w- c:\users\naasu\appdata\roaming\Digiarty
2012-09-08 17:13:53 -------- d-----w- c:\windows\system32\Macromedia
2012-09-07 19:34:54 -------- d-sh--r- c:\users\naasu\appdata\roaming\System32
2012-08-30 22:21:54 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
.
==================== Find3M ====================
.
2012-09-20 17:36:37 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-20 17:36:37 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-19 23:03:32 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-09 11:42:56 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 11:42:56 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 7:54:45,67 ===============

Synes godt om

ChinkyThai Nybegynder

23. september 2012 - 08:19 #9

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 09-04-2009 13:53:56
System Uptime: 23-09-2012 07:34:55 (0 hours ago)
.
Motherboard: Wistron | | 303C
Processor: AMD Sempron(tm) SI-42 | Socket A | 2100/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 93,566 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1,817 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
888casino
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.0) - Dansk
Adobe Shockwave Player
Adobe Shockwave Player 11.5
AOL Toolbar 5.0
Apple-programunderstøttelse
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Atheros Driver Installation Program
µTorrent
avast! Free Antivirus
Big Fish Games: Game Manager
BingoFun
Bonjour
Casino Classic
Casino Las Vegas
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conduit Engine
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
DivX Web Player
Download and Sa
DVDVideoSoftTB Toolbar
EA Download Manager
ESU for Microsoft Vista
FLV Player 2.0 (build 25)
Free Audio CD Burner version 1.4.7
Free Studio version 5.1.2
Free YouTube to MP3 Converter version 3.11.30.903
Google Chrome
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
Internet Explorer (Enable DEP)
IObit Malware Fighter
iTunes
Jackpot City Online Casino
Java(TM) 6 Update 35
Java(TM) 6 Update 7
Junk Mail filter update
LabelPrint
LightScribe System Software 1.14.17.1
LimeWire 5.3.6
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 3.5 Language Pack SP1 - dan
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DAN Language Pack
Microsoft .NET Framework 4 Client Profile DAN sprogpakke
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Fix it Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (Danish)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works
Mobile Partner
Mobilt Bredbånd
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Neffy 1,3,29,0
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Overførselsværktøj til Windows Live
Pando Media Booster
Power2Go
PowerDirector
PVSonyDll
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DAN sprogpakke (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 3.8
SLOW-PCfighter
SPORE Creature Creator Trial Edition
Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
SUPERAntiSpyware
Synaptics Pointing Device Driver
Tilmeldingsassistent til Windows Live
Uninstall 1.0.0.1
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
VLC media player 2.0.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Xilisoft Download YouTube Video
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Zipeg
.
==== End Of File ===========================

Synes godt om

f-arn Guru

23. september 2012 - 09:32 #10

Du har et ZeroAccess/Sirefef Rootkit, så jeg vil gerne advare dig.

Det er, en af de mest bøvlede infektioner at slippe af med, så det kan ta' sin tid at fjerne !!!

------

Drop fildeling ->
http://www.spywarefri.dk/artikel/farerne-ved-fildeling/
http://www.spywarefri.dk/forum/viewthread/40284/

Afinstaller µTorrent og LimeWire 5.3.6

------

Du skal også afinstallere:

Ask Toolbar
Conduit Engine
Microsoft Security Client
Microsoft Security Essentials

Du bør også afinstallere IObit Malware Fighter

------

Download OTL af OldTimer og gem den på dit skrivebord.

Start OTL

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Øverst sætter du flueben i "Scan All Users"

I boksen "Custom Scans/Fixes" kopierer du det fremhævede ind.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
csrss.exe
OSK.exe
/md5stop
%systemroot%\*. /rp /s
%systemroot%\assembly\GAC\*.ini
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
%systemdrive%\$Recycle.Bin|@;true;true;true
HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 /s
HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32 /s
CREATERESTOREPOINT

Luk alle åbne vinduer og klik på "Quick Scan" og lad programmet køre.

Det vil give to logfiler på skrivebordet, OTL.txt og Extras.txt.

Så kopier følgende ind i dit næste indlæg (i rækkefølge):

Indholdet af OTL.txt
Indholdet af Extras.txt

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

Synes godt om

ChinkyThai Nybegynder

23. september 2012 - 16:13 #11

Har ordnet afinstaller parten men kunne ikke finde nogen fil eller noget program ved navn Windows Security Client. Fandt alle de andre som du sagde. Filen kan ikke gå under andre navne vel?
Men ellers er jeg igang med OTL parten har lige downloadet det.

Synes godt om

ChinkyThai Nybegynder

23. september 2012 - 17:09 #12

OTL logfile created on: 23-09-2012 16:17:39 - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Naasu\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

1,75 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 54,98% Memory free
3,74 Gb Paging File | 2,28 Gb Available in Paging File | 60,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,11 Gb Total Space | 92,29 Gb Free Space | 41,55% Space Free | Partition Type: NTFS
Drive D: | 10,77 Gb Total Space | 1,82 Gb Free Space | 16,87% Space Free | Partition Type: NTFS

Computer Name: NAASU-PC | User Name: Naasu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-23 16:09:43 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Naasu\Desktop\OTL.exe
PRC - [2012-09-20 19:36:37 | 000,690,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
PRC - [2012-09-07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-09-07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-09-06 22:05:46 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012-07-11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008-10-06 19:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe

========== Modules (No Company Name) ==========

MOD - [2012-09-23 07:40:17 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012-09-23 07:40:17 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012-09-20 20:11:44 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012-09-20 20:11:44 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012-08-27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012-08-27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007-08-14 22:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007-07-12 22:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007-07-12 22:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll

========== Services (SafeList) ==========

SRV - [2012-09-20 19:36:40 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-09-07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-07-11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011-06-13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011-06-06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-09-08 21:46:00 | 003,852,792 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-01-19 13:57:41 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008-10-06 19:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008-02-03 22:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys -- (RegFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Naasu\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012-09-22 21:45:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-07-22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-08-18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010-07-16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010-07-16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pctDS.sys -- (pctDS)
DRV - [2010-04-19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010-01-19 15:13:58 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-01-19 13:46:52 | 000,046,544 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-01-19 13:43:40 | 000,023,248 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-01-19 13:43:23 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010-01-19 13:42:57 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-07-23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008-12-30 12:57:54 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008-12-13 12:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008-06-05 18:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008-05-09 21:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008-04-27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-04-25 00:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008-01-29 15:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008-01-21 04:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007-10-18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007-06-19 03:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2005-01-03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{141DFD7E-56F8-4C47-8E45-C36E92D49118}: "URL" = http://dk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{7AACEF25-D152-4F93-88C6-57A7A46B630B}: "URL" = http://dk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913940
IE - HKLM\..\SearchScopes\{A94B7BDC-916E-4AE9-B24E-4BD06450FD1A}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1312&query={searchTerms}&invocationType=tb50hpcnnbie7-da-dk
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}

IE - HKU\.DEFAULT\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=91&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\SearchScopes\{141DFD7E-56F8-4C47-8E45-C36E92D49118}: "URL" = http://dk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\SearchScopes\{7AACEF25-D152-4F93-88C6-57A7A46B630B}: "URL" = http://dk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913940
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\SearchScopes\{9B827022-A91B-4A0F-9EE2-C11E13927268}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\SearchScopes\{A94B7BDC-916E-4AE9-B24E-4BD06450FD1A}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1312&query={searchTerms}&invocationType=tb50hpcnnbie7-da-dk
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Naasu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5057c85a96762@5057c85a9679c.com: C:\Users\Naasu\AppData\Roaming\Mozilla\Firefox\Profiles\4urlrbyc.default\extensions\5057c85a96762@5057c85a9679c.com [2012-09-18 03:00:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-06-10 18:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-09-20 01:03:46 | 000,000,000 | ---D | M]

[2010-05-29 03:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naasu\AppData\Roaming\mozilla\Extensions
[2009-11-13 18:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naasu\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012-09-18 03:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions
[2010-05-29 21:23:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-09-29 09:50:46 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010-09-29 09:50:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012-09-18 03:00:43 | 000,000,000 | ---D | M] (Download and Sa) -- C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions\5057c85a96762@5057c85a9679c.com
[2011-04-06 12:58:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions\engine@conduit.com
[2010-10-25 12:24:35 | 000,000,873 | ---- | M] () -- C:\Users\Naasu\AppData\Roaming\mozilla\firefox\profiles\4urlrbyc.default\searchplugins\conduit.xml
[2012-09-20 01:03:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-10-23 13:40:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012-09-20 01:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2010-04-01 18:54:53 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-co-uk.xml
[2010-10-25 12:23:19 | 000,003,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml
[2010-04-01 18:54:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-da.xml
[2010-04-01 18:54:53 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-dk.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Naasu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Naasu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Download and Sa = C:\Users\Naasu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejklcckcjaddokeifhbigcmgfchchnbc\7.1_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Naasu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\

O1 HOSTS File: ([2012-09-18 11:26:34 | 000,000,814 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 gs.apple.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (Download and Sa Class) - {145D2A09-3C23-CF24-67CA-3455F8245A01} - C:\ProgramData\Download and Sa\5057c85a968f3.dll ()
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [] C:\Windows\System32\osk.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [] C:\Windows\System32\osk.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Naasu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Indholdsfortegnelse i OneNote.onetoc2 ()
O8 - Extra context menu item: &AOL Toolbar-søgning - C:\ProgramData\AOL\ieToolbar\resources\da-DK\local\search.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Naasu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Naasu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} http://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx (TenebrilSpywareScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://games.bigfishgames.com/en_cinematycoon/online/cinematycoon.cab (TikGames Online Control)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab (e-Safekey)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.150.129.22 89.150.129.10 89.150.129.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{271AD4A9-EE6B-463E-89B7-6C90A8E0CFD7}: DhcpNameServer = 89.150.129.22 89.150.129.10 89.150.129.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51EBE8B1-F87E-496D-9AA6-0177D1388248}: DhcpNameServer = 89.150.129.22 89.150.129.10 89.150.129.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51EBE8B1-F87E-496D-9AA6-0177D1388248}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59253500-0D95-4F0D-A961-9A6D2F188A0B}: DhcpNameServer = 212.88.64.14 212.242.40.3
O18 - Protocol\Handler\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Naasu\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivebordsbaggrund med Windows Billedgalleri.jpg
O24 - Desktop BackupWallPaper: C:\Users\Naasu\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivebordsbaggrund med Windows Billedgalleri.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{06eaadb7-7110-11de-ab49-001f16795f56}\Shell - "" = AutoRun
O33 - MountPoints2\{1828a49a-1a4e-11df-9ab2-001f16795f56}\Shell - "" = AutoRun
O33 - MountPoints2\{1828a4c6-1a4e-11df-9ab2-001f16795f56}\Shell - "" = AutoRun
O33 - MountPoints2\{1828a4fb-1a4e-11df-9ab2-001f16795f56}\Shell - "" = AutoRun
O33 - MountPoints2\{1828a4fb-1a4e-11df-9ab2-001f16795f56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1828a505-1a4e-11df-9ab2-001f16795f56}\Shell - "" = AutoRun
O33 - MountPoints2\{1828a505-1a4e-11df-9ab2-001f16795f56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2387a764-4ad4-11de-a89f-001f16795f56}\Shell - "" = AutoRun
O33 - MountPoints2\{2387a790-4ad4-11de-a89f-001f16795f56}\Shell - "" = AutoRun
O33 - MountPoints2\{34360c51-0788-11df-9698-001f16795f56}\Shell - "" = AutoRun
O33 - MountPoints2\{68d75a74-1f84-11df-92f7-001f16795f56}\Shell - "" = AutoRun
O33 - MountPoints2\{6986830e-1fb6-11df-8ef1-001f16795f56}\Shell - "" = AutoRun
O33 - MountPoints2\{6986830e-1fb6-11df-8ef1-001f16795f56}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{abae061f-6fc3-11de-9e5a-001f16795f56}\Shell - "" = AutoRun
O33 - MountPoints2\{abae0651-6fc3-11de-9e5a-001f16795f56}\Shell - "" = AutoRun
O33 - MountPoints2\{c19a91f4-70b7-11de-ba66-001f16795f56}\Shell - "" = AutoRun
O33 - MountPoints2\{d812cce7-0807-11df-b909-001f16795f56}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-09-23 16:09:43 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Naasu\Desktop\OTL.exe
[2012-09-23 16:04:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-09-22 21:45:44 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012-09-22 21:38:29 | 000,000,000 | ---D | C] -- C:\Users\Naasu\AppData\Roaming\Malwarebytes
[2012-09-22 21:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-09-22 21:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-09-22 21:35:30 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-09-22 21:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-09-22 21:31:31 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Naasu\Desktop\mbam-setup-1.65.0.1400.exe
[2012-09-22 21:29:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Naasu\Desktop\dds.scr
[2012-09-21 18:22:33 | 000,000,000 | ---D | C] -- C:\Users\Naasu\Desktop\Fix WU
[2012-09-21 10:55:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Naasu\Desktop\HijackThis.exe
[2012-09-20 20:10:26 | 000,000,000 | ---D | C] -- C:\Users\Naasu\AppData\Roaming\SUPERAntiSpyware.com
[2012-09-20 20:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012-09-20 20:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012-09-20 20:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012-09-20 18:28:50 | 020,533,432 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Naasu\Desktop\SUPERAntiSpyware.exe
[2012-09-20 01:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012-09-20 00:30:22 | 000,000,000 | ---D | C] -- C:\sn0wbreeze
[2012-09-19 21:19:22 | 000,000,000 | ---D | C] -- C:\Users\Naasu\AppData\Local\FixItCenter
[2012-09-19 15:53:43 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2012-09-19 15:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2012-09-19 02:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012-09-19 02:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012-09-19 02:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012-09-19 02:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012-09-19 02:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012-09-18 12:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\6F63AB0800513A38188F9A88E56C34E5
[2012-09-18 11:24:47 | 000,000,000 | ---D | C] -- C:\Users\Naasu\.shsh
[2012-09-18 04:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\6F63AB0800513A38188F9A882F3B707C
[2012-09-18 04:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012-09-18 03:17:12 | 000,000,000 | ---D | C] -- C:\Users\Naasu\AppData\Roaming\SendSpace
[2012-09-18 03:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012-09-18 03:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download and Sa
[2012-09-18 03:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Download and Sa
[2012-09-18 02:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012-09-18 02:34:19 | 000,000,000 | ---D | C] -- C:\Users\Naasu\AppData\Local\libimobiledevice
[2012-09-17 20:58:06 | 000,000,000 | ---D | C] -- C:\Users\Naasu\AppData\Roaming\redsn0w
[2012-09-17 01:21:39 | 000,000,000 | ---D | C] -- C:\Users\Naasu\AppData\Local\com.zipeg
[2012-09-17 01:21:35 | 000,000,000 | ---D | C] -- C:\Users\Naasu\AppData\Local\Zipeg
[2012-09-17 01:21:25 | 001,701,552 | ---- | C] (www.zipeg.com) -- C:\Users\Naasu\Desktop\zipeg_win.exe
[2012-09-17 01:17:07 | 000,000,000 | ---D | C] -- C:\Users\Naasu\AppData\Roaming\Philipp Winterberg
[2012-09-17 01:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free RAR Extract Frog
[2012-09-17 01:13:48 | 000,000,000 | ---D | C] -- C:\Users\Naasu\AppData\Roaming\WinRAR
[2012-09-17 01:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012-09-16 20:23:21 | 000,000,000 | ---D | C] -- C:\Users\Naasu\AppData\Roaming\dvdcss
[2012-09-16 20:21:58 | 000,000,000 | ---D | C] -- C:\Users\Naasu\AppData\Roaming\Digiarty
[2012-09-16 18:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012-09-08 19:13:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromedia
[2012-09-07 21:34:54 | 000,000,000 | RHSD | C] -- C:\Users\Naasu\AppData\Roaming\System32
[2012-09-06 00:34:20 | 000,000,000 | ---D | C] -- C:\Users\Naasu\Desktop\Kims crap
[2012-08-31 00:21:54 | 000,405,152 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll

========== Files - Modified Within 30 Days ==========

[2012-09-23 16:09:43 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Naasu\Desktop\OTL.exe
[2012-09-23 16:09:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-09-23 16:06:35 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-09-23 16:05:09 | 000,597,598 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2012-09-23 16:05:09 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-09-23 16:05:09 | 000,472,392 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2012-09-23 16:05:09 | 000,452,366 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2012-09-23 16:05:09 | 000,435,606 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2012-09-23 16:05:09 | 000,120,388 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2012-09-23 16:05:09 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-09-23 16:05:09 | 000,084,170 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2012-09-23 16:05:09 | 000,080,386 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2012-09-23 16:05:09 | 000,079,484 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2012-09-23 15:36:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-23 15:18:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-23 15:18:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-09-23 15:17:51 | 000,211,584 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012-09-23 15:17:51 | 000,211,584 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012-09-23 15:17:33 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9cad132c-f0b6-4ae5-9f6b-e3761847a11b.job
[2012-09-23 15:17:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-23 07:39:21 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012-09-23 07:35:52 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-09-23 07:35:45 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{58FED894-58B1-4634-97C8-28B8C75299E3}.job
[2012-09-23 07:35:45 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-Naasu-Startup.job
[2012-09-23 07:35:17 | 1877,274,624 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-23 02:00:09 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 03109bd7-eb4b-47c0-860c-c8e4bee82536.job
[2012-09-22 21:45:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012-09-22 21:36:21 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-09-22 21:31:36 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Naasu\Desktop\mbam-setup-1.65.0.1400.exe
[2012-09-22 21:29:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Naasu\Desktop\dds.scr
[2012-09-21 12:28:56 | 000,258,080 | ---- | M] () -- C:\Users\Naasu\Documents\cc_20120921_122721.reg
[2012-09-21 10:55:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Naasu\Desktop\HijackThis.exe
[2012-09-20 22:38:02 | 003,183,962 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012-09-20 20:10:14 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-09-20 18:29:18 | 020,533,432 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Naasu\Desktop\SUPERAntiSpyware.exe
[2012-09-19 15:53:45 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2012-09-19 02:36:12 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012-09-18 11:26:34 | 000,000,814 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-09-18 11:26:34 | 000,000,789 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella
[2012-09-17 01:21:35 | 000,001,803 | ---- | M] () -- C:\Users\Naasu\Desktop\Zipeg.lnk
[2012-09-17 01:21:35 | 000,001,803 | ---- | M] () -- C:\Users\Naasu\Application Data\Microsoft\Internet Explorer\Quick Launch\Zipeg.lnk
[2012-09-17 01:21:25 | 001,701,552 | ---- | M] (www.zipeg.com) -- C:\Users\Naasu\Desktop\zipeg_win.exe
[2012-09-17 01:09:33 | 000,008,192 | ---- | M] () -- C:\Users\Naasu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-09-16 18:57:42 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012-09-16 16:04:26 | 000,000,680 | ---- | M] () -- C:\Users\Naasu\AppData\Local\d3d9caps.dat
[2012-09-12 08:14:39 | 000,000,992 | ---- | M] () -- C:\Users\Naasu\Desktop\DVDVideoSoft Free Studio.lnk
[2012-09-12 08:14:38 | 000,001,151 | ---- | M] () -- C:\Users\Naasu\Desktop\Free YouTube to MP3 Converter.lnk
[2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-09-06 12:15:09 | 000,000,294 | ---- | M] () -- C:\Users\Naasu\AppData\Roaming\wklnhst.dat
[2012-09-02 16:58:11 | 002,017,444 | ---- | M] () -- C:\Users\Naasu\Desktop\Final Fantasy X - Tears in Heaven.mp3
[2012-08-25 13:58:10 | 000,068,943 | ---- | M] () -- C:\Users\Naasu\Desktop\Unavngivet.jpg

========== Files Created - No Company Name ==========

[2012-09-22 21:36:21 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-09-21 12:27:36 | 000,258,080 | ---- | C] () -- C:\Users\Naasu\Documents\cc_20120921_122721.reg
[2012-09-21 00:19:34 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012-09-20 20:11:25 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 9cad132c-f0b6-4ae5-9f6b-e3761847a11b.job
[2012-09-20 20:11:23 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 03109bd7-eb4b-47c0-860c-c8e4bee82536.job
[2012-09-20 20:10:14 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-09-19 15:53:45 | 000,000,814 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk
[2012-09-19 15:53:45 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2012-09-19 02:36:12 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012-09-19 02:23:51 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012-09-18 03:01:08 | 000,000,412 | -H-- | C] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{58FED894-58B1-4634-97C8-28B8C75299E3}.job
[2012-09-17 01:21:35 | 000,001,803 | ---- | C] () -- C:\Users\Naasu\Desktop\Zipeg.lnk
[2012-09-17 01:21:35 | 000,001,803 | ---- | C] () -- C:\Users\Naasu\Application Data\Microsoft\Internet Explorer\Quick Launch\Zipeg.lnk
[2012-09-17 01:21:35 | 000,001,803 | ---- | C] () -- C:\Users\Naasu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zipeg.lnk
[2012-09-16 18:57:42 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012-09-02 16:58:10 | 002,017,444 | ---- | C] () -- C:\Users\Naasu\Desktop\Final Fantasy X - Tears in Heaven.mp3
[2012-08-25 13:58:10 | 000,068,943 | ---- | C] () -- C:\Users\Naasu\Desktop\Unavngivet.jpg
[2012-08-09 11:00:53 | 000,000,294 | ---- | C] () -- C:\Users\Naasu\AppData\Roaming\wklnhst.dat
[2012-01-19 23:19:57 | 000,012,393 | ---- | C] () -- C:\Users\Naasu\AppData\Local\Bron.tok.A10.em.bin
[2012-01-19 23:19:48 | 000,012,393 | ---- | C] () -- C:\Users\Naasu\AppData\Local\Update.10.Bron.Tok.bin
[2011-10-23 15:03:55 | 000,000,004 | -H-- | C] () -- C:\Users\Naasu\AppData\Roaming\mlog
[2011-10-21 21:05:38 | 000,000,552 | ---- | C] () -- C:\Users\Naasu\AppData\Local\d3d8caps.dat
[2011-03-08 12:01:08 | 000,000,000 | ---- | C] () -- C:\Users\Naasu\temp.dat
[2010-10-25 12:26:41 | 000,000,238 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2010-10-25 12:23:04 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2010-05-14 14:55:01 | 000,000,000 | ---- | C] () -- C:\Users\Naasu\jagex__preferences3.dat
[2010-05-14 14:55:00 | 000,000,087 | ---- | C] () -- C:\Users\Naasu\jagex_runescape_preferences2.dat
[2010-05-14 14:52:24 | 000,000,042 | ---- | C] () -- C:\Users\Naasu\jagex_runescape_preferences.dat
[2009-10-07 00:38:58 | 000,031,053 | ---- | C] () -- C:\Users\Naasu\AppData\Roaming\UserTile.png
[2009-06-04 19:07:32 | 000,000,680 | ---- | C] () -- C:\Users\Naasu\AppData\Local\d3d9caps.dat
[2009-05-25 14:51:41 | 000,008,192 | ---- | C] () -- C:\Users\Naasu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-05-25 12:56:56 | 000,211,584 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009-05-25 12:39:23 | 000,211,584 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009-04-09 14:33:28 | 000,000,248 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2012-09-18 12:02:20 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
[2012-09-23 06:56:57 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
[2012-09-20 15:49:02 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@
[2012-09-20 19:41:16 | 000,002,048 | -HS- | M] () -- C:\Users\Naasu\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2011-11-18 22:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Naasu\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
[2012-09-21 01:28:39 | 000,000,000 | -HSD | M] -- C:\Users\Naasu\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
[2006-11-02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010-10-02 04:32:55 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\CasinoOnNet
[2012-09-16 20:21:58 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\Digiarty
[2012-09-12 08:14:51 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\DVDVideoSoft
[2011-07-20 19:39:03 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\DVDVideoSoftIEHelpers
[2009-06-05 16:23:33 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\FloodLightGames
[2010-01-13 23:31:49 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\funkitron
[2009-07-06 14:58:18 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\Gaijin Ent
[2012-06-22 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\IObit
[2012-09-19 13:34:03 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\LimeWire
[2009-06-05 18:27:38 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\Magic Academy
[2010-10-25 12:24:58 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\MyHeritage
[2012-09-17 01:17:07 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\Philipp Winterberg
[2009-07-06 02:59:29 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\PlayFirst
[2012-09-18 02:50:38 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\redsn0w
[2012-09-18 03:17:12 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\SendSpace
[2010-01-14 00:24:07 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\SPORE Creature Creator
[2012-09-22 00:40:24 | 000,000,000 | RHSD | M] -- C:\Users\Naasu\AppData\Roaming\System32
[2012-08-09 11:00:54 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\Template
[2010-10-25 12:23:03 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2012-08-05 01:55:41 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\Unity
[2012-09-23 16:01:14 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\uTorrent
[2009-05-25 12:36:40 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\WildTangent
[2010-05-11 15:25:56 | 000,000,000 | ---D | M] -- C:\Users\Naasu\AppData\Roaming\Xilisoft

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: CSRSS.EXE >
[2008-01-21 04:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008-01-21 04:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008-10-29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008-10-30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008-10-28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008-01-21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: OSK.EXE >
[2006-11-02 11:45:31 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=1E166C230CB72BAF5AAC3AAAD308F0DC -- C:\Windows\winsxs\x86_microsoft-windows-osk_31bf3856ad364e35_6.0.6000.16386_none_a88611705d03a0ad\osk.exe
[2009-04-11 08:27:48 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=877F2939794EBA4F3D1BB967007E99E8 -- C:\Windows\System32\osk.exe
[2009-04-11 08:27:48 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=877F2939794EBA4F3D1BB967007E99E8 -- C:\Windows\winsxs\x86_microsoft-windows-osk_31bf3856ad364e35_6.0.6002.18005_none_aca84c7857107ccd\osk.exe

< MD5 for: SERVICES.EXE >
[2008-01-21 04:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012-09-07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008-01-21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008-01-21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012-09-07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22

Synes godt om

ChinkyThai Nybegynder

23. september 2012 - 17:12 #13

< %systemroot%\*. /rp /s >

< %systemroot%\assembly\GAC\*.ini >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 /s >
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

< HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32 /s >
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\Andre computere] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Oversigt] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programmer] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Billeder] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Musik] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Videoer] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Dokumenter] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\Lokale indstillinger] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\Menuen Start] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Printere] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Skabeloner] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Synes godt om

ChinkyThai Nybegynder

23. september 2012 - 17:14 #14

Glem den oven over og nederste del med winlogon på den før den oven over her.

< MD5 for: WINLOGON.EXE >
[2012-09-07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008-01-21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemroot%\assembly\GAC\*.ini >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 /s >
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

< HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32 /s >
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\Andre computere] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Oversigt] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programmer] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Billeder] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Musik] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Videoer] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Dokumenter] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\Lokale indstillinger] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\Menuen Start] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Printere] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Skabeloner] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Synes godt om

ChinkyThai Nybegynder

23. september 2012 - 17:16 #15

Og så Extras:

OTL Extras logfile created on: 23-09-2012 16:17:39 - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Naasu\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

1,75 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 54,98% Memory free
3,74 Gb Paging File | 2,28 Gb Available in Paging File | 60,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,11 Gb Total Space | 92,29 Gb Free Space | 41,55% Space Free | Partition Type: NTFS
Drive D: | 10,77 Gb Total Space | 1,82 Gb Free Space | 16,87% Space Free | Partition Type: NTFS

Computer Name: NAASU-PC | User Name: Naasu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{0059ECD1-BB50-41CF-B729-0958A120F152}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02B8DBC1-7312-43AF-8BA7-9F29CDD6B348}" = Windows Live Sync
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{17989108-D54A-4277-BD1C-2BDA7ADC19E2}" = Windows Live Family Safety
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Overførselsværktøj til Windows Live
"{20E7BC40-33F6-4A81-9D52-B58349326206}" = Download and Sa
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{28511D89-C359-46F3-ACAD-A97F129D0DE7}" = Windows Live Photo Gallery
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{324E8B6C-7D5A-41D0-ACEF-A6965FA5E67A}" = Windows Live Toolbar
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple-programunderstøttelse
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AC9C43D-7117-48AE-A22F-C7CDCF08C046}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{867F5501-F8EF-4542-9D68-310A238A15FF}" = SLOW-PCfighter
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Danish)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1030-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Dansk
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B238D61F-3EEF-4716-BFEA-9903DEF045D9}" = Microsoft Works
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B69349AE-2D41-3708-8BA4-4DC22645CA04}" = Microsoft .NET Framework 3.5 Language Pack SP1 - dan
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFD09E5B-6D40-4CAD-A349-103BFEF1C574}" = Windows Live Mail
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D203AE01-C8EB-43D8-A5C5-DCF891446FEA}" = Windows Live Essentials
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E2019D64-E819-3B4F-9C85-95BE2688ABF9}" = Microsoft .NET Framework 4 Client Profile DAN Language Pack
"{E80F9ABB-618D-4B9E-9EA0-5BF6A7C2FE9D}" = Tilmeldingsassistent til Windows Live
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4770313-7391-411F-B484-43394A785B97}" = HP Customer Experience Enhancements
"{F4C96E82-14D2-485F-93A9-6B246C40130A}" = HP Easy Setup - Frontend
"{FC0C6E54-BCD4-42C5-BEAA-4FFFEC499EE0}" = Windows Live Writer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"888casino" = 888casino
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Toolbar" = AOL Toolbar 5.0
"avast5" = avast! Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BingoFun" = BingoFun
"casinoclassic" = Casino Classic
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.30.903
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"jackpotcity" = Jackpot City Online Casino
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - dan" = Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DAN Language Pack" = Microsoft .NET Framework 4 Client Profile DAN sprogpakke
"Mobile Partner" = Mobile Partner
"Mobilt Bredbånd" = Mobilt Bredbånd
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Neffy" = Neffy 1,3,29,0
"NVIDIA Drivers" = NVIDIA Drivers
"PROR" = Microsoft Office Professional 2007
"SLOW-PCfighter" = SLOW-PCfighter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.3
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

Synes godt om

ChinkyThai Nybegynder

23. september 2012 - 17:16 #16

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2658935870-3884999416-1394182607-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Casino Las Vegas" = Casino Las Vegas
"UnityWebPlayer" = Unity Web Player
"Zipeg" = Zipeg

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22-03-2011 12:03:18 | Computer Name = Naasu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64814250

Error - 22-03-2011 20:36:11 | Computer Name = Naasu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 22-03-2011 20:36:11 | Computer Name = Naasu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30757983

Error - 22-03-2011 20:36:11 | Computer Name = Naasu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30757983

Error - 22-03-2011 20:36:14 | Computer Name = Naasu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 22-03-2011 20:36:14 | Computer Name = Naasu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30760479

Error - 22-03-2011 20:36:14 | Computer Name = Naasu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30760479

Error - 22-03-2011 20:36:16 | Computer Name = Naasu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 22-03-2011 20:36:16 | Computer Name = Naasu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 30763116

Error - 22-03-2011 20:36:16 | Computer Name = Naasu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 30763116

[ OSession Events ]
Error - 24-04-2010 03:50:28 | Computer Name = Naasu-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1083
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23-09-2012 01:37:42 | Computer Name = Naasu-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 23-09-2012 01:40:15 | Computer Name = Naasu-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23-09-2012 01:45:49 | Computer Name = Naasu-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 23-09-2012 02:00:33 | Computer Name = Naasu-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =

Error - 23-09-2012 02:00:33 | Computer Name = Naasu-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =

Error - 23-09-2012 02:00:34 | Computer Name = Naasu-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description =

Error - 23-09-2012 02:32:51 | Computer Name = Naasu-PC | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 23-09-2012 02:32:51 | Computer Name = Naasu-PC | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 23-09-2012 09:30:14 | Computer Name = Naasu-PC | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 23-09-2012 09:30:14 | Computer Name = Naasu-PC | Source = Microsoft Antimalware | ID = 2001
Description =

< End of report >

Synes godt om

ChinkyThai Nybegynder

23. september 2012 - 17:18 #17

Der godt nok meget. Vil meget gerne give dig flere point da jeg godt kan se det her er pænt besværligt og tager meget af din tid f-arn. Du skal have rigtig mange gange tak for du vil tag tid til at hjælpe med at fixe computeren.

Synes godt om

f-arn Guru

23. september 2012 - 18:28 #18

Deaktiver dine Sikkerheds programmer, mens "Fixet" kører.

Start OTL

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Kopier nedenstånde med fed skrift ind i feltet "Custom Scans/Fixes"

:processes
killallprocesses

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ (...)
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2658935870-3884999416-1394182607-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ (...)
[2011-04-06 12:58:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions\engine@conduit.com
[2010-10-25 12:24:35 | 000,000,873 | ---- | M] () -- C:\Users\Naasu\AppData\Roaming\mozilla\firefox\profiles\4urlrbyc.default\searchplugins\conduit.xml
O2 - BHO: (Download and Sa Class) - {145D2A09-3C23-CF24-67CA-3455F8245A01} - C:\ProgramData\Download and Sa\5057c85a968f3.dll ()
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

:files
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
C:\Users\Naasu\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
c:\programdata\Download and Sa
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
netsh winsock reset catalog /c

:Commands
[purity]
[resethosts]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[EMPTYJAVA]
[emptytemp]
[Reboot]

Luk alle andre åbne vinduer og klik på "Run Fix"

Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd.

Ellers ligger den her: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log

Synes godt om

ChinkyThai Nybegynder

24. september 2012 - 00:29 #19

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-2658935870-3884999416-1394182607-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-2658935870-3884999416-1394182607-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-2658935870-3884999416-1394182607-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Naasu\AppData\Roaming\mozilla\Firefox\Profiles\4urlrbyc.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Naasu\AppData\Roaming\mozilla\firefox\profiles\4urlrbyc.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{145D2A09-3C23-CF24-67CA-3455F8245A01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{145D2A09-3C23-CF24-67CA-3455F8245A01}\ deleted successfully.
C:\ProgramData\Download and Sa\5057c85a968f3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
========== FILES ==========
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L folder moved successfully.
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} folder moved successfully.
C:\Users\Naasu\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U folder moved successfully.
C:\Users\Naasu\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L folder moved successfully.
C:\Users\Naasu\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} folder moved successfully.
c:\programdata\Download and Sa\data folder moved successfully.
c:\programdata\Download and Sa folder moved successfully.
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.
C:\Users\Naasu\Desktop\cmd.bat deleted successfully.
C:\Users\Naasu\Desktop\cmd.txt deleted successfully.
< netsh int ip reset c:\resetlog.txt /c >
Nulstilling Ekkoanmodning blev gennemf›rt!
Nulstilling Global blev gennemf›rt!
Nulstilling Gr‘nseflade blev gennemf›rt!
Systemet skal genstartes for at fuldf›re handlingen.
C:\Users\Naasu\Desktop\cmd.bat deleted successfully.
C:\Users\Naasu\Desktop\cmd.txt deleted successfully.
< netsh winsock reset catalog /c >
Winsock-kataloget blev nulstillet.
Du skal genstarte computeren for at fuldf›re nulstillingen.
C:\Users\Naasu\Desktop\cmd.bat deleted successfully.
C:\Users\Naasu\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Gæst

User: Naasu
->Flash cache emptied: 20230357 bytes

User: Public

Total Flash Files Cleaned = 19,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Gæst

User: Naasu
->Java cache emptied: 189172067 bytes

User: Public

Total Java Files Cleaned = 180,00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 35416 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gæst
->Temp folder emptied: 91076 bytes
->Temporary Internet Files folder emptied: 262662 bytes

User: Naasu
->Temp folder emptied: 2990218281 bytes
->Temporary Internet Files folder emptied: 994575696 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 89985622 bytes
->Google Chrome cache emptied: 6099312 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1103459108 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 9387754401 bytes

Total Files Cleaned = 13.897,00 mb

OTL by OldTimer - Version 3.2.66.0 log created on 09232012_230426

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Synes godt om

ChinkyThai Nybegynder

24. september 2012 - 10:20 #20

Den er begyndt og køre bedre men der stadig lidt fejl :(

Synes godt om

f-arn Guru

24. september 2012 - 11:14 #21

Download Tdsskiller.zip på dit skrivebord og pak den ud i en mappe.

Kør TDSSKiller.exe -> Klik på "Start Scan"

Hvis en inficeret fil bliver fundet, vil "Default action" være Cure, klik på Continue
Hvis en mistænkelig fil opdages, vil "Default action" være Skip, klik på Continue
Hvis den ikke spørger om "Reboot" (genstart) så klik på "Report", kopier den tekst herind i tråden.

Genstart hvis den kræver det.

Hvis den genstarter kan du finde logfilen her :
C:\TDSSKiller.[Version]_[Dato]_[Tidspunkt]_log.txt.

Kopier den tekst herind I denne tråd.

Synes godt om

ChinkyThai Nybegynder

24. september 2012 - 17:06 #22

16:44:54.0346 4748 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:44:54.0720 4748 ============================================================
16:44:54.0720 4748 Current date / time: 2012/09/24 16:44:54.0720
16:44:54.0720 4748 SystemInfo:
16:44:54.0720 4748
16:44:54.0720 4748 OS Version: 6.0.6002 ServicePack: 2.0
16:44:54.0720 4748 Product type: Workstation
16:44:54.0720 4748 ComputerName: NAASU-PC
16:44:54.0720 4748 UserName: Naasu
16:44:54.0720 4748 Windows directory: C:\Windows
16:44:54.0720 4748 System windows directory: C:\Windows
16:44:54.0720 4748 Processor architecture: Intel x86
16:44:54.0720 4748 Number of processors: 1
16:44:54.0720 4748 Page size: 0x1000
16:44:54.0720 4748 Boot type: Normal boot
16:44:54.0720 4748 ============================================================
16:44:58.0261 4748 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:44:58.0277 4748 ============================================================
16:44:58.0277 4748 \Device\Harddisk0\DR0:
16:44:58.0277 4748 MBR partitions:
16:44:58.0277 4748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BC39FC1
16:44:58.0277 4748 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BC3A000, BlocksNum 0x158A000
16:44:58.0277 4748 ============================================================
16:44:58.0308 4748 C: <-> \Device\Harddisk0\DR0\Partition1
16:44:58.0526 4748 D: <-> \Device\Harddisk0\DR0\Partition2
16:44:58.0558 4748 ============================================================
16:44:58.0558 4748 Initialize success
16:44:58.0558 4748 ============================================================
16:46:08.0274 1588 ============================================================
16:46:08.0274 1588 Scan started
16:46:08.0274 1588 Mode: Manual;
16:46:08.0274 1588 ============================================================
16:46:15.0887 1588 ================ Scan system memory ========================
16:46:15.0887 1588 System memory - ok
16:46:15.0887 1588 ================ Scan services =============================
16:46:16.0183 1588 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:46:16.0214 1588 !SASCORE - ok
16:46:16.0838 1588 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:46:16.0870 1588 ACPI - ok
16:46:16.0994 1588 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:46:17.0010 1588 AdobeARMservice - ok
16:46:17.0088 1588 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:46:17.0119 1588 AdobeFlashPlayerUpdateSvc - ok
16:46:17.0182 1588 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:46:17.0228 1588 adp94xx - ok
16:46:17.0275 1588 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:46:17.0275 1588 adpahci - ok
16:46:17.0291 1588 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:46:17.0462 1588 adpu160m - ok
16:46:17.0525 1588 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:46:17.0525 1588 adpu320 - ok
16:46:17.0572 1588 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:46:17.0572 1588 AeLookupSvc - ok
16:46:17.0743 1588 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:46:17.0774 1588 AFD - ok
16:46:17.0868 1588 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:46:17.0884 1588 agp440 - ok
16:46:17.0915 1588 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:46:17.0915 1588 aic78xx - ok
16:46:17.0946 1588 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:46:17.0962 1588 ALG - ok
16:46:17.0993 1588 [ 3D76FDA1A10ACC3DC84728F55C29B6D4 ] aliide C:\Windows\system32\drivers\aliide.sys
16:46:18.0008 1588 aliide - ok
16:46:18.0055 1588 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:46:18.0071 1588 amdagp - ok
16:46:18.0071 1588 [ 5B92E7839F5A1FBC1B39DE67758AD6F8 ] amdide C:\Windows\system32\drivers\amdide.sys
16:46:18.0086 1588 amdide - ok
16:46:18.0133 1588 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:46:18.0133 1588 AmdK7 - ok
16:46:18.0180 1588 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:46:18.0196 1588 AmdK8 - ok
16:46:18.0305 1588 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:46:18.0305 1588 Appinfo - ok
16:46:18.0492 1588 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:46:18.0492 1588 Apple Mobile Device - ok
16:46:18.0554 1588 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
16:46:18.0586 1588 arc - ok
16:46:18.0601 1588 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:46:18.0601 1588 arcsas - ok
16:46:18.0664 1588 [ 1AFFA79D25FAB98E4FB5D7D278F23381 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
16:46:18.0664 1588 aswFsBlk - ok
16:46:18.0757 1588 [ DBF312E60AA2EA377DDDECEC51C49AAE ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:46:18.0757 1588 aswMonFlt - ok
16:46:18.0773 1588 [ B868FFF3E3370340AD2D53BCA6E7870C ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
16:46:18.0773 1588 aswRdr - ok
16:46:18.0820 1588 [ 11A68F123BDE9A65CCCADE64D1F1304B ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:46:18.0851 1588 aswSP - ok
16:46:18.0882 1588 [ 5C1BE10A74D8ECE548AFF6067D007E27 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
16:46:18.0882 1588 aswTdi - ok
16:46:18.0929 1588 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:46:18.0960 1588 AsyncMac - ok
16:46:19.0022 1588 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:46:19.0022 1588 atapi - ok
16:46:19.0069 1588 [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr C:\Windows\system32\DRIVERS\athr.sys
16:46:19.0069 1588 athr - ok
16:46:19.0132 1588 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:46:19.0147 1588 AudioEndpointBuilder - ok
16:46:19.0147 1588 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:46:19.0147 1588 Audiosrv - ok
16:46:19.0225 1588 [ 8AAA93CD13E379EB76FBEF56AC77D4D4 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
16:46:19.0225 1588 avast! Antivirus - ok
16:46:19.0272 1588 [ 8AAA93CD13E379EB76FBEF56AC77D4D4 ] avast! Mail Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
16:46:19.0272 1588 avast! Mail Scanner - ok
16:46:19.0288 1588 [ 8AAA93CD13E379EB76FBEF56AC77D4D4 ] avast! Web Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
16:46:19.0288 1588 avast! Web Scanner - ok
16:46:19.0366 1588 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:46:19.0381 1588 Beep - ok
16:46:19.0428 1588 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
16:46:19.0444 1588 BFE - ok
16:46:19.0475 1588 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:46:19.0475 1588 blbdrive - ok
16:46:19.0584 1588 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:46:19.0600 1588 Bonjour Service - ok
16:46:19.0678 1588 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:46:19.0678 1588 bowser - ok
16:46:19.0724 1588 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:46:19.0724 1588 BrFiltLo - ok
16:46:19.0740 1588 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:46:19.0740 1588 BrFiltUp - ok
16:46:19.0771 1588 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:46:19.0771 1588 Browser - ok
16:46:19.0849 1588 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:46:19.0880 1588 Brserid - ok
16:46:19.0912 1588 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:46:19.0927 1588 BrSerWdm - ok
16:46:19.0958 1588 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:46:19.0974 1588 BrUsbMdm - ok
16:46:20.0005 1588 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:46:20.0021 1588 BrUsbSer - ok
16:46:20.0083 1588 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:46:20.0083 1588 BTHMODEM - ok
16:46:20.0224 1588 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:46:20.0255 1588 cdfs - ok
16:46:20.0286 1588 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:46:20.0317 1588 cdrom - ok
16:46:20.0364 1588 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:46:20.0364 1588 CertPropSvc - ok
16:46:20.0411 1588 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
16:46:20.0411 1588 circlass - ok
16:46:20.0473 1588 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:46:20.0489 1588 CLFS - ok
16:46:20.0645 1588 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:46:20.0676 1588 clr_optimization_v2.0.50727_32 - ok
16:46:20.0894 1588 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:46:21.0362 1588 clr_optimization_v4.0.30319_32 - ok
16:46:21.0472 1588 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:46:21.0503 1588 CmBatt - ok
16:46:21.0534 1588 [ D36372A6EA6805EFBE8884D10772313F ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:46:21.0565 1588 cmdide - ok
16:46:21.0612 1588 [ 1ADF6F4852E7D7E2E8AC481BDB970586 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
16:46:21.0628 1588 CnxtHdAudService - ok
16:46:21.0690 1588 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:46:21.0721 1588 Com4QLBEx - ok
16:46:21.0768 1588 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:46:21.0784 1588 Compbatt - ok
16:46:21.0784 1588 COMSysApp - ok
16:46:21.0799 1588 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:46:21.0799 1588 crcdisk - ok
16:46:21.0830 1588 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:46:21.0846 1588 Crusoe - ok
16:46:21.0908 1588 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:46:21.0908 1588 CryptSvc - ok
16:46:21.0986 1588 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:46:21.0986 1588 DcomLaunch - ok
16:46:22.0049 1588 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:46:22.0064 1588 DfsC - ok
16:46:22.0501 1588 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:46:22.0938 1588 DFSR - ok
16:46:23.0063 1588 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:46:23.0094 1588 Dhcp - ok
16:46:23.0172 1588 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:46:23.0203 1588 disk - ok
16:46:23.0281 1588 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:46:23.0297 1588 Dnscache - ok
16:46:23.0359 1588 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:46:23.0375 1588 dot3svc - ok
16:46:23.0390 1588 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:46:23.0390 1588 DPS - ok
16:46:23.0453 1588 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:46:23.0453 1588 drmkaud - ok
16:46:23.0546 1588 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:46:23.0562 1588 DXGKrnl - ok
16:46:23.0656 1588 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:46:23.0687 1588 E1G60 - ok
16:46:23.0718 1588 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:46:23.0718 1588 EapHost - ok
16:46:23.0812 1588 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:46:23.0812 1588 Ecache - ok
16:46:23.0905 1588 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:46:23.0936 1588 elxstor - ok
16:46:23.0983 1588 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:46:24.0014 1588 EMDMgmt - ok
16:46:24.0046 1588 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:46:24.0046 1588 ErrDev - ok
16:46:24.0170 1588 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:46:24.0170 1588 EventSystem - ok
16:46:24.0233 1588 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:46:24.0233 1588 exfat - ok
16:46:24.0295 1588 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll
16:46:24.0295 1588 ezSharedSvc - ok
16:46:24.0373 1588 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:46:24.0389 1588 fastfat - ok
16:46:24.0514 1588 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:46:24.0514 1588 fdc - ok
16:46:24.0592 1588 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:46:24.0607 1588 fdPHost - ok
16:46:24.0670 1588 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:46:24.0670 1588 FDResPub - ok
16:46:24.0748 1588 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:46:24.0748 1588 FileInfo - ok
16:46:24.0763 1588 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:46:24.0763 1588 Filetrace - ok
16:46:24.0794 1588 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:46:24.0794 1588 flpydisk - ok
16:46:24.0872 1588 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:46:24.0872 1588 FltMgr - ok
16:46:25.0013 1588 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
16:46:25.0153 1588 FontCache - ok
16:46:25.0262 1588 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:46:25.0278 1588 FontCache3.0.0.0 - ok
16:46:25.0403 1588 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
16:46:25.0418 1588 fssfltr - ok
16:46:25.0637 1588 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:46:25.0668 1588 fsssvc - ok
16:46:25.0730 1588 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:46:25.0762 1588 Fs_Rec - ok
16:46:25.0871 1588 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:46:25.0871 1588 gagp30kx - ok
16:46:26.0011 1588 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
16:46:26.0027 1588 GameConsoleService - ok
16:46:26.0136 1588 [ F2F431D1573EE632975C524418655B84 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:46:26.0167 1588 GEARAspiWDM - ok
16:46:26.0292 1588 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:46:26.0370 1588 gpsvc - ok
16:46:26.0588 1588 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9e0051064810a C:\Program Files\Google\Update\GoogleUpdate.exe
16:46:26.0604 1588 gupdate1c9e0051064810a - ok
16:46:26.0635 1588 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:46:26.0635 1588 gupdatem - ok
16:46:26.0744 1588 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:46:26.0760 1588 HdAudAddService - ok
16:46:26.0947 1588 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:46:26.0978 1588 HDAudBus - ok
16:46:27.0088 1588 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:46:27.0119 1588 HidBth - ok
16:46:27.0150 1588 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:46:27.0166 1588 HidIr - ok
16:46:27.0244 1588 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
16:46:27.0275 1588 hidserv - ok
16:46:27.0337 1588 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:46:27.0353 1588 HidUsb - ok
16:46:27.0431 1588 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:46:27.0446 1588 hkmsvc - ok
16:46:27.0540 1588 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
16:46:27.0602 1588 HP Health Check Service - ok
16:46:27.0680 1588 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:46:27.0696 1588 HpCISSs - ok
16:46:27.0758 1588 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:46:27.0790 1588 HpqKbFiltr - ok
16:46:27.0914 1588 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
16:46:27.0930 1588 hpqwmiex - ok
16:46:28.0226 1588 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:46:28.0258 1588 HSF_DPV - ok
16:46:28.0367 1588 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:46:28.0414 1588 HSXHWAZL - ok
16:46:28.0554 1588 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:46:28.0570 1588 HTTP - ok
16:46:28.0741 1588 [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:46:28.0757 1588 hwdatacard - ok
16:46:28.0835 1588 [ 1D4D6D24256F61E6B08A3CF8184A78B8 ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
16:46:28.0866 1588 hwusbfake - ok
16:46:28.0960 1588 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:46:28.0991 1588 i2omp - ok
16:46:29.0084 1588 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:46:29.0100 1588 i8042prt - ok
16:46:29.0209 1588 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:46:29.0225 1588 iaStorV - ok
16:46:29.0428 1588 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:46:29.0443 1588 IDriverT - ok
16:46:29.0693 1588 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:46:30.0161 1588 idsvc - ok
16:46:30.0208 1588 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:46:30.0223 1588 iirsp - ok
16:46:30.0379 1588 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:46:30.0410 1588 IKEEXT - ok
16:46:30.0473 1588 [ DD512A049BD7B4BCE8A83554C5EFF2C1 ] intelide C:\Windows\system32\drivers\intelide.sys
16:46:30.0488 1588 intelide - ok
16:46:30.0551 1588 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:46:30.0582 1588 intelppm - ok
16:46:30.0660 1588 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:46:30.0691 1588 IPBusEnum - ok
16:46:30.0722 1588 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:46:30.0722 1588 IpFilterDriver - ok
16:46:30.0738 1588 IpInIp - ok
16:46:30.0816 1588 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:46:30.0847 1588 IPMIDRV - ok
16:46:30.0878 1588 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:46:30.0878 1588 IPNAT - ok
16:46:31.0206 1588 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:46:31.0643 1588 iPod Service - ok
16:46:31.0752 1588 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:46:32.0002 1588 IRENUM - ok
16:46:32.0236 1588 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:46:32.0345 1588 isapnp - ok
16:46:32.0657 1588 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:46:33.0016 1588 iScsiPrt - ok
16:46:33.0094 1588 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:46:33.0140 1588 iteatapi - ok
16:46:33.0218 1588 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:46:33.0250 1588 iteraid - ok
16:46:33.0281 1588 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:46:33.0281 1588 kbdclass - ok
16:46:33.0374 1588 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:46:33.0374 1588 kbdhid - ok
16:46:33.0437 1588 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:46:33.0452 1588 KeyIso - ok
16:46:33.0577 1588 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:46:33.0686 1588 KSecDD - ok
16:46:33.0936 1588 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:46:34.0092 1588 KtmRm - ok
16:46:34.0170 1588 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
16:46:34.0201 1588 LanmanServer - ok
16:46:34.0388 1588 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:46:34.0420 1588 LanmanWorkstation - ok
16:46:34.0654 1588 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:46:34.0700 1588 LightScribeService - ok
16:46:34.0763 1588 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:46:34.0794 1588 lltdio - ok
16:46:34.0888 1588 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:46:34.0997 1588 lltdsvc - ok
16:46:35.0028 1588 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:46:35.0059 1588 lmhosts - ok
16:46:35.0184 1588 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:46:35.0262 1588 LSI_FC - ok
16:46:35.0293 1588 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:46:35.0387 1588 LSI_SAS - ok
16:46:35.0496 1588 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:46:35.0512 1588 LSI_SCSI - ok
16:46:35.0543 1588 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:46:35.0636 1588 luafv - ok
16:46:35.0933 1588 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
16:46:35.0995 1588 MatSvc - ok
16:46:36.0073 1588 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:46:36.0136 1588 MBAMProtector - ok
16:46:36.0557 1588 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:46:36.0650 1588 MBAMScheduler - ok
16:46:36.0822 1588 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:46:36.0822 1588 MBAMService - ok
16:46:36.0853 1588 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:46:36.0853 1588 mdmxsdk - ok
16:46:36.0947 1588 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
16:46:36.0978 1588 megasas - ok
16:46:37.0150 1588 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:46:37.0212 1588 MegaSR - ok
16:46:37.0321 1588 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:46:37.0368 1588 MMCSS - ok
16:46:37.0430 1588 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:46:37.0508 1588 Modem - ok
16:46:37.0618 1588 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:46:37.0618 1588 monitor - ok
16:46:37.0664 1588 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:46:37.0664 1588 mouclass - ok
16:46:37.0711 1588 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:46:37.0711 1588 mouhid - ok
16:46:37.0727 1588 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:46:37.0727 1588 MountMgr - ok
16:46:37.0789 1588 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
16:46:37.0789 1588 mpio - ok
16:46:37.0820 1588 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:46:37.0867 1588 mpsdrv - ok
16:46:44.0825 1588 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:46:45.0152 1588 MpsSvc - ok
16:46:48.0054 1588 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:46:48.0085 1588 Mraid35x - ok
16:46:48.0163 1588 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:46:48.0210 1588 MRxDAV - ok
16:46:48.0460 1588 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:46:48.0600 1588 mrxsmb - ok
16:46:48.0709 1588 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:46:49.0115 1588 mrxsmb10 - ok
16:46:49.0224 1588 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:46:49.0442 1588 mrxsmb20 - ok
16:46:49.0661 1588 [ AA305CFF241DA187BD5077DE4A2A043D ] msahci C:\Windows\system32\drivers\msahci.sys
16:46:49.0786 1588 msahci - ok
16:46:49.0879 1588 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:46:49.0988 1588 msdsm - ok
16:46:50.0035 1588 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:46:50.0066 1588 MSDTC - ok
16:46:50.0098 1588 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:46:50.0129 1588 Msfs - ok
16:46:50.0254 1588 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:46:50.0285 1588 msisadrv - ok
16:46:50.0394 1588 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:46:50.0441 1588 MSiSCSI - ok
16:46:50.0441 1588 msiserver - ok
16:46:50.0597 1588 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:46:50.0940 1588 MSKSSRV - ok
16:46:51.0049 1588 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:46:51.0143 1588 MSPCLOCK - ok
16:46:51.0174 1588 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:46:51.0190 1588 MSPQM - ok
16:46:51.0314 1588 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:46:51.0408 1588 MsRPC - ok
16:46:51.0548 1588 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:46:51.0548 1588 mssmbios - ok
16:46:51.0564 1588 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:46:51.0611 1588 MSTEE - ok
16:46:51.0876 1588 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:46:51.0938 1588 Mup - ok
16:46:52.0126 1588 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:46:52.0344 1588 napagent - ok
16:46:52.0578 1588 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:46:52.0718 1588 NativeWifiP - ok
16:46:53.0093 1588 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:46:53.0264 1588 NDIS - ok
16:46:53.0296 1588 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:46:53.0327 1588 NdisTapi - ok
16:46:53.0358 1588 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:46:53.0389 1588 Ndisuio - ok
16:46:53.0467 1588 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:46:53.0498 1588 NdisWan - ok
16:46:53.0530 1588 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:46:53.0530 1588 NDProxy - ok
16:46:53.0654 1588 [ 7AFD0E39AB15CB355487B7CC19F4E2C5 ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
16:46:53.0670 1588 Netaapl - ok
16:46:53.0717 1588 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:46:53.0732 1588 NetBIOS - ok
16:46:53.0826 1588 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:46:53.0842 1588 netbt - ok
16:46:53.0873 1588 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:46:53.0873 1588 Netlogon - ok
16:46:54.0076 1588 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:46:54.0122 1588 Netman - ok
16:46:54.0263 1588 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:46:54.0434 1588 netprofm - ok
16:46:54.0528 1588 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:46:54.0606 1588 NetTcpPortSharing - ok
16:46:55.0963 1588 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
16:46:57.0414 1588 NETw3v32 - ok
16:46:57.0508 1588 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:46:57.0632 1588 nfrd960 - ok
16:46:57.0788 1588 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:46:57.0898 1588 NlaSvc - ok
16:46:58.0054 1588 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:46:58.0069 1588 Npfs - ok
16:46:58.0132 1588 npggsvc - ok
16:46:58.0288 1588 [ 9131FE60ADFAB595C8DA53AD6A06AA31 ] NPPTNT2 C:\Windows\system32\npptNT2.sys
16:46:58.0506 1588 NPPTNT2 - ok
16:46:58.0740 1588 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:46:58.0787 1588 nsi - ok
16:46:58.0912 1588 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:46:59.0083 1588 nsiproxy - ok
16:46:59.0707 1588 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:47:00.0581 1588 Ntfs - ok
16:47:00.0830 1588 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:47:00.0908 1588 ntrigdigi - ok
16:47:01.0049 1588 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:47:01.0096 1588 Null - ok
16:47:01.0642 1588 [ AE78A7285DF03A277415FC62F8CE8F24 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
16:47:01.0813 1588 NVENETFD - ok
16:47:02.0016 1588 [ B0DD52428BF564F5FC5EE331060BE2A6 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
16:47:02.0094 1588 NVHDA - ok
16:47:03.0716 1588 [ 9DAC05D828E56801FD6CE5FDFCED64AF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:47:04.0980 1588 nvlddmkm - ok
16:47:05.0042 1588 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:47:05.0120 1588 nvraid - ok
16:47:05.0245 1588 [ 0FB6BF3AB170FC5BD403D25E134EAFDE ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
16:47:05.0245 1588 nvsmu - ok
16:47:05.0339 1588 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:47:05.0354 1588 nvstor - ok
16:47:05.0432 1588 [ 51E7F2C26B6ECE61C5241F1F731EAB2B ] nvsvc C:\Windows\system32\nvvsvc.exe
16:47:05.0479 1588 nvsvc - ok
16:47:05.0526 1588 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:47:05.0526 1588 nv_agp - ok
16:47:05.0526 1588 NwlnkFlt - ok
16:47:05.0542 1588 NwlnkFwd - ok
16:47:05.0885 1588 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:47:05.0947 1588 odserv - ok
16:47:06.0041 1588 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:47:06.0134 1588 ohci1394 - ok
16:47:06.0353 1588 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:47:06.0431 1588 ose - ok
16:47:06.0618 1588 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:47:06.0883 1588 p2pimsvc - ok
16:47:06.0977 1588 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:47:06.0977 1588 p2psvc - ok
16:47:07.0055 1588 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:47:07.0086 1588 Parport - ok
16:47:07.0117 1588 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:47:07.0148 1588 partmgr - ok
16:47:07.0180 1588 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:47:07.0195 1588 Parvdm - ok
16:47:07.0320 1588 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:47:07.0336 1588 PcaSvc - ok
16:47:07.0476 1588 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:47:07.0585 1588 pci - ok
16:47:07.0757 1588 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
16:47:07.0772 1588 pciide - ok
16:47:07.0835 1588 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:47:07.0897 1588 pcmcia - ok
16:47:08.0069 1588 [ 8F93FB300DEAC55C553C2255F1D0342D ] PCTCore C:\Windows\system32\drivers\PCTCore.sys
16:47:08.0131 1588 PCTCore - ok
16:47:08.0381 1588 [ F820B4C61D1E591325B679D479D4EEA4 ] pctDS C:\Windows\system32\drivers\pctDS.sys
16:47:08.0474 1588 pctDS - ok
16:47:08.0662 1588 [ ACC8C15F3D59F17C5D903FF1DE3B43D3 ] pctEFA C:\Windows\system32\drivers\pctEFA.sys
16:47:08.0708 1588 pctEFA - ok
16:47:09.0020 1588 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:47:09.0410 1588 PEAUTH - ok
16:47:10.0034 1588 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:47:10.0908 1588 pla - ok
16:47:11.0002 1588 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:47:11.0095 1588 PlugPlay - ok
16:47:11.0267 1588 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:47:11.0282 1588 PNRPAutoReg - ok
16:47:11.0298 1588 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:47:11.0329 1588 PNRPsvc - ok
16:47:11.0486 1588 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:47:11.0689 1588 PolicyAgent - ok
16:47:11.0798 1588 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:47:11.0845 1588 PptpMiniport - ok
16:47:11.0954 1588 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:47:12.0048 1588 Processor - ok
16:47:12.0204 1588 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:47:12.0235 1588 ProfSvc - ok
16:47:12.0251 1588 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:47:12.0251 1588 ProtectedStorage - ok
16:47:12.0375 1588 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:47:12.0407 1588 PSched - ok
16:47:13.0015 1588 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:47:13.0062 1588 ql2300 - ok
16:47:13.0077 1588 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:47:13.0109 1588 ql40xx - ok
16:47:13.0296 1588 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:47:13.0296 1588 QWAVE - ok
16:47:13.0327 1588 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:47:13.0327 1588 QWAVEdrv - ok
16:47:13.0343 1588 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:47:13.0358 1588 RasAcd - ok
16:47:13.0389 1588 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:47:13.0405 1588 RasAuto - ok
16:47:13.0436 1588 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:47:13.0436 1588 Rasl2tp - ok
16:47:13.0545 1588 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:47:13.0561 1588 RasMan - ok
16:47:13.0623 1588 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:47:13.0655 1588 RasPppoe - ok
16:47:13.0686 1588 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:47:13.0733 1588 RasSstp - ok
16:47:13.0795 1588 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:47:13.0857 1588 rdbss - ok
16:47:13.0920 1588 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:47:13.0951 1588 RDPCDD - ok
16:47:13.0982 1588 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:47:14.0029 1588 rdpdr - ok
16:47:14.0060 1588 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:47:14.0060 1588 RDPENCDD - ok
16:47:14.0154 1588 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:47:14.0232 1588 RDPWD - ok
16:47:14.0450 1588 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
16:47:14.0513 1588 Recovery Service for Windows - ok
16:47:14.0575 1588 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:47:14.0606 1588 RemoteAccess - ok
16:47:14.0653 1588 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:47:14.0747 1588 RemoteRegistry - ok
16:47:14.0949 1588 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
16:47:15.0012 1588 RichVideo - ok
16:47:15.0059 1588 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:47:15.0090 1588 RpcLocator - ok
16:47:15.0215 1588 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:47:15.0230 1588 RpcSs - ok
16:47:15.0308 1588 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:47:15.0339 1588 rspndr - ok
16:47:15.0464 1588 [ 8DAB5975B5C7923D61506A48E251DBAD ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
16:47:15.0480 1588 RTSTOR - ok
16:47:15.0511 1588 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:47:15.0511 1588 SamSs - ok
16:47:15.0667 1588 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:47:15.0667 1588 SASDIFSV - ok
16:47:15.0698 1588 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:47:15.0698 1588 SASKUTIL - ok
16:47:15.0761 1588 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:47:15.0776 1588 sbp2port - ok
16:47:15.0917 1588 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:47:15.0948 1588 SCardSvr - ok
16:47:16.0275 1588 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:47:16.0572 1588 Schedule - ok
16:47:16.0634 1588 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:47:16.0634 1588 SCPolicySvc - ok
16:47:16.0775 1588 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:47:16.0837 1588 sdbus - ok
16:47:16.0946 1588 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:47:17.0102 1588 SDRSVC - ok
16:47:17.0165 1588 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:47:17.0274 1588 secdrv - ok
16:47:17.0321 1588 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:47:17.0367 1588 seclogon - ok
16:47:17.0430 1588 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:47:17.0445 1588 SENS - ok
16:47:17.0477 1588 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:47:17.0477 1588 Serenum - ok
16:47:17.0555 1588 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:47:17.0601 1588 Serial - ok
16:47:17.0664 1588 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:47:17.0679 1588 sermouse - ok
16:47:17.0789 1588 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:47:17.0835 1588 SessionEnv - ok
16:47:17.0882 1588 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:47:17.0898 1588 sffdisk - ok
16:47:17.0960 1588 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:47:18.0007 1588 sffp_mmc - ok
16:47:18.0054 1588 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:47:18.0085 1588 sffp_sd - ok
16:47:18.0163 1588 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:47:18.0194 1588 sfloppy - ok
16:47:18.0303 1588 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:47:18.0350 1588 ShellHWDetection - ok
16:47:18.0413 1588 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:47:18.0428 1588 sisagp - ok
16:47:18.0506 1588 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:47:18.0569 1588 SiSRaid2 - ok
16:47:18.0600 1588 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:47:18.0678 1588 SiSRaid4 - ok
16:47:19.0676 1588 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:47:21.0018 1588 slsvc - ok
16:47:21.0080 1588 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:47:21.0127 1588 SLUINotify - ok
16:47:21.0205 1588 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:47:21.0345 1588 Smb - ok
16:47:21.0408 1588 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:47:21.0439 1588 SNMPTRAP - ok
16:47:21.0533 1588 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:47:21.0642 1588 spldr - ok
16:47:21.0735 1588 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:47:21.0813 1588 Spooler - ok
16:47:22.0016 1588 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:47:22.0094 1588 srv - ok
16:47:22.0188 1588 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:47:22.0219 1588 srv2 - ok
16:47:22.0297 1588 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:47:22.0578 1588 srvnet - ok
16:47:22.0703 1588 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:47:22.0796 1588 SSDPSRV - ok
16:47:22.0937 1588 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:47:22.0999 1588 SstpSvc - ok
16:47:23.0217 1588 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:47:23.0233 1588 stisvc - ok
16:47:23.0264 1588 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:47:23.0264 1588 swenum - ok
16:47:23.0358 1588 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:47:23.0373 1588 swprv - ok
16:47:23.0389 1588 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:47:23.0389 1588 Symc8xx - ok
16:47:23.0405 1588 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:47:23.0405 1588 Sym_hi - ok
16:47:23.0420 1588 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:47:23.0420 1588 Sym_u3 - ok
16:47:23.0592 1588 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:47:23.0639 1588 SynTP - ok
16:47:23.0904 1588 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:47:24.0231 1588 SysMain - ok
16:47:24.0341 1588 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:47:24.0387 1588 TabletInputService - ok
16:47:24.0465 1588 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:47:24.0575 1588 TapiSrv - ok
16:47:24.0653 1588 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:47:24.0684 1588 TBS - ok
16:47:24.0965 1588 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:47:25.0105 1588 Tcpip - ok
16:47:25.0199 1588 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:47:25.0214 1588 Tcpip6 - ok
16:47:25.0277 1588 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:47:25.0323 1588 tcpipreg - ok
16:47:25.0386 1588 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:47:25.0433 1588 TDPIPE - ok
16:47:25.0479 1588 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:47:25.0526 1588 TDTCP - ok
16:47:25.0589 1588 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:47:25.0635 1588 tdx - ok
16:47:25.0667 1588 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:47:25.0682 1588 TermDD - ok
16:47:25.0807 1588 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:47:25.0994 1588 TermService - ok
16:47:26.0057 1588 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:47:26.0166 1588 Themes - ok
16:47:26.0213 1588 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:47:26.0228 1588 THREADORDER - ok
16:47:26.0306 1588 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:47:26.0384 1588 TrkWks - ok
16:47:26.0525 1588 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:47:26.0556 1588 TrustedInstaller - ok
16:47:26.0665 1588 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:47:26.0681 1588 tssecsrv - ok
16:47:26.0727 1588 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:47:26.0774 1588 tunmp - ok
16:47:26.0883 1588 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:47:26.0930 1588 tunnel - ok
16:47:27.0039 1588 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:47:27.0055 1588 uagp35 - ok
16:47:27.0133 1588 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:47:27.0211 1588 udfs - ok
16:47:27.0258 1588 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:47:27.0273 1588 UI0Detect - ok
16:47:27.0336 1588 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:47:27.0383 1588 uliagpkx - ok
16:47:27.0523 1588 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:47:27.0523 1588 uliahci - ok
16:47:27.0570 1588 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:47:27.0570 1588 UlSata - ok
16:47:27.0601 1588 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:47:27.0601 1588 ulsata2 - ok
16:47:27.0632 1588 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:47:27.0663 1588 umbus - ok
16:47:27.0773 1588 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:47:27.0851 1588 upnphost - ok
16:47:27.0960 1588 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:47:28.0007 1588 USBAAPL - ok
16:47:28.0116 1588 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:47:28.0163 1588 usbccgp - ok
16:47:28.0194 1588 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:47:28.0241 1588 usbcir - ok
16:47:28.0381 1588 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:47:28.0412 1588 usbehci - ok
16:47:28.0553 1588 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:47:28.0646 1588 usbhub - ok
16:47:28.0740 1588 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:47:28.0787 1588 usbohci - ok
16:47:28.0833 1588 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:47:28.0880 1588 usbprint - ok
16:47:28.0958 1588 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:47:29.0036 1588 USBSTOR - ok
16:47:29.0083 1588 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:47:29.0130 1588 usbuhci - ok
16:47:29.0301 1588 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:47:29.0317 1588 usbvideo - ok
16:47:29.0395 1588 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:47:29.0411 1588 UxSms - ok
16:47:29.0489 1588 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:47:29.0582 1588 vds - ok
16:47:29.0660 1588 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:47:29.0691 1588 vga - ok
16:47:29.0723 1588 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:47:29.0723 1588 VgaSave - ok
16:47:29.0769 1588 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:47:29.0801 1588 viaagp - ok
16:47:29.0863 1588 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:47:29.0894 1588 ViaC7 - ok
16:47:29.0925 1588 [ EA1AA6E3ABB3C194FEBA12A46DE8CF2C ] viaide C:\Windows\system32\drivers\viaide.sys
16:47:29.0957 1588 viaide - ok
16:47:29.0988 1588 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:47:29.0988 1588 volmgr - ok
16:47:30.0035 1588 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:47:30.0050 1588 volmgrx - ok
16:47:30.0066 1588 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:47:30.0081 1588 volsnap - ok
16:47:30.0097 1588 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:47:30.0097 1588 vsmraid - ok
16:47:30.0331 1588 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:47:30.0347 1588 VSS - ok
16:47:30.0471 1588 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:47:30.0487 1588 W32Time - ok
16:47:30.0534 1588 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:47:30.0549 1588 WacomPen - ok
16:47:30.0643 1588 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:47:30.0659 1588 Wanarp - ok
16:47:30.0690 1588 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:47:30.0690 1588 Wanarpv6 - ok
16:47:30.0815 1588 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:47:30.0830 1588 wcncsvc - ok
16:47:30.0877 1588 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:47:30.0877 1588 WcsPlugInService - ok
16:47:30.0908 1588 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
16:47:30.0908 1588 Wd - ok
16:47:31.0080 1588 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:47:31.0111 1588 Wdf01000 - ok
16:47:31.0142 1588 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:47:31.0189 1588 WdiServiceHost - ok
16:47:31.0189 1588 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:47:31.0189 1588 WdiSystemHost - ok
16:47:31.0283 1588 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:47:31.0283 1588 WebClient - ok
16:47:31.0376 1588 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:47:31.0392 1588 Wecsvc - ok
16:47:31.0439 1588 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:47:31.0470 1588 wercplsupport - ok
16:47:31.0563 1588 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:47:31.0579 1588 WerSvc - ok
16:47:31.0891 1588 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:47:31.0907 1588 winachsf - ok
16:47:31.0938 1588 WinHttpAutoProxySvc - ok
16:47:31.0985 1588 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:47:31.0985 1588 Winmgmt - ok
16:47:32.0063 1588 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:47:32.0250 1588 WinRM - ok
16:47:32.0343 1588 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:47:32.0406 1588 Wlansvc - ok
16:47:32.0453 1588 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:47:32.0453 1588 WmiAcpi - ok
16:47:32.0515 1588 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:47:32.0531 1588 wmiApSrv - ok
16:47:32.0671 1588 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:47:32.0702 1588 WMPNetworkSvc - ok
16:47:32.0811 1588 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:47:32.0811 1588 WPCSvc - ok
16:47:32.0827 1588 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:47:32.0858 1588 WPDBusEnum - ok
16:47:32.0905 1588 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:47:32.0905 1588 WpdUsb - ok
16:47:33.0077 1588 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:47:33.0108 1588 WPFFontCache_v0400 - ok
16:47:33.0139 1588 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:47:33.0155 1588 ws2ifsl - ok
16:47:33.0155 1588 WSearch - ok
16:47:33.0279 1588 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:47:33.0311 1588 wuauserv - ok
16:47:33.0373 1588 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:47:33.0373 1588 WUDFRd - ok
16:47:33.0451 1588 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:47:33.0467 1588 wudfsvc - ok
16:47:33.0529 1588 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
16:47:33.0529 1588 XAudio - ok
16:47:33.0560 1588 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
16:47:33.0576 1588 XAudioService - ok
16:47:33.0784 1588 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:47:33.0799 1588 YahooAUService - ok
16:47:33.0940 1588 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
16:47:34.0049 1588 yukonwlh - ok
16:47:34.0142 1588 ================ Scan global ===============================
16:47:34.0174 1588 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:47:34.0267 1588 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:47:34.0470 1588 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:47:34.0626 1588 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:47:34.0844 1588 [Global] - ok
16:47:34.0860 1588 ================ Scan MBR ==================================
16:47:34.0876 1588 [ 588AE8F0C685C02BA11F30D9CD7E61A0 ] \Device\Harddisk0\DR0
16:47:37.0071 1588 \Device\Harddisk0\DR0 - ok
16:47:37.0071 1588 ================ Scan VBR ==================================
16:47:37.0103 1588 [ 9A52B3B1B6473DF8E46267AA656E597B ] \Device\Harddisk0\DR0\Partition1
16:47:37.0118 1588 \Device\Harddisk0\DR0\Partition1 - ok
16:47:37.0149 1588 [ 2AA059C9B3B87ACFF193562D46A8B27B ] \Device\Harddisk0\DR0\Partition2
16:47:37.0337 1588 \Device\Harddisk0\DR0\Partition2 - ok
16:47:37.0337 1588 ============================================================
16:47:37.0337 1588 Scan finished
16:47:37.0337 1588 ============================================================
16:47:37.0352 2156 Detected object count: 0
16:47:37.0352 2156 Actual detected object count: 0

Synes godt om

f-arn Guru

24. september 2012 - 17:40 #23

Hent og gem ComboFix på dit skrivebord.

Kør så ComboFix.exe og følg anvisningerne.

Vigtigt--> Da ComboFix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her: C:\ComboFix.txt

Synes godt om

ChinkyThai Nybegynder

24. september 2012 - 20:53 #24

Prøvet din anvisning og ved ikke helt hvad det hjalp, nettet virket fint men kunne ikke åbne for browseren. Der kom pop up med ugyldig vej noget med den var markeret til sletning og sagde den med de fleste programmer. Var så heldig og kunne komme ind i gendannelse ved at højre klik og kør som admin. Blev godt nok bange der :/

men fik log af det hvor jeg ikke kunne aktivere noget som helst næsten.

ComboFix 12-09-24.02 - Naasu 24-09-2012 19:27:09.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.45.1030.18.1790.1002 [GMT 2:00]
Kører fra: c:\users\Naasu\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Naasu\AppData\Local\Bron.tok-10-19
c:\users\Naasu\AppData\Local\Bron.tok-10-21
c:\users\Naasu\AppData\Local\Bron.tok-10-22
c:\users\Naasu\AppData\Local\Bron.tok-10-23
c:\users\Naasu\AppData\Local\Bron.tok-10-24
c:\users\Naasu\AppData\Local\Bron.tok.A10.em.bin
c:\users\Naasu\AppData\Local\Kosong.Bron.Tok.txt
c:\users\Naasu\AppData\Local\Update.10.Bron.Tok.bin
c:\users\Naasu\AppData\Roaming\system32
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2012-08-24 til 2012-09-24 )))))))))))))))))))))))))))))))))))
.
.
2012-09-23 21:04 . 2012-09-23 21:04 -------- d-----w- C:\_OTL
2012-09-22 19:38 . 2012-09-22 19:38 -------- d-----w- c:\users\Naasu\AppData\Roaming\Malwarebytes
2012-09-22 19:35 . 2012-09-22 19:35 -------- d-----w- c:\programdata\Malwarebytes
2012-09-22 19:35 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-22 19:35 . 2012-09-22 19:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-20 18:10 . 2012-09-20 18:10 -------- d-----w- c:\users\Naasu\AppData\Roaming\SUPERAntiSpyware.com
2012-09-20 18:10 . 2012-09-20 18:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-20 18:10 . 2012-09-20 18:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-19 23:03 . 2012-09-19 23:03 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-19 23:00 . 2012-09-19 23:00 -------- d-----w- c:\programdata\McAfee
2012-09-19 22:30 . 2012-09-19 22:35 -------- d-----w- C:\sn0wbreeze
2012-09-19 19:19 . 2012-09-19 19:19 -------- d-----w- c:\users\Naasu\AppData\Local\FixItCenter
2012-09-19 13:53 . 2012-09-23 20:54 -------- d-----w- c:\windows\MATS
2012-09-19 13:53 . 2012-09-23 20:54 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-09-19 00:28 . 2012-09-19 00:28 -------- d-----w- c:\program files\iPod
2012-09-19 00:28 . 2012-09-19 00:35 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-19 00:23 . 2012-09-19 00:23 -------- d-----w- c:\program files\Apple Software Update
2012-09-19 00:17 . 2012-09-19 00:17 -------- d-----w- c:\program files\Bonjour
2012-09-18 10:07 . 2012-09-20 19:40 -------- d-----w- c:\programdata\6F63AB0800513A38188F9A88E56C34E5
2012-09-18 09:24 . 2012-09-18 09:25 -------- d-----w- c:\users\Naasu\.shsh
2012-09-18 02:36 . 2012-09-18 23:40 -------- d-----w- c:\programdata\6F63AB0800513A38188F9A882F3B707C
2012-09-18 02:30 . 2012-08-21 11:01 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-09-18 02:30 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-18 02:30 . 2012-09-18 02:30 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2012-09-18 01:17 . 2012-09-18 01:17 -------- d-----w- c:\users\Naasu\AppData\Roaming\SendSpace
2012-09-18 01:01 . 2012-09-18 23:39 -------- d-----w- c:\programdata\Premium
2012-09-18 00:59 . 2012-09-18 23:39 -------- d-----w- c:\programdata\InstallMate
2012-09-18 00:34 . 2012-09-18 00:34 -------- d-----w- c:\users\Naasu\AppData\Local\libimobiledevice
2012-09-17 18:58 . 2012-09-18 00:50 -------- d-----w- c:\users\Naasu\AppData\Roaming\redsn0w
2012-09-16 23:21 . 2012-09-18 10:02 -------- d-----w- c:\users\Naasu\AppData\Local\com.zipeg
2012-09-16 23:21 . 2012-09-16 23:21 -------- d-----w- c:\users\Naasu\AppData\Local\Zipeg
2012-09-16 23:17 . 2012-09-16 23:17 -------- d-----w- c:\users\Naasu\AppData\Roaming\Philipp Winterberg
2012-09-16 18:23 . 2012-09-16 18:27 -------- d-----w- c:\users\Naasu\AppData\Roaming\dvdcss
2012-09-16 18:21 . 2012-09-16 18:21 -------- d-----w- c:\users\Naasu\AppData\Roaming\Digiarty
2012-09-08 17:13 . 2012-09-08 17:13 -------- d-----w- c:\windows\system32\Macromedia
2012-08-30 22:21 . 2012-08-24 13:58 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 17:36 . 2012-07-26 12:03 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 17:36 . 2012-03-09 20:12 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-19 23:03 . 2010-04-26 18:30 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-09 11:42 . 2012-07-09 11:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 11:42 . 2012-07-09 11:42 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-02 202032]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\Naasu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Indholdsfortegnelse i OneNote.onetoc2 [2009-6-28 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_F4C8AF9B51306D74E79BBEB5F0B61AB6]
2012-08-30 02:58 1229848 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 17:36]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 02:27]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 02:27]
.
2012-09-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 03109bd7-eb4b-47c0-860c-c8e4bee82536.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-24 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9cad132c-f0b6-4ae5-9f6b-e3761847a11b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mStart Page = hxxp://search.myheritage.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar-søgning - c:\programdata\AOL\ieToolbar\resources\da-DK\local\search.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Naasu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Naasu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 89.150.129.22 89.150.129.10 89.150.129.22
TCP: Interfaces\{51EBE8B1-F87E-496D-9AA6-0177D1388248}: NameServer = 208.67.222.222,208.67.220.220
DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx
FF - ProfilePath - c:\users\Naasu\AppData\Roaming\Mozilla\Firefox\Profiles\4urlrbyc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - TOMME GENVEJE FJERNET - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
MSConfigStartUp-IObit Malware Fighter - c:\program files\IObit\IObit Malware Fighter\IMF.exe
AddRemove-{20E7BC40-33F6-4A81-9D52-B58349326206} - c:\programdata\Download and Sa\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-24 19:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
scanner skjulte filer ...
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,12,d6,67,00,e0,9e,49,85,6f,41,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,12,d6,67,00,e0,9e,49,85,6f,41,\
.
[HKEY_USERS\S-1-5-21-2658935870-3884999416-1394182607-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:73,34,73,6a,20,97,b0,5f,2f,18,02,9e,1e,53,80,20,42,0c,a6,ca,d5,
f6,ad,21,27,4e,fc,1a,f1,19,fc,22,31,d3,f5,ff,07,ac,4a,58,55,c8,69,d7,2e,03,\
"rkeysecu"=hex:9b,3b,c0,f5,34,52,1d,39,9b,c5,0c,d8,be,9b,06,b6
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\SMINST\BLService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\lpremove.exe
c:\windows\system32\lpksetup.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Gennemført tid: 2012-09-24 20:11:21 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-09-24 18:10
.
Pre-Kørsel: 113.177.522.176 byte ledig
Post-Kørsel: 113.173.819.392 byte ledig
.
- - End Of File - - B0B46AD1ECF577D96B2772E68657B170

Synes godt om

f-arn Guru

24. september 2012 - 21:41 #25

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
ClearJavaCache::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Får du noget der ligner denne fejl.

Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning

Så genstart, en gang mere, det burde løse det.

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

ChinkyThai Nybegynder

25. september 2012 - 20:56 #26

Gjorde som du sagde og der skete intet faktisk. Da den begyndte at scanne sagde den bare noget med søgning igang og at det kan tag op til 10 min medminre den er meget inficeret. Jeg lod den stå natten over og da jeg vågnet imorges stod den stadig på det samme. Gået helt i stå den stod bare og blinket som om den loadet. Kunne intet gøre så måtte tag strømmen og nu den tilbage til normal igen.

Synes godt om

f-arn Guru

25. september 2012 - 21:34 #27

Fjern Alle USB nøgler og Externe Harddiske før du kører programmet.

Hent og gem RogueKiller på dit skrivebord.

Den kan også hentes her

Luk alle vinduer og kør "RogueKiller" (Hvis den blokeres, kør den flere gange)

Hvis den slet ikke vil køre, prøv at omdøbe den til winlogon.exe

Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator.

Lad det indledende scan køre.

Tryk SCAN.

Når den har scannet færdig, så luk programmet.

Den laver en log "RKreport[1].txt" på dit Skrivebord. Kopier den herind i dit næste indlæg.

Synes godt om

ChinkyThai Nybegynder

25. september 2012 - 22:16 #28

Synes godt om

f-arn Guru

26. september 2012 - 11:27 #29

Fjern Alle USB nøgler og Externe Harddiske før du kører programmet.

Luk alle vinduer og kør "RogueKiller" igen (Hvis den blokeres, kør den flere gange)

Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator.

Lad det indledende scan køre.

Tryk SCAN.

Tryk så på Delete.

Den laver en log "RKreport.txt" på dit Skrivebord. Kopier den herind i dit næste indlæg.

------

1. Hent dette lille værktøj:

http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshortstuff/SystemLook.exe (alternativ adresse)

2. Dobbeltklik på systemlook.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:folderfind
{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
:filefind
\n
*.n
\@
*.@

3. Luk så alle andre vinduer og klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Synes godt om

ChinkyThai Nybegynder

26. september 2012 - 13:26 #30

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Naasu [Admin rights]
Mode : Remove -- Date : 09/26/2012 13:11:58

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
74.208.105.171 gs.apple.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSX ATA Device +++++
--- User ---
[MBR] f5510dd1afc2027f19ee026e7bc49479
[BSP] 4628b7579eb2be3a750308096cca1b93 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 227443 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 465805312 | Size: 11028 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

OG

SystemLook 30.07.11 by jpshortstuff
Log created at 13:13 on 26/09/2012 by Naasu
Administrator - Elevation successful

========== folderfind ==========

Searching for "{ff24043d-55f8-5ce9-a20a-8337d9b4b888}"
C:\_OTL\MovedFiles\09232012_230426\C_Users\Naasu\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} d------ [12:43 24/01/2012]
C:\_OTL\MovedFiles\09232012_230426\C_Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} d------ [12:43 24/01/2012]

========== filefind ==========

Searching for "\n"
No files found.

Searching for "*.n"
No files found.

Searching for "\@"
C:\_OTL\MovedFiles\09232012_230426\C_Users\Naasu\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ --ahs-- 2048 bytes [12:43 24/01/2012] [17:41 20/09/2012] A363112F11C6B12895E048449BB7BD5E

Searching for "*.@"
C:\_OTL\MovedFiles\09232012_230426\C_Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@ --a---- 804 bytes [12:02 26/07/2012] [13:49 20/09/2012] EFC0C6EF865D96745E67B706FF06CC74

-= EOF =-

Synes godt om

ChinkyThai Nybegynder

26. september 2012 - 20:29 #31

Synes godt om

f-arn Guru

26. september 2012 - 22:30 #32

Hent en ny ComboFix, og overskriv den gamle.

------

Hent og gem ComboFix på dit skrivebord.

Kør så ComboFix.exe og følg anvisningerne.

Vigtigt--> Da ComboFix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt

Indholdet af denne fil må du gerne lægge herind.

Får du noget der ligner denne fejl.

Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning

Så genstart, en gang mere, det burde løse det.

Den kan findes her: C:\ComboFix.txt

Hvis den ikke vil, så prøv i fejlsikret. (Tryk F8 flere gange under opstart)

Synes godt om

ChinkyThai Nybegynder

27. september 2012 - 16:31 #33

Gjorde som du sagde og gik fint nok indtil jeg prøvet og åbne nettet osv.
Den kom op med Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning igen.

Synes godt om

ChinkyThai Nybegynder

27. september 2012 - 16:55 #34

nå ja og forresten sagde den noget med avast var aktiveret selvom den ikke er i højre hjørne som ikon og har lukket alt med avast på tjenester, ved ikke helt om det kan være derfor. Kørte scanneren og den popup kom frem. lukket den efter jeg havde lukket alt med avast og stadig popper den op med en til advarsel om at hvis jeg køre videre er det på eget risiko.

Synes godt om

f-arn Guru

27. september 2012 - 19:56 #35

Den kom op med Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning igen

Hvad har jeg tidligere skrevet om den fejl ?

Avast skal lukkes ned inde i Avast.

http://www.bleepingcomputer.com/forums/topic114351.html

Se under Avast.

Synes godt om

ChinkyThai Nybegynder

27. september 2012 - 20:55 #36

Har deaktiveret de 10 shields som der står man kan med et højreklik på ikonet i nede i højre hjørne men har prøvet og sæt den til aktivering efter genstart og permanent. Den kommer stadig op med den warning popup med der Avast aktiv. Det giver jo ingen mening når jeg har gjort de ting der blevet skrevet.

Har rapport fra da den fik "Den kom op med Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning igen" hvis det kan hjælpe på nogen måde?

Synes godt om

ChinkyThai Nybegynder

27. september 2012 - 21:48 #37

Har prøvet avast egen delete program til avast hvor du skal sætte den i safe mode. Fejlsikret tilstand er det vidst. Men da jeg sætter den igang kmommer den op med en blå skærm og en error. Den slukket nogle få sekunder efter jeg havde startet bærbaren og skete 2-3 gange. Besluttet så for at lade den stå og køle af og det virkede. Nu jeg på igen i normal tilstand hvilket virker fint nu faktisk men kan stadig ikke få lukket avast ligemeget hvad jeg prøver. I selveste Avast, under tjenester deaktiveret og selv tjekket ctrl-alt-delete. Intet med avast og aktiv og stadig popper combofix op med advarsel om avast. For langt ude det her :/ forstår intet.

Synes godt om

f-arn Guru

28. september 2012 - 20:30 #38

Det står du skal Højreklikke på Avast -> avast! shields control.

Der kan du vælge hvor lang tid den skal deaktiveres.

Har deaktiveret de 10 shields som der står man kan med et højreklik på ikonet i nede i højre hjørne

Det ved jeg ikke hvor du har fra.

Hvad gjorde du, da den sidste gang kom med "Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning" ?

Hvis du ikke gendannede, vil jeg gerne se loggen.

Synes godt om

ChinkyThai Nybegynder

28. september 2012 - 22:55 #39

Det var hvad der kom frem i log efter combofix. Da "Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning" sidste gang gendannet jeg til normal da jeg intet kunne gøre. ^^
Har gendannet nu men loggen er fra da jeg ikke gendannet. Loggen kom frem da den genstartet og kunne gemme den på skrivebordet men så kunne jeg ikke åbne loggen igen. Kunne intet åbne. Trykket på forskellige ting men der kom bar den popup hver gang. Så trykket jeg på systemgendannelse som kør adminstrator og så ville den gerne køre det men tog godt nok lang tid for den at åbne vinduet.

ComboFix 12-09-26.04 - Naasu 26-09-2012 23:25:44.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.45.1030.18.1790.850 [GMT 2:00]
Kører fra: c:\users\Naasu\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2012-08-26 til 2012-09-26 )))))))))))))))))))))))))))))))))))
.
.
2012-09-26 21:55 . 2012-09-26 21:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-09-26 21:55 . 2012-09-26 21:55 -------- d-----w- c:\users\Gæst\AppData\Local\temp
2012-09-26 21:55 . 2012-09-26 21:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-25 18:50 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-24 21:31 . 2012-09-24 21:32 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-24 19:05 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-09-23 21:04 . 2012-09-23 21:04 -------- d-----w- C:\_OTL
2012-09-22 19:38 . 2012-09-22 19:38 -------- d-----w- c:\users\Naasu\AppData\Roaming\Malwarebytes
2012-09-22 19:35 . 2012-09-22 19:35 -------- d-----w- c:\programdata\Malwarebytes
2012-09-22 19:35 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-22 19:35 . 2012-09-22 19:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-20 18:10 . 2012-09-20 18:10 -------- d-----w- c:\users\Naasu\AppData\Roaming\SUPERAntiSpyware.com
2012-09-20 18:10 . 2012-09-20 18:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-20 18:10 . 2012-09-20 18:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-19 23:03 . 2012-09-19 23:03 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-19 23:00 . 2012-09-19 23:00 -------- d-----w- c:\programdata\McAfee
2012-09-19 22:30 . 2012-09-19 22:35 -------- d-----w- C:\sn0wbreeze
2012-09-19 19:19 . 2012-09-19 19:19 -------- d-----w- c:\users\Naasu\AppData\Local\FixItCenter
2012-09-19 13:53 . 2012-09-23 20:54 -------- d-----w- c:\windows\MATS
2012-09-19 13:53 . 2012-09-23 20:54 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-09-19 00:28 . 2012-09-19 00:28 -------- d-----w- c:\program files\iPod
2012-09-19 00:23 . 2012-09-19 00:23 -------- d-----w- c:\program files\Apple Software Update
2012-09-19 00:17 . 2012-09-19 00:17 -------- d-----w- c:\program files\Bonjour
2012-09-18 10:07 . 2012-09-20 19:40 -------- d-----w- c:\programdata\6F63AB0800513A38188F9A88E56C34E5
2012-09-18 09:24 . 2012-09-18 09:25 -------- d-----w- c:\users\Naasu\.shsh
2012-09-18 02:36 . 2012-09-18 23:40 -------- d-----w- c:\programdata\6F63AB0800513A38188F9A882F3B707C
2012-09-18 02:30 . 2012-08-21 11:01 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-09-18 02:30 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-18 02:30 . 2012-09-18 02:30 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2012-09-18 01:17 . 2012-09-18 01:17 -------- d-----w- c:\users\Naasu\AppData\Roaming\SendSpace
2012-09-18 01:01 . 2012-09-18 23:39 -------- d-----w- c:\programdata\Premium
2012-09-18 00:59 . 2012-09-18 23:39 -------- d-----w- c:\programdata\InstallMate
2012-09-18 00:34 . 2012-09-18 00:34 -------- d-----w- c:\users\Naasu\AppData\Local\libimobiledevice
2012-09-17 18:58 . 2012-09-18 00:50 -------- d-----w- c:\users\Naasu\AppData\Roaming\redsn0w
2012-09-16 23:21 . 2012-09-18 10:02 -------- d-----w- c:\users\Naasu\AppData\Local\com.zipeg
2012-09-16 23:21 . 2012-09-16 23:21 -------- d-----w- c:\users\Naasu\AppData\Local\Zipeg
2012-09-16 23:17 . 2012-09-16 23:17 -------- d-----w- c:\users\Naasu\AppData\Roaming\Philipp Winterberg
2012-09-16 18:23 . 2012-09-16 18:27 -------- d-----w- c:\users\Naasu\AppData\Roaming\dvdcss
2012-09-16 18:21 . 2012-09-16 18:21 -------- d-----w- c:\users\Naasu\AppData\Roaming\Digiarty
2012-09-08 17:13 . 2012-09-08 17:13 -------- d-----w- c:\windows\system32\Macromedia
2012-08-30 22:21 . 2012-08-24 13:58 405152 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 17:36 . 2012-07-26 12:03 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 17:36 . 2012-03-09 20:12 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-19 23:03 . 2010-04-26 18:30 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-09 11:42 . 2012-07-09 11:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 11:42 . 2012-07-09 11:42 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
"GoogleChromeAutoLaunch_F4C8AF9B51306D74E79BBEB5F0B61AB6"="c:\program files\Google\Chrome\Application\chrome.exe" [2012-08-30 1229848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-02 202032]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\users\Naasu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Indholdsfortegnelse i OneNote.onetoc2 [2009-6-28 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_F4C8AF9B51306D74E79BBEB5F0B61AB6]
2012-08-30 02:58 1229848 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 17:36]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 02:27]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 02:27]
.
2012-09-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 03109bd7-eb4b-47c0-860c-c8e4bee82536.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 9cad132c-f0b6-4ae5-9f6b-e3761847a11b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mStart Page = hxxp://search.myheritage.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar-søgning - c:\programdata\AOL\ieToolbar\resources\da-DK\local\search.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Naasu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Naasu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 89.150.129.22 89.150.129.10 89.150.129.22
TCP: Interfaces\{51EBE8B1-F87E-496D-9AA6-0177D1388248}: NameServer = 208.67.222.222,208.67.220.220
DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx
FF - ProfilePath - c:\users\Naasu\AppData\Roaming\Mozilla\Firefox\Profiles\4urlrbyc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Downloadand Sa: 5057c85a96762@5057c85a9679c.com - c:\users\Naasu\AppData\Roaming\Mozilla\Firefox\Profiles\4urlrbyc.default\extensions\5057c85a96762@5057c85a9679c.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Downloadand Sa: 5057c85a96762@5057c85a9679c.com - %profile%\extensions\5057c85a96762@5057c85a9679c.com
.
- - - - TOMME GENVEJE FJERNET - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-27 00:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
scanner skjulte filer ...
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,12,d6,67,00,e0,9e,49,85,6f,41,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,12,d6,67,00,e0,9e,49,85,6f,41,\
.
[HKEY_USERS\S-1-5-21-2658935870-3884999416-1394182607-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:73,34,73,6a,20,97,b0,5f,2f,18,02,9e,1e,53,80,20,42,0c,a6,ca,d5,
f6,ad,21,27,4e,fc,1a,f1,19,fc,22,31,d3,f5,ff,07,ac,4a,58,55,c8,69,d7,2e,03,\
"rkeysecu"=hex:9b,3b,c0,f5,34,52,1d,39,9b,c5,0c,d8,be,9b,06,b6
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\SMINST\BLService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\lpremove.exe
c:\windows\system32\lpksetup.exe
.
**************************************************************************
.
Gennemført tid: 2012-09-27 00:22:48 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-09-26 22:21
ComboFix2.txt 2012-09-24 18:11
.
Pre-Kørsel: 109.965.393.920 byte ledig
Post-Kørsel: 110.046.191.616 byte ledig
.
- - End Of File - - D834C458B16FEB46E2AA4F2493258A57

Synes godt om

f-arn Guru

28. september 2012 - 23:39 #40

Hvis du ikke gendannede, vil jeg gerne se loggen.

Jeg er ikke intersseret i en log, når du har gendannet efterfølgende.

------

Vil du godt hente en ny ComboFix på dit skrivebord.

Kør så ComboFix.exe og følg anvisningerne.

Vigtigt--> Da ComboFix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt

Indholdet af denne fil må du gerne lægge herind.

Får du noget der ligner denne fejl.

Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning

Så genstart, en gang mere, det burde løse det.

Den kan findes her: C:\ComboFix.txt

Synes godt om

f-arn Guru

28. september 2012 - 23:40 #41

Får du noget der ligner denne fejl.

Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning

Så genstart, en gang mere, det burde løse det.

Synes godt om

f-arn Guru

02. oktober 2012 - 21:43 #42

Har du opgivet ?

Synes godt om

ChinkyThai Nybegynder

06. oktober 2012 - 17:39 #43

Hej f-arn.
Nej nej har ikke opgivet men var lige nød til at holde en pause da det tog næsten alt min tid. Er tilbage nu og prøver bruge combofix og derefter restart. Har prøvet alt for at lukke alt slags firewall og beskyttelse der gør programmet kører skidt og stadig kommer den op med en advarsel om der noget program som er tændt der blokere det men trykker bar fortsæt og ser hvad der sker.

Synes godt om

ChinkyThai Nybegynder

06. oktober 2012 - 18:50 #44

ok den kørte det fint nu uden nogen advarsel selv om jeg har gjort det samme de sidste par gange. Kan åbne programmerne nu man ved stadig ikke om alt er ok her. Fik loggen fra Combofix og er stadig i combofix tilstand, har ikke gendannet.

ComboFix 12-10-04.02 - Naasu 06-10-2012 18:00:59.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.45.1030.18.1790.925 [GMT 2:00]
Kører fra: C:\Users\Naasu\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download and Sa
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download and Sa\Download and Sa.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download and Sa\Uninstall.lnk
C:\Users\Naasu\AppData\Roaming\i6g8xs.log

((((((((((((((((((((((((((((( Filer skabt fra 2012-09-06 til 2012-10-06 )))))))))))))))))))))))))))))))))))

2012-10-06 16:26:31 . 2012-10-06 16:26:31 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp
2012-10-06 16:26:31 . 2012-10-06 16:26:31 -------- d-----w- C:\Users\Gæst\AppData\Local\temp
2012-10-06 16:26:31 . 2012-10-06 16:26:31 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-10-01 20:30:33 . 2012-10-01 20:30:33 -------- d-----w- C:\Users\Naasu\jagexcache
2012-09-29 16:45:24 . 2012-09-29 16:45:41 -------- d-----w- C:\Program Files\Apple
2012-09-26 22:03:22 . 2012-09-26 22:03:22 -------- d-----w- C:\$RECYCLE(0).BIN
2012-09-25 18:50:54 . 2012-07-04 14:02:46 2047488 ----a-w- C:\Windows\system32\win32k.sys
2012-09-24 21:31:11 . 2012-09-24 21:32:04 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-24 19:05:23 . 2012-05-11 15:57:00 623616 ----a-w- C:\Windows\system32\localspl.dll
2012-09-23 21:04:26 . 2012-09-23 21:04:26 -------- d-----w- C:\_OTL
2012-09-22 19:38:29 . 2012-09-22 19:38:29 -------- d-----w- C:\Users\Naasu\AppData\Roaming\Malwarebytes
2012-09-22 19:35:46 . 2012-09-22 19:35:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-22 19:35:30 . 2012-09-07 15:04:46 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-09-22 19:35:29 . 2012-09-22 19:37:34 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-09-20 18:10:26 . 2012-09-20 18:10:26 -------- d-----w- C:\Users\Naasu\AppData\Roaming\SUPERAntiSpyware.com
2012-09-20 18:10:04 . 2012-09-20 18:10:25 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-09-20 18:10:04 . 2012-09-20 18:10:04 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-19 23:03:46 . 2012-09-19 23:03:32 477168 ----a-w- C:\Windows\system32\npdeployJava1.dll
2012-09-19 23:00:24 . 2012-09-19 23:00:24 -------- d-----w- C:\ProgramData\McAfee
2012-09-19 22:30:22 . 2012-09-19 22:35:43 -------- d-----w- C:\sn0wbreeze
2012-09-19 19:19:22 . 2012-09-19 19:19:22 -------- d-----w- C:\Users\Naasu\AppData\Local\FixItCenter
2012-09-19 13:53:43 . 2012-09-23 20:54:17 -------- d-----w- C:\Windows\MATS
2012-09-19 13:53:42 . 2012-09-23 20:54:12 -------- d-----w- C:\Program Files\Microsoft Fix it Center
2012-09-19 00:28:44 . 2012-09-19 00:28:44 -------- d-----w- C:\Program Files\iPod
2012-09-19 00:23:45 . 2012-09-19 00:23:50 -------- d-----w- C:\Program Files\Apple Software Update
2012-09-19 00:17:23 . 2012-09-19 00:17:25 -------- d-----w- C:\Program Files\Bonjour
2012-09-18 10:07:58 . 2012-09-20 19:40:28 -------- d-----w- C:\ProgramData\6F63AB0800513A38188F9A88E56C34E5
2012-09-18 09:24:47 . 2012-09-18 09:25:05 -------- d-----w- C:\Users\Naasu\.shsh
2012-09-18 02:36:51 . 2012-09-18 23:40:19 -------- d-----w- C:\ProgramData\6F63AB0800513A38188F9A882F3B707C
2012-09-18 02:30:33 . 2012-08-21 11:01:22 106928 ----a-w- C:\Windows\system32\GEARAspi.dll
2012-09-18 02:30:33 . 2009-03-19 14:32:48 23400 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2012-09-18 02:30:00 . 2012-09-18 02:30:31 -------- d-----w- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2012-09-18 01:17:12 . 2012-09-18 01:17:12 -------- d-----w- C:\Users\Naasu\AppData\Roaming\SendSpace
2012-09-18 01:01:05 . 2012-09-18 23:39:31 -------- d-----w- C:\ProgramData\Premium
2012-09-18 00:59:35 . 2012-09-18 23:39:34 -------- d-----w- C:\ProgramData\InstallMate
2012-09-18 00:34:19 . 2012-09-18 00:34:31 -------- d-----w- C:\Users\Naasu\AppData\Local\libimobiledevice
2012-09-17 18:58:06 . 2012-09-18 00:50:38 -------- d-----w- C:\Users\Naasu\AppData\Roaming\redsn0w
2012-09-16 23:21:39 . 2012-09-18 10:02:05 -------- d-----w- C:\Users\Naasu\AppData\Local\com.zipeg
2012-09-16 23:21:35 . 2012-09-16 23:21:57 -------- d-----w- C:\Users\Naasu\AppData\Local\Zipeg
2012-09-16 23:17:07 . 2012-09-16 23:17:07 -------- d-----w- C:\Users\Naasu\AppData\Roaming\Philipp Winterberg
2012-09-16 18:23:21 . 2012-09-16 18:27:43 -------- d-----w- C:\Users\Naasu\AppData\Roaming\dvdcss
2012-09-16 18:21:58 . 2012-09-16 18:21:58 -------- d-----w- C:\Users\Naasu\AppData\Roaming\Digiarty
2012-09-08 17:13:53 . 2012-09-08 17:13:53 -------- d-----w- C:\Windows\system32\Macromedia
.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-09-20 17:36:37 . 2012-07-26 12:03:01 696240 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-09-20 17:36:37 . 2012-03-09 20:12:02 73136 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-09-19 23:03:32 . 2010-04-26 18:30:13 473072 ----a-w- C:\Windows\system32\deployJava1.dll
2012-08-24 13:58:36 . 2012-08-30 22:21:54 405152 ----a-w- C:\Windows\system32\Newtonsoft.Json.Net20.dll
2012-07-09 11:42:56 . 2012-07-09 11:42:56 4547984 ----a-w- C:\Windows\system32\usbaaplrc.dll
2012-07-09 11:42:56 . 2012-07-09 11:42:56 44032 ----a-w- C:\Windows\system32\drivers\USBAAPL.sys

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))

*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-01-12 04:44:56 1517368]

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46:54 2642432 ----a-w- C:\Program Files\Family Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "C:\Program Files\Family Toolbar\tbcore3.dll" [2009-05-07 21:46:54 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "C:\Program Files\Family Toolbar\tbcore3.dll" [2009-05-07 21:46:54 2642432]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 17:16:32 2363392]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 20:05:46 4780928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 18:05:10 1049896]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2008-09-24 00:21:52 468264]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-02 00:14:02 202032]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 15:58:56 75008]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 00:24:20 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 22:51:00 488752]
"avast5"="C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 11:57:44 2743104]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2009-07-23 13:39:04 13797920]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 10:55:28 937920]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 19:32:54 59280]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-09-09 21:30:34 421776]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2012-04-18 18:56:22 421888]

C:\Users\Naasu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Indholdsfortegnelse i OneNote.onetoc2 [2009-6-28 3656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_F4C8AF9B51306D74E79BBEB5F0B61AB6]
2012-09-25 09:43:01 1239064 ----a-w- C:\Program Files\Google\Chrome\Application\chrome.exe

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14:42 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe

Indhold af mappen 'Planlagte Opgaver'

2012-10-06 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 12:03:01 . 2012-09-20 17:36:40]

2012-10-06 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-29 02:27:46 . 2009-05-29 02:27:19]

2012-10-06 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-29 02:27:46 . 2009-05-29 02:27:19]

------- Yderligere scanning -------

uStart Page = hxxp://www.google.dk/
mStart Page = hxxp://search.myheritage.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar-søgning - C:\ProgramData\AOL\ieToolbar\resources\da-DK\local\search.html
IE: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Naasu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Naasu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 89.150.129.22 89.150.129.10 89.150.129.22
DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx
FF - ProfilePath - C:\Users\Naasu\AppData\Roaming\Mozilla\Firefox\Profiles\4urlrbyc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Downloadand Sa: 5057c85a96762@5057c85a9679c.com - C:\Users\Naasu\AppData\Roaming\Mozilla\Firefox\Profiles\4urlrbyc.default\extensions\5057c85a96762@5057c85a9679c.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Downloadand Sa: 5057c85a96762@5057c85a9679c.com - %profile%\extensions\5057c85a96762@5057c85a9679c.com

- - - - TOMME GENVEJE FJERNET - - - -

AddRemove-{900C2AB5-3F37-4F84-B58C-893FA5F42D7D}_is1 - C:\Program Files\WiseFixer\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-06 18:30:19
Windows 6.0.6002 Service Pack 2 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

Synes godt om

f-arn Guru

06. oktober 2012 - 22:42 #45

Du skal ikke køre den igen, men jeg vil gerne se resten af loggen.

Hvordan kører PCen nu ?

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Firewalls kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Fejlmeddelse i Easy Firewall Af cyperbent i Firewalls	22	21/01/202418:54	08/03/202415:31
Abelssoft EasyFirewall Af valby i Firewalls	9	12/10/202319:21	13/10/202319:17
Firewals og antivirus med videre Af mogens8000 i Firewalls	4	24/06/202213:54	24/06/202215:30
Din internetadgang er blokeret Af sigyn i Firewalls	1	04/01/202218:04	04/01/202220:25
Den afsatte tid til at gennemføre dit køb, er desværre udløbet. Men dit produkt er sandsynligvis stadig tilgængeligt i sortimentet. Forsøg gerne igen" Af gh0stry i Firewalls	3	25/09/202114:52	25/09/202120:39

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS