Spywarefri Forum | Meget langsom pc.

1 af 2

Meget langsom pc.

[ Ignorer ] ziahan
23.04.2012 11:42:00 Antal indlæg: 15	Min bærbare pc kører ekstremt langsomt. Den mister forbindelsen til websiderne. Viser “Internet explorer svarer ikke”. Jeg har fulgt anvisningerne, som man skal, inden indsendelse af indlæg. Jeg har Kaspersky internet security som beskyttelse.
[ Ignorer ] [ # 1 ] Magic Spyhunter
23.04.2012 14:35:45 Administrator Supporter Emeritus Antal indlæg: 32085	Hej og velkommen Hent DDS og gem programmet på dit Skrivebord: Her Dobbeltklik på DDS.scr og tillad programmet at køre. Når programmet er færdig vil det åbne to logs/tekst-filer. Gem begge filer på dit Skrivebord og kopier indholdet af txt filerne herind i dit næste indlæg. Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg. Signatur Sund Computer fornuft
[ Ignorer ] [ # 2 ] ziahan
23.04.2012 16:47:05 Antal indlæg: 15	Okay! jeg forsøger: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16443 Run by Tom Jørgensen at 16:17:06 on 2012-04-23 . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\WLANExt.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\SMINST\BLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\wsqmcons.exe C:\Windows\system32\conime.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\Program Files\Secunia\PSI\PSI_TRAY.exe C:\Program Files\Secunia\PSI\sua.exe C:\Program Files\Secunia\PSI\sua.exe C:\Program Files\Secunia\PSI\sua.exe C:\Users\Tom Jørgensen\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k swprv . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.dk/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Presario&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Presario&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Presario&pf=cnnb mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ievkbd.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll BHO: Hjælp til tilmelding til Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - “c:\program files\microsoft\bingbar\BingExt.dll” BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - “c:\program files\microsoft\bingbar\BingExt.dll” TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [swg] “c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe” mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [UCam_Menu] “c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe” “c:\program files\cyberlink\youcam” update “software\cyberlink\youcam\2.0” mRun: [QPService] “c:\program files\hp\quickplay\QPService.exe” mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [GrooveMonitor] “c:\program files\microsoft office\office12\GrooveMonitor.exe” mRun: [AVP] “c:\program files\kaspersky lab\kaspersky anti-virus 2011\avp.exe” mRun: [iTunesHelper] “c:\program files\itunes\iTunesHelper.exe” mRun: [SunJavaUpdateSched] “c:\program files\common files\java\java update\jusched.exe” mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Adobe Reader Speed Launcher] “c:\program files\adobe\reader 8.0\reader\Reader_sl.exe” mRun: [Adobe ARM] “c:\program files\common files\adobe\arm\1.0\AdobeARM.exe” mRun: [QuickTime Task] “c:\program files\quicktime\QTTask.exe” -atboottime mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&ksporter; til Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Føj til Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 2011\ie_banner_deny.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2011\klwtbbho.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{09490DEF-59C4-423A-AB8A-1DCC01D79B32} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{3C8A6AFF-D2EF-4E87-887B-2FE9ABCE9287} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - “c:\program files\common files\lightscribe\LSRunOnce.exe” mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe . ============= SERVICES / DRIVERS =============== . R? BBSvc;Bing Bar Update Service R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? fssfltr;fssfltr R? fsssvc;Windows Live-tjenesten Family Safety R? gupdate;Tjenesten Google Update (gupdate) R? gupdatem;Google Update Tjeneste (gupdatem) R? USBAAPL;Apple Mobile USB Driver R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 S? !SASCORE;SAS Core Service S? AVP;Kaspersky Anti-Virus-service S? BBUpdate;BBUpdate S? Com4QLBEx;Com4QLBEx S? ezSharedSvc;Easybits Shared Services for Windows S? FontCache;Tjenesten Windows-skrifttypecache S? kl2;kl2 S? KLIM6;Kaspersky Anti-Virus NDIS 6 Filter S? klmouflt;Kaspersky Lab KLMOUFLT S? NVHDA;Service for NVIDIA High Definition Audio Driver S? PSI;PSI S? Recovery Service for Windows;Recovery Service for Windows S? SASDIFSV;SASDIFSV S? SASKUTIL;SASKUTIL S? Secunia PSI Agent;Secunia PSI Agent S? Secunia Update Agent;Secunia Update Agent . =============== Created Last 30 ================ . 2012-04-23 11:35:49 ———— d——-w- c:\users\tom jørgensen\appdata\roaming\HpUpdate 2012-04-23 06:05:49 56200 ——a-w- c:\programdata\microsoft\windows defender\definition updates\{d30babe6-df98-41f4-8981-a51cb2873d69}\offreg.dll 2012-04-23 05:41:55 6734704 ——a-w- c:\programdata\microsoft\windows defender\definition updates\{d30babe6-df98-41f4-8981-a51cb2873d69}\mpengine.dll 2012-04-18 08:43:12 159744 ——a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2012-04-18 08:43:12 159744 ——a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2012-04-18 08:43:12 159744 ——a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2012-04-18 08:43:12 159744 ——a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2012-04-18 08:43:12 159744 ——a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2012-04-18 08:43:12 159744 ——a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2012-04-18 08:43:12 159744 ——a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2012-04-17 12:43:47 ———— d——-w- c:\users\tom jørgensen\appdata\roaming\Macromedia 2012-04-17 12:42:57 ———— d——-w- c:\users\tom jørgensen\appdata\roaming\Adobe 2012-04-17 12:42:15 ———— d——-w- c:\users\tom jørgensen\appdata\roaming\Google 2012-04-17 12:23:54 ———— d——-r- c:\users\tom jørgensen\Searches 2012-04-17 12:23:17 ———— d——-w- c:\users\tom jørgensen\appdata\roaming\Identities 2012-04-17 12:23:10 ———— d——-r- c:\users\tom jørgensen\Contacts 2012-04-16 20:50:42 ———— d——-w- c:\windows\Hewlett-Packard 2012-04-13 19:48:48 404640 ——a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-13 19:44:39 ———— d——-w- c:\windows\system32\Adobe 2012-04-13 19:25:44 ———— d——-w- c:\program files\Secunia 2012-04-13 16:01:14 876032 ——a-w- c:\windows\system32\XpsPrint.dll 2012-04-13 16:01:10 683008 ——a-w- c:\windows\system32\d2d1.dll 2012-04-13 16:01:10 219648 ——a-w- c:\windows\system32\d3d10_1core.dll 2012-04-13 16:01:10 160768 ——a-w- c:\windows\system32\d3d10_1.dll 2012-04-13 16:01:10 1172480 ——a-w- c:\windows\system32\d3d10warp.dll 2012-04-13 16:01:10 1068544 ——a-w- c:\windows\system32\DWrite.dll 2012-04-13 04:35:19 ———— d——-w- c:\program files\Windows Portable Devices 2012-04-12 20:32:35 92672 ——a-w- c:\windows\system32\UIAnimation.dll 2012-04-12 20:32:34 1164800 ——a-w- c:\windows\system32\UIRibbonRes.dll 2012-04-12 20:32:33 3023360 ——a-w- c:\windows\system32\UIRibbon.dll 2012-04-12 20:26:40 369664 ——a-w- c:\windows\system32\WMPhoto.dll 2012-04-12 20:26:37 189440 ——a-w- c:\windows\system32\WindowsCodecsExt.dll 2012-04-12 20:26:36 974848 ——a-w- c:\windows\system32\WindowsCodecs.dll 2012-04-12 20:26:36 321024 ——a-w- c:\windows\system32\PhotoMetadataHandler.dll 2012-04-12 20:26:36 252928 ——a-w- c:\windows\system32\dxdiag.exe 2012-04-12 20:26:36 195584 ——a-w- c:\windows\system32\dxdiagn.dll 2012-04-12 20:26:35 519680 ——a-w- c:\windows\system32\d3d11.dll 2012-04-12 20:03:59 5120 ——a-w- c:\windows\system32\wmi.dll 2012-04-12 20:03:59 172032 ——a-w- c:\windows\system32\wintrust.dll 2012-04-12 20:03:59 157696 ——a-w- c:\windows\system32\imagehlp.dll 2012-04-12 20:03:59 12800 ——a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 19:55:09 3602816 ——a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-12 19:55:09 3550080 ——a-w- c:\windows\system32\ntoskrnl.exe 2012-04-12 16:13:45 797696 ——a-w- c:\windows\system32\FntCache.dll 2012-04-12 16:13:45 1029120 ——a-w- c:\windows\system32\d3d10.dll 2012-04-12 16:13:44 486400 ——a-w- c:\windows\system32\d3d10level9.dll 2012-04-12 16:13:44 189952 ——a-w- c:\windows\system32\d3d10core.dll 2012-04-12 16:13:44 1554432 ——a-w- c:\windows\system32\xpsservices.dll 2012-04-12 16:13:43 847360 ——a-w- c:\windows\system32\OpcServices.dll 2012-04-12 16:13:43 288768 ——a-w- c:\windows\system32\XpsGdiConverter.dll 2012-04-12 16:13:12 2409784 ——a-w- c:\program files\windows mail\OESpamFilter.dat 2012-04-12 16:10:45 680448 ——a-w- c:\windows\system32\msvcrt.dll 2012-04-12 16:10:42 905088 ——a-w- c:\windows\system32\drivers\tcpip.sys 2012-04-12 16:10:39 49152 ——a-w- c:\windows\system32\csrsrv.dll 2012-04-12 16:10:36 23552 ——a-w- c:\windows\system32\mciseq.dll 2012-04-12 16:10:36 189952 ——a-w- c:\windows\system32\winmm.dll 2012-04-12 16:10:33 1205064 ——a-w- c:\windows\system32\ntdll.dll 2012-04-12 16:10:28 429056 ——a-w- c:\windows\system32\EncDec.dll 2012-04-12 16:10:25 376320 ——a-w- c:\windows\system32\winsrv.dll 2012-04-12 16:10:22 2044416 ——a-w- c:\windows\system32\win32k.sys 2012-04-12 16:10:20 66560 ——a-w- c:\windows\system32\packager.dll 2012-04-12 16:10:18 6144 ——a-w- c:\program files\internet explorer\iecompat.dll 2012-04-12 16:02:28 231424 ——a-w- c:\windows\system32\msshsq.dll 2012-04-12 06:00:13 613376 ——a-w- c:\windows\system32\rdpencom.dll 2012-04-12 06:00:13 180736 ——a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-11 21:11:54 ———— d——-w- c:\windows\system32\eu-ES 2012-04-11 21:11:54 ———— d——-w- c:\windows\system32\ca-ES 2012-04-11 21:11:51 ———— d——-w- c:\windows\system32\vi-VN 2012-04-11 17:25:46 ———— d——-w- c:\windows\system32\EventProviders 2012-04-10 17:38:22 ———— d——-w- c:\programdata\SUPERAntiSpyware.com 2012-04-10 17:38:22 ———— d——-w- c:\program files\SUPERAntiSpyware 2012-04-09 19:37:53 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-04-09 19:37:51 ———— d——-w- c:\programdata\Malwarebytes 2012-04-09 19:37:50 20952 ——a-w- c:\windows\system32\drivers\mbam.sys 2012-04-09 19:37:50 ———— d——-w- c:\program files\Malwarebytes’ Anti-Malware . ==================== Find3M ==================== . 2012-02-23 08:18:36 237072 ———w- c:\windows\system32\MpSigStub.exe 2012-02-17 20:21:59 472808 ——a-w- c:\windows\system32\deployJava1.dll 2012-02-07 09:02:40 1070352 ——a-w- c:\windows\system32\MSCOMCTL.OCX . ============= FINISH: 16:37:06,82 ===============
[ Ignorer ] [ # 3 ] Magic Spyhunter
24.04.2012 16:58:46 Administrator Supporter Emeritus Antal indlæg: 32085	Hent Combofix, og gem den på dit skrivebord: Her NB -> Deaktiver dit antivirus/antispyware program. Da det/de kan ”forstyrre” og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse. Kør så combofix.exe, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt Indholdet af denne fil må du gerne lægge herind. Den kan også findes her - > C: combofix txt Signatur Sund Computer fornuft
[ Ignorer ] [ # 4 ] ziahan
24.04.2012 20:37:06 Antal indlæg: 15	Her kommer den: ComboFix 12-04-24.02 - Tom Jørgensen 24-04-2012 17:14:19.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.2814.1345 [GMT 2:00] Kører fra: c:\users\Tom J°rgensen\Desktop\ComboFix.exe AV: Kaspersky Internet Security Disabled/Updated {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky Internet Security Disabled {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky Internet Security Disabled/Updated {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((( Filer skabt fra 2012-03-24 til 2012-04-24 ))))))))))))))))))))))))))))))))))) . . 2012-04-24 15:33 . 2012-04-24 15:33 ———— d——-w- c:\users\Zia (L)\AppData\Local\temp 2012-04-24 15:33 . 2012-04-24 15:33 ———— d——-w- c:\users\Default\AppData\Local\temp 2012-04-24 06:20 . 2012-04-13 07:36 6734704 ——a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{766FA7A0-17AC-4EB4-B5AF-BA23FCEC84B1}\mpengine.dll 2012-04-18 08:43 . 2012-04-18 08:43 159744 ——a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-04-18 08:43 . 2012-04-18 08:43 159744 ——a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-04-18 08:43 . 2012-04-18 08:43 159744 ——a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-04-18 08:43 . 2012-04-18 08:43 159744 ——a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-04-18 08:43 . 2012-04-18 08:43 159744 ——a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-04-18 08:43 . 2012-04-18 08:43 159744 ——a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-04-18 08:43 . 2012-04-18 08:43 159744 ——a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-04-18 08:39 . 2012-04-18 08:43 ———— d——-w- c:\program files\QuickTime 2012-04-17 12:20 . 2012-04-18 09:19 ———— d——-w- c:\users\Tom Jørgensen 2012-04-16 20:51 . 2012-04-16 20:59 ———— d——-w- c:\users\Zia (L)\AppData\Roaming\HpUpdate 2012-04-16 20:50 . 2012-04-16 20:50 ———— d——-w- c:\windows\Hewlett-Packard 2012-04-13 19:48 . 2012-04-13 19:48 404640 ——a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-13 19:44 . 2012-04-13 19:44 ———— d——-w- c:\windows\system32\Adobe 2012-04-13 19:28 . 2012-04-13 19:28 ———— d——-w- c:\users\Zia (L)\AppData\Local\Secunia PSI (BETA) 2012-04-13 19:25 . 2012-04-13 19:25 ———— d——-w- c:\program files\Secunia 2012-04-13 16:01 . 2011-03-12 21:55 876032 ——a-w- c:\windows\system32\XpsPrint.dll 2012-04-13 16:01 . 2012-02-14 15:45 219648 ——a-w- c:\windows\system32\d3d10_1core.dll 2012-04-13 16:01 . 2012-02-14 15:45 160768 ——a-w- c:\windows\system32\d3d10_1.dll 2012-04-13 16:01 . 2012-02-13 14:12 1172480 ——a-w- c:\windows\system32\d3d10warp.dll 2012-04-13 16:01 . 2012-02-13 13:47 683008 ——a-w- c:\windows\system32\d2d1.dll 2012-04-13 16:01 . 2012-02-13 13:44 1068544 ——a-w- c:\windows\system32\DWrite.dll 2012-04-13 04:35 . 2012-04-13 04:35 ———— d——-w- c:\program files\Windows Portable Devices 2012-04-12 20:32 . 2009-09-10 02:00 92672 ——a-w- c:\windows\system32\UIAnimation.dll 2012-04-12 20:32 . 2009-09-10 02:00 1164800 ——a-w- c:\windows\system32\UIRibbonRes.dll 2012-04-12 20:32 . 2009-09-10 02:01 3023360 ——a-w- c:\windows\system32\UIRibbon.dll 2012-04-12 20:26 . 2009-09-25 01:33 369664 ——a-w- c:\windows\system32\WMPhoto.dll 2012-04-12 20:26 . 2009-09-25 02:07 189440 ——a-w- c:\windows\system32\WindowsCodecsExt.dll 2012-04-12 20:26 . 2009-09-25 02:10 974848 ——a-w- c:\windows\system32\WindowsCodecs.dll 2012-04-12 20:26 . 2009-09-25 02:04 321024 ——a-w- c:\windows\system32\PhotoMetadataHandler.dll 2012-04-12 20:26 . 2009-09-25 01:33 195584 ——a-w- c:\windows\system32\dxdiagn.dll 2012-04-12 20:26 . 2009-09-25 01:32 252928 ——a-w- c:\windows\system32\dxdiag.exe 2012-04-12 20:26 . 2009-09-25 01:31 519680 ——a-w- c:\windows\system32\d3d11.dll 2012-04-12 20:03 . 2012-02-29 15:11 5120 ——a-w- c:\windows\system32\wmi.dll 2012-04-12 20:03 . 2012-02-29 15:11 172032 ——a-w- c:\windows\system32\wintrust.dll 2012-04-12 20:03 . 2012-02-29 15:09 157696 ——a-w- c:\windows\system32\imagehlp.dll 2012-04-12 20:03 . 2012-02-29 13:32 12800 ——a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 19:55 . 2012-03-06 06:39 3602816 ——a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-12 19:55 . 2012-03-06 06:39 3550080 ——a-w- c:\windows\system32\ntoskrnl.exe 2012-04-12 16:13 . 2011-02-22 13:33 797696 ——a-w- c:\windows\system32\FntCache.dll 2012-04-12 16:13 . 2011-01-20 16:08 1029120 ——a-w- c:\windows\system32\d3d10.dll 2012-04-12 16:13 . 2011-01-20 16:08 189952 ——a-w- c:\windows\system32\d3d10core.dll 2012-04-12 16:13 . 2011-01-20 14:28 1554432 ——a-w- c:\windows\system32\xpsservices.dll 2012-04-12 16:13 . 2011-01-20 14:11 486400 ——a-w- c:\windows\system32\d3d10level9.dll 2012-04-12 16:13 . 2011-02-22 14:13 288768 ——a-w- c:\windows\system32\XpsGdiConverter.dll 2012-04-12 16:13 . 2011-01-20 14:25 847360 ——a-w- c:\windows\system32\OpcServices.dll 2012-04-12 16:13 . 2012-03-01 11:01 2409784 ——a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-04-12 16:10 . 2011-12-14 16:17 680448 ——a-w- c:\windows\system32\msvcrt.dll 2012-04-12 16:10 . 2011-09-20 21:02 905088 ——a-w- c:\windows\system32\drivers\tcpip.sys 2012-04-12 16:10 . 2011-10-25 15:56 49152 ——a-w- c:\windows\system32\csrsrv.dll 2012-04-12 16:10 . 2011-10-14 16:03 189952 ——a-w- c:\windows\system32\winmm.dll 2012-04-12 16:10 . 2011-10-14 16:00 23552 ——a-w- c:\windows\system32\mciseq.dll 2012-04-12 16:10 . 2011-11-18 20:23 1205064 ——a-w- c:\windows\system32\ntdll.dll 2012-04-12 16:10 . 2011-10-14 16:02 429056 ——a-w- c:\windows\system32\EncDec.dll 2012-04-12 16:10 . 2011-11-25 15:59 376320 ——a-w- c:\windows\system32\winsrv.dll 2012-04-12 16:10 . 2012-02-02 15:16 2044416 ——a-w- c:\windows\system32\win32k.sys 2012-04-12 16:10 . 2011-11-18 17:47 66560 ——a-w- c:\windows\system32\packager.dll 2012-04-12 16:10 . 2011-08-13 04:43 6144 ——a-w- c:\program files\Internet Explorer\iecompat.dll 2012-04-12 16:02 . 2010-05-04 19:13 231424 ——a-w- c:\windows\system32\msshsq.dll 2012-04-12 06:00 . 2012-01-09 15:54 613376 ——a-w- c:\windows\system32\rdpencom.dll 2012-04-12 06:00 . 2012-01-09 13:58 180736 ——a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-11 21:11 . 2012-04-11 21:13 ———— d——-w- c:\windows\system32\ca-ES 2012-04-11 21:11 . 2012-04-11 21:13 ———— d——-w- c:\windows\system32\eu-ES 2012-04-11 21:11 . 2012-04-11 21:13 ———— d——-w- c:\windows\system32\vi-VN 2012-04-11 17:25 . 2012-04-11 17:25 ———— d——-w- c:\windows\system32\EventProviders 2012-04-10 17:39 . 2012-04-10 17:39 ———— d——-w- c:\users\Zia (L)\AppData\Roaming\SUPERAntiSpyware.com 2012-04-10 17:38 . 2012-04-10 17:39 ———— d——-w- c:\program files\SUPERAntiSpyware 2012-04-10 17:38 . 2012-04-10 17:38 ———— d——-w- c:\programdata\SUPERAntiSpyware.com 2012-04-09 19:45 . 2012-04-09 19:45 ———— d——-w- c:\users\Zia (L)\AppData\Roaming\Malwarebytes 2012-04-09 19:37 . 2010-04-29 13:39 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-04-09 19:37 . 2012-04-09 19:37 ———— d——-w- c:\programdata\Malwarebytes 2012-04-09 19:37 . 2012-04-09 19:38 ———— d——-w- c:\program files\Malwarebytes’ Anti-Malware 2012-04-09 19:37 . 2010-04-29 13:39 20952 ——a-w- c:\windows\system32\drivers\mbam.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-24 14:51 . 2009-08-18 09:30 564632 ——a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2012-04-24 14:51 . 2009-08-18 09:24 19352 ——a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-02-23 08:18 . 2009-10-24 15:54 237072 ———w- c:\windows\system32\MpSigStub.exe 2012-02-17 20:21 . 2010-07-30 08:07 472808 ——a-w- c:\windows\system32\deployJava1.dll 2012-02-07 09:02 . 2012-02-07 09:02 1070352 ——a-w- c:\windows\system32\MSCOMCTL.OCX . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 14:54 175912 ——a-w- c:\program files\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-01-17 14:54 175912 ——a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{872b5b88-9db5-4310-bdd0-ac189557e5f5}”= “c:\program files\DVDVideoSoftTB\prxtbDVDV.dll” [2011-01-17 175912] “{30F9B915-B755-4826-820B-08FBA6BD249D}”= “c:\program files\ConduitEngine\prxConduitEngine.dll” [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] “{872B5B88-9DB5-4310-BDD0-AC189557E5F5}”= “c:\program files\DVDVideoSoftTB\prxtbDVDV.dll” [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-04-11 1233920] “WindowsWelcomeCenter”=“oobefldr.dll” [2009-04-11 2153472] “LightScribe Control Panel”=“c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe” [2008-02-26 2289664] “swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2010-03-25 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2008-04-17 1049896] “UCam_Menu”=“c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” [2007-12-24 222504] “QPService”=“c:\program files\HP\QuickPlay\QPService.exe” [2008-06-12 468264] “QlbCtrl.exe”=“c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2008-03-14 202032] “HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe” [2008-04-15 70912] “hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2008-04-15 488752] “GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2009-02-26 30040] “iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2011-12-08 421736] “SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2012-01-18 254696] “HP Software Update”=“c:\program files\Hp\HP Software Update\HPWuSchd2.exe” [2011-05-10 49208] “Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2011-08-31 40368] “Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2011-03-29 937920] “QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2011-10-24 421888] . c:\users\Zia (L)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-3-30 562232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “EnableUIADesktopToggle”= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ——a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @=”“ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @=“Driver” . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] “DisableMonitoring”=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] “DisableMonitoring”=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] “DisableMonitoring”=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] “DisableMonitoring”=dword:00000001 . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-02-26 21:06 451872 ——a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}] 2010-02-16 17:02 114688 ——a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Indhold af mappen ‘Planlagte Opgaver’ . 2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 16:29] . 2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 16:29] . 2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067062934-1700640529-938716030-1000Core.job - c:\users\Zia (L)\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 08:44] . 2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067062934-1700640529-938716030-1000UA.job - c:\users\Zia (L)\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 08:44] . . ———- Yderligere scanning———- . uStart Page = hxxp://www.google.dk/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Presario&pf=cnnb IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Føj til Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-24 17:34 Windows 6.0.6002 Service Pack 2 NTFS . scanner skjulte processer ... . scanner skjulte autostarter ... . scanner skjulte filer ... . scanning gennemført med succes skjulte filer: 0 . ************************************************************************ . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) “BlindDial”=dword:00000000 . Gennemført tid: 2012-04-24 17:40:34 ComboFix-quarantined-files.txt 2012-04-24 15:40 . Pre-Kørsel: 156.768.182.272 byte ledig Post-Kørsel: 156.888.334.336 byte ledig . - - End Of File - - 1FAD9DD4B3208D445AD47B526D3A0DF1
[ Ignorer ] [ # 5 ] Magic Spyhunter
25.04.2012 08:08:02 Administrator Supporter Emeritus Antal indlæg: 32085	Kopiér indholdet mellem de bølgede linier ind i et notepad/notesblok-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript. ~~~~~~~~~~~~~~~~~~~~~~~~~~ Snapshot:: Folder:: c:\program files\ConduitEngine Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] “DisableMonitoring”=- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] “DisableMonitoring”=- ClearJavaCache:: ~~~~~~~~~~~~~~~~~~~~~~~~~~ Tag så fat i den CFScript filen med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen, som vist her -> http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Send så en ny combofix log herind. Den kan findes her - C:\combofix Signatur Sund Computer fornuft
[ Ignorer ] [ # 6 ] ziahan
25.04.2012 11:25:07 Antal indlæg: 15	Den kører stadig langsomt! Men her er den ye log: ComboFix 12-04-24.02 - Tom Jørgensen 25-04-2012 10:22:40.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.2814.1486 [GMT 2:00] Kører fra: c:\users\Tom Jørgensen\Desktop\ComboFix.exe Kommandoer benyttet :: c:\users\Tom Jørgensen\Desktop\CFScript..txt AV: Kaspersky Internet Security Disabled/Updated {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky Internet Security Disabled {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky Internet Security Disabled/Updated {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\ConduitEngine c:\program files\ConduitEngine\appContextMenu.xml c:\program files\ConduitEngine\ConduitEngine.dll c:\program files\ConduitEngine\ConduitEngineHelper.exe c:\program files\ConduitEngine\ConduitEngineUninstall.exe c:\program files\ConduitEngine\engineContextMenu.xml c:\program files\ConduitEngine\EngineSettings.json c:\program files\ConduitEngine\INSTALL.LOG c:\program files\ConduitEngine\prxConduitEngine.dll c:\program files\ConduitEngine\toolbar.cfg . . ((((((((((((((((((((((((((((( Filer skabt fra 2012-03-25 til 2012-04-25 ))))))))))))))))))))))))))))))))))) . . 2012-04-25 08:41 . 2012-04-25 08:41 ———— d——-w- c:\users\Zia (L)\AppData\Local\temp 2012-04-25 08:41 . 2012-04-25 08:41 ———— d——-w- c:\users\Default\AppData\Local\temp 2012-04-24 06:20 . 2012-04-13 07:36 6734704 ——a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{766FA7A0-17AC-4EB4-B5AF-BA23FCEC84B1}\mpengine.dll 2012-04-18 08:43 . 2012-04-18 08:43 159744 ——a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-04-18 08:43 . 2012-04-18 08:43 159744 ——a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-04-18 08:43 . 2012-04-18 08:43 159744 ——a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-04-18 08:43 . 2012-04-18 08:43 159744 ——a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-04-18 08:43 . 2012-04-18 08:43 159744 ——a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-04-18 08:43 . 2012-04-18 08:43 159744 ——a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-04-18 08:43 . 2012-04-18 08:43 159744 ——a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-04-18 08:39 . 2012-04-18 08:43 ———— d——-w- c:\program files\QuickTime 2012-04-17 12:20 . 2012-04-18 09:19 ———— d——-w- c:\users\Tom Jørgensen 2012-04-16 20:51 . 2012-04-16 20:59 ———— d——-w- c:\users\Zia (L)\AppData\Roaming\HpUpdate 2012-04-16 20:50 . 2012-04-16 20:50 ———— d——-w- c:\windows\Hewlett-Packard 2012-04-13 19:48 . 2012-04-13 19:48 404640 ——a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-13 19:44 . 2012-04-13 19:44 ———— d——-w- c:\windows\system32\Adobe 2012-04-13 19:28 . 2012-04-13 19:28 ———— d——-w- c:\users\Zia (L)\AppData\Local\Secunia PSI (BETA) 2012-04-13 19:25 . 2012-04-13 19:25 ———— d——-w- c:\program files\Secunia 2012-04-13 16:01 . 2011-03-12 21:55 876032 ——a-w- c:\windows\system32\XpsPrint.dll 2012-04-13 16:01 . 2012-02-14 15:45 219648 ——a-w- c:\windows\system32\d3d10_1core.dll 2012-04-13 16:01 . 2012-02-14 15:45 160768 ——a-w- c:\windows\system32\d3d10_1.dll 2012-04-13 16:01 . 2012-02-13 14:12 1172480 ——a-w- c:\windows\system32\d3d10warp.dll 2012-04-13 16:01 . 2012-02-13 13:47 683008 ——a-w- c:\windows\system32\d2d1.dll 2012-04-13 16:01 . 2012-02-13 13:44 1068544 ——a-w- c:\windows\system32\DWrite.dll 2012-04-13 04:35 . 2012-04-13 04:35 ———— d——-w- c:\program files\Windows Portable Devices 2012-04-12 20:32 . 2009-09-10 02:00 92672 ——a-w- c:\windows\system32\UIAnimation.dll 2012-04-12 20:32 . 2009-09-10 02:00 1164800 ——a-w- c:\windows\system32\UIRibbonRes.dll 2012-04-12 20:32 . 2009-09-10 02:01 3023360 ——a-w- c:\windows\system32\UIRibbon.dll 2012-04-12 20:26 . 2009-09-25 01:33 369664 ——a-w- c:\windows\system32\WMPhoto.dll 2012-04-12 20:26 . 2009-09-25 02:07 189440 ——a-w- c:\windows\system32\WindowsCodecsExt.dll 2012-04-12 20:26 . 2009-09-25 02:10 974848 ——a-w- c:\windows\system32\WindowsCodecs.dll 2012-04-12 20:26 . 2009-09-25 02:04 321024 ——a-w- c:\windows\system32\PhotoMetadataHandler.dll 2012-04-12 20:26 . 2009-09-25 01:33 195584 ——a-w- c:\windows\system32\dxdiagn.dll 2012-04-12 20:26 . 2009-09-25 01:32 252928 ——a-w- c:\windows\system32\dxdiag.exe 2012-04-12 20:26 . 2009-09-25 01:31 519680 ——a-w- c:\windows\system32\d3d11.dll 2012-04-12 20:03 . 2012-02-29 15:11 5120 ——a-w- c:\windows\system32\wmi.dll 2012-04-12 20:03 . 2012-02-29 15:11 172032 ——a-w- c:\windows\system32\wintrust.dll 2012-04-12 20:03 . 2012-02-29 15:09 157696 ——a-w- c:\windows\system32\imagehlp.dll 2012-04-12 20:03 . 2012-02-29 13:32 12800 ——a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 19:55 . 2012-03-06 06:39 3602816 ——a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-12 19:55 . 2012-03-06 06:39 3550080 ——a-w- c:\windows\system32\ntoskrnl.exe 2012-04-12 16:13 . 2011-02-22 13:33 797696 ——a-w- c:\windows\system32\FntCache.dll 2012-04-12 16:13 . 2011-01-20 16:08 1029120 ——a-w- c:\windows\system32\d3d10.dll 2012-04-12 16:13 . 2011-01-20 16:08 189952 ——a-w- c:\windows\system32\d3d10core.dll 2012-04-12 16:13 . 2011-01-20 14:28 1554432 ——a-w- c:\windows\system32\xpsservices.dll 2012-04-12 16:13 . 2011-01-20 14:11 486400 ——a-w- c:\windows\system32\d3d10level9.dll 2012-04-12 16:13 . 2011-02-22 14:13 288768 ——a-w- c:\windows\system32\XpsGdiConverter.dll 2012-04-12 16:13 . 2011-01-20 14:25 847360 ——a-w- c:\windows\system32\OpcServices.dll 2012-04-12 16:13 . 2012-03-01 11:01 2409784 ——a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-04-12 16:10 . 2011-12-14 16:17 680448 ——a-w- c:\windows\system32\msvcrt.dll 2012-04-12 16:10 . 2011-09-20 21:02 905088 ——a-w- c:\windows\system32\drivers\tcpip.sys 2012-04-12 16:10 . 2011-10-25 15:56 49152 ——a-w- c:\windows\system32\csrsrv.dll 2012-04-12 16:10 . 2011-10-14 16:03 189952 ——a-w- c:\windows\system32\winmm.dll 2012-04-12 16:10 . 2011-10-14 16:00 23552 ——a-w- c:\windows\system32\mciseq.dll 2012-04-12 16:10 . 2011-11-18 20:23 1205064 ——a-w- c:\windows\system32\ntdll.dll 2012-04-12 16:10 . 2011-10-14 16:02 429056 ——a-w- c:\windows\system32\EncDec.dll 2012-04-12 16:10 . 2011-11-25 15:59 376320 ——a-w- c:\windows\system32\winsrv.dll 2012-04-12 16:10 . 2012-02-02 15:16 2044416 ——a-w- c:\windows\system32\win32k.sys 2012-04-12 16:10 . 2011-11-18 17:47 66560 ——a-w- c:\windows\system32\packager.dll 2012-04-12 16:10 . 2011-08-13 04:43 6144 ——a-w- c:\program files\Internet Explorer\iecompat.dll 2012-04-12 16:02 . 2010-05-04 19:13 231424 ——a-w- c:\windows\system32\msshsq.dll 2012-04-12 06:00 . 2012-01-09 15:54 613376 ——a-w- c:\windows\system32\rdpencom.dll 2012-04-12 06:00 . 2012-01-09 13:58 180736 ——a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-11 21:11 . 2012-04-11 21:13 ———— d——-w- c:\windows\system32\ca-ES 2012-04-11 21:11 . 2012-04-11 21:13 ———— d——-w- c:\windows\system32\eu-ES 2012-04-11 21:11 . 2012-04-11 21:13 ———— d——-w- c:\windows\system32\vi-VN 2012-04-11 17:25 . 2012-04-11 17:25 ———— d——-w- c:\windows\system32\EventProviders 2012-04-10 17:39 . 2012-04-10 17:39 ———— d——-w- c:\users\Zia (L)\AppData\Roaming\SUPERAntiSpyware.com 2012-04-10 17:38 . 2012-04-10 17:39 ———— d——-w- c:\program files\SUPERAntiSpyware 2012-04-10 17:38 . 2012-04-10 17:38 ———— d——-w- c:\programdata\SUPERAntiSpyware.com 2012-04-09 19:45 . 2012-04-09 19:45 ———— d——-w- c:\users\Zia (L)\AppData\Roaming\Malwarebytes 2012-04-09 19:37 . 2010-04-29 13:39 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-04-09 19:37 . 2012-04-09 19:37 ———— d——-w- c:\programdata\Malwarebytes 2012-04-09 19:37 . 2012-04-09 19:38 ———— d——-w- c:\program files\Malwarebytes’ Anti-Malware 2012-04-09 19:37 . 2010-04-29 13:39 20952 ——a-w- c:\windows\system32\drivers\mbam.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-24 14:51 . 2009-08-18 09:30 564632 ——a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2012-04-24 14:51 . 2009-08-18 09:24 19352 ——a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-02-23 08:18 . 2009-10-24 15:54 237072 ———w- c:\windows\system32\MpSigStub.exe 2012-02-17 20:21 . 2010-07-30 08:07 472808 ——a-w- c:\windows\system32\deployJava1.dll 2012-02-07 09:02 . 2012-02-07 09:02 1070352 ——a-w- c:\windows\system32\MSCOMCTL.OCX . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-01-17 14:54 175912 ——a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{872b5b88-9db5-4310-bdd0-ac189557e5f5}”= “c:\program files\DVDVideoSoftTB\prxtbDVDV.dll” [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] “{872B5B88-9DB5-4310-BDD0-AC189557E5F5}”= “c:\program files\DVDVideoSoftTB\prxtbDVDV.dll” [2011-01-17 175912] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-04-11 1233920] “WindowsWelcomeCenter”=“oobefldr.dll” [2009-04-11 2153472] “LightScribe Control Panel”=“c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe” [2008-02-26 2289664] “swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2010-03-25 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2008-04-17 1049896] “UCam_Menu”=“c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” [2007-12-24 222504] “QPService”=“c:\program files\HP\QuickPlay\QPService.exe” [2008-06-12 468264] “QlbCtrl.exe”=“c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2008-03-14 202032] “HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe” [2008-04-15 70912] “hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2008-04-15 488752] “GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2009-02-26 30040] “iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2011-12-08 421736] “SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2012-01-18 254696] “HP Software Update”=“c:\program files\Hp\HP Software Update\HPWuSchd2.exe” [2011-05-10 49208] “Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2011-08-31 40368] “Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2011-03-29 937920] “QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2011-10-24 421888] “avp”=“c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe” [2011-08-03 352976] . c:\users\Zia (L)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\Tom Jørgensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Screen Clipper and Launcher til OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-3-30 562232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “EnableUIADesktopToggle”= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ——a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @=”“ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @=“Driver” . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] “DisableMonitoring”=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] “DisableMonitoring”=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] “DisableMonitoring”=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] “DisableMonitoring”=dword:00000001 . S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-02-26 21:06 451872 ——a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}] 2010-02-16 17:02 114688 ——a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe . Indhold af mappen ‘Planlagte Opgaver’ . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 16:29] . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 16:29] . 2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067062934-1700640529-938716030-1000Core.job - c:\users\Zia (L)\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 08:44] . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067062934-1700640529-938716030-1000UA.job - c:\users\Zia (L)\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 08:44] . . ———- Yderligere scanning———- . uStart Page = hxxp://www.google.dk/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Presario&pf=cnnb IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Føj til Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - TOMME GENVEJE FJERNET - - - - . BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-25 10:42 Windows 6.0.6002 Service Pack 2 NTFS . scanner skjulte processer ... . scanner skjulte autostarter ... . scanner skjulte filer ... . scanning gennemført med succes skjulte filer: 0 . ************************************************************************ . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) “BlindDial”=dword:00000000 . Gennemført tid: 2012-04-25 10:47:33 ComboFix-quarantined-files.txt 2012-04-25 08:47 ComboFix2.txt 2012-04-24 15:40 . Pre-Kørsel: 153.713.029.120 byte ledig Post-Kørsel: 153.753.509.888 byte ledig . - - End Of File - - 555DD4F7B77B7E70AB5DE5A79E926678
[ Ignorer ] [ # 7 ] Magic Spyhunter
25.04.2012 12:51:23 Administrator Supporter Emeritus Antal indlæg: 32085	Fint, fortæl lige hvordan tingene kører nu ? Signatur Sund Computer fornuft
[ Ignorer ] [ # 8 ] ziahan
25.04.2012 14:33:23 Antal indlæg: 15	Jeg beklager, men den kører stadig meget langsomt! Jeg har prøvet at genstarte et par gange, men det hjælper tilsyneladende ikke… Er der andet, vi kan forsøge?
[ Ignorer ] [ # 9 ] ziahan
25.04.2012 14:51:10 Antal indlæg: 15	Måske tager jeg fejl! Lige P.T ser det ud, som om, det kun er Googles startside, der gi’r problemer..
[ Ignorer ] [ # 10 ] Magic Spyhunter
25.04.2012 14:51:13 Administrator Supporter Emeritus Antal indlæg: 32085	Skammeligt Hent og installer Ccleaner: Her Klik på Download Latest Version Fjern flueben ved - Installer Yahoo toolbar Når du åbner programmet for første gang, vil der være flueben i alle felter. Hvis du ønsker at bevare cookies, kan du fjerne dette flueben. Klik på Kør Cleaner, for at få renset din computer. Du vil nu få en advarsel, om at disse filer slettes fuldstændigt fra dit system, og om du ønsker at fortsætte. Klik på Ok for at svare ja til det. Sæt flueben ved -> Vis mig ikke denne besked igen. Genstart. Opdater Malwarebytes Anti-Malware, kør en komplet scan. Hent nyeste version af HijackThis ned til skrivebordet: Her 2. Dobbeltklik på installationsfilen, og følg installationsvejledningen. 3. Dobbeltklik på det nye HijackThis ikon på skrivebordet. 4. På menuen der kommer op, klikker du på: Do a systemscan and save a logfile. 5. Efter et kort øjeblik åbner en logfil i notesblok, gem den. 5. Sådan kopieres loggen ind i et spørgsmål: Mens loggen er åben, markeres al teksten med tastekombinationen CTRL + A. For at kopiere den markerede tekst bruges tastekombinationen CTRL + C, som ”fastgør” det i udklipsholderen i Windows. Gå så ind i dit spørgsmål og klik på kommentér knappen. Her indsættes det kopierede i det hvide felt med tastekombinationen CTRL + V. Send så hijackthis loggen herind, sammen med malwarebyte loggen. Signatur Sund Computer fornuft
[ Ignorer ] [ # 11 ] ziahan
28.04.2012 12:48:19 Antal indlæg: 15	Det tog lige lidt tid, med den Malwarebytes log. Her kommer først HiJackThis loggen: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:42:27, on 28-04-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16443) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Presario&pf=cnnb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - “C:\Program Files\Microsoft\BingBar\BingExt.dll” (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - “C:\Program Files\Microsoft\BingBar\BingExt.dll” (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [UCam_Menu] “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” update “Software\CyberLink\YouCam\2.0” O4 - HKLM\..\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe” O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe” O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” O4 - HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” O4 - HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime O4 - HKLM\..\Run: [avp] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe” O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Føj til Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra ‘Tools’ menuitem: &Blog; det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: &Virtuelt; Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra ‘Tools’ menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: URL-&kontrol; - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Kaspersky Anti-Virus-service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe — End of file - 11228 bytes Og nu Malwarebytes: Malwarebytes Anti-Malware 1.61.0.1400 http://www.malwarebytes.org Database version: v2012.04.25.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16443 Tom Jørgensen :: ZIAL-PC [administrator] 25-04-2012 20:26:45 mbam-log-2012-04-25 (20-26-45).txt Skanningstype: Fuldstændig skanning Skanningsmuligheder valgt: Hukommelse \| Opstart \| Registreringsdatabasen \| Filsystem \| Heuristics/Ekstra \| Heuristics/Shuriken \| PUP \| PUM Skanningsmuligheder som er deaktiverede: P2P Objekter skannet: 484477 Tid gået: 2 dag(e), 22 minut(ter), 1 sekund(er) Hukommelses Processorer Inficeret: 0 (Ingen skadelige objekter blev fundet) Hukommelses Moduler Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabasenøgler Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabaseværdier Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabasedata Objekter Inficeret: 0 (Ingen skadelige objekter blev fundet) Inficerede Mapper: 0 (Ingen skadelige objekter blev fundet) Inficerede Filer: 0 (Ingen skadelige objekter blev fundet) (færdig)
[ Ignorer ] [ # 12 ] Magic Spyhunter
29.04.2012 14:04:21 Administrator Supporter Emeritus Antal indlæg: 32085	Hvordan ser tingene ud i dag ? Signatur Sund Computer fornuft
[ Ignorer ] [ # 13 ] ziahan
29.04.2012 22:48:36 Antal indlæg: 15	Den kører fortsat langsomt og internetsiderne svarer ikke. På denne side kører det dog o.k., men langsomt… Var der intet dårligt på HiJackThis loggen?
[ Ignorer ] [ # 14 ] Magic Spyhunter
30.04.2012 13:48:33 Administrator Supporter Emeritus Antal indlæg: 32085	Næh, det er der ikke, men lad os grave lidt dybere. Download OTL af Oldtimer, gem den på dit skrivebord: http://oldtimer.geekstogo.com/OTL.exe Luk alle åbne vinduer. Klik på OTL ikonet NB for Vista/win7, skal du højreklikke på ikonet og Kør som Administrator) for at starte programmet. Klik så på Run Scan. · Det vil give to (2) logfiler på skrivebordet, en kaldet OTL.txt, den anden vil blive navngivet Extras.txt. Husk, hvor du har gemt disse 2 filer. Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg. Signatur Sund Computer fornuft
[ Ignorer ] [ # 15 ] ziahan
01.05.2012 17:08:52 Antal indlæg: 15	OTL logfile created on: 01-05-2012 09:14:59 - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Tom Jørgensen\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16443) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 2,75 Gb Total Physical Memory \| 1,42 Gb Available Physical Memory \| 51,74% Memory free 5,70 Gb Paging File \| 4,47 Gb Available in Paging File \| 78,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 223,23 Gb Total Space \| 143,22 Gb Free Space \| 64,16% Space Free \| Partition Type: NTFS Drive D: \| 9,66 Gb Total Space \| 1,73 Gb Free Space \| 17,89% Space Free \| Partition Type: NTFS Computer Name: ZIAL-PC \| User Name: Tom Jørgensen \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-05-01 09:11:53 \| 000,595,456 \|——\| M] (OldTimer Tools)—C:\Users\Tom Jørgensen\Desktop\OTL.exe PRC - [2012-03-30 12:26:16 \| 001,295,416 \|——\| M] (Secunia)—C:\Program Files\Secunia\PSI\PSIA.exe PRC - [2012-03-30 12:26:14 \| 000,681,016 \|——\| M] (Secunia)—C:\Program Files\Secunia\PSI\sua.exe PRC - [2012-03-30 12:26:12 \| 000,562,232 \|——\| M] (Secunia)—C:\Program Files\Secunia\PSI\psi_tray.exe PRC - [2011-10-13 18:21:52 \| 000,249,648 \|——\| M] (Microsoft Corporation)—C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011-08-12 01:38:07 \| 000,116,608 \|——\| M] (SUPERAntiSpyware.com)—C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2011-08-03 16:58:50 \| 000,352,976 \|——\| M] (Kaspersky Lab ZAO)—C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe PRC - [2009-04-11 08:27:36 \| 002,926,592 \|——\| M] (Microsoft Corporation)—C:\Windows\explorer.exe PRC - [2008-04-26 10:15:26 \| 000,361,808 \|——\| M] ()—C:\Windows\SMINST\BLService.exe ========== Modules (No Company Name) ========== MOD - [2008-06-12 07:18:38 \| 000,120,216 \|——\| M] ()—C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll MOD - [2008-06-12 07:18:36 \| 000,259,480 \|——\| M] ()—C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll MOD - [2008-06-12 07:18:34 \| 000,345,384 \|——\| M] ()—C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll MOD - [2008-06-12 07:17:08 \| 000,066,856 \|——\| M] ()—C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll MOD - [2007-08-14 21:59:54 \| 006,365,184 \|——\| M] ()—C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007-07-12 21:55:52 \| 000,131,072 \|——\| M] ()—C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007-07-12 21:55:28 \| 001,581,056 \|——\| M] ()—C:\Program Files\Common Files\LightScribe\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV - [2012-03-30 12:26:16 \| 001,295,416 \|——\| M] (Secunia) [Auto \| Running]—C:\Program Files\Secunia\PSI\PSIA.exe—(Secunia PSI Agent) SRV - [2012-03-30 12:26:14 \| 000,681,016 \|——\| M] (Secunia) [Auto \| Running]—C:\Program Files\Secunia\PSI\sua.exe—(Secunia Update Agent) SRV - [2011-10-21 16:23:42 \| 000,196,176 \|——\| M] (Microsoft Corporation.) [Auto \| Stopped]—C:\Program Files\Microsoft\BingBar\BBSvc.EXE—(BBSvc) SRV - [2011-10-13 18:21:52 \| 000,249,648 \|——\| M] (Microsoft Corporation) [Auto \| Running]—C:\Program Files\Microsoft\BingBar\SeaPort.EXE—(BBUpdate) SRV - [2011-08-12 01:38:07 \| 000,116,608 \|——\| M] (SUPERAntiSpyware.com) [Auto \| Running]—C:\Program Files\SUPERAntiSpyware\SASCORE.EXE—(!SASCORE) SRV - [2011-08-03 16:58:50 \| 000,352,976 \|——\| M] (Kaspersky Lab ZAO) [Auto \| Running]—C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe—(AVP) SRV - [2008-04-26 10:15:26 \| 000,361,808 \|——\| M] () [Auto \| Running]—C:\Windows\SMINST\BLService.exe—(Recovery Service for Windows) SRV - [2008-02-03 21:00:00 \| 000,129,992 \|——\| M] (EasyBits Sofware AS) [Auto \| Running]—C:\Windows\System32\ezsvc7.dll—(ezSharedSvc) SRV - [2008-01-21 04:23:32 \| 000,272,952 \|——\| M] (Microsoft Corporation) [On_Demand \| Running]—C:\Program Files\Windows Defender\mpsvc.dll—(WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel \| On_Demand \| Stopped]—system32\DRIVERS\nwlnkfwd.sys—(NwlnkFwd) DRV - File not found [Kernel \| On_Demand \| Stopped]—system32\DRIVERS\nwlnkflt.sys—(NwlnkFlt) DRV - File not found [Kernel \| On_Demand \| Stopped]—system32\DRIVERS\ipinip.sys—(IpInIp) DRV - File not found [Kernel \| On_Demand \| Stopped]—C:\Users\TOMJRG~1\AppData\Local\Temp\catchme.sys—(catchme) DRV - [2011-12-16 16:19:54 \| 000,015,544 \|——\| M] (Secunia) [File_System \| On_Demand \| Running]—C:\Windows\System32\drivers\psi_mf.sys—(PSI) DRV - [2011-08-03 16:58:50 \| 000,488,024 \|——\| M] (Kaspersky Lab) [File_System \| System \| Running]—C:\Windows\System32\drivers\klif.sys—(KLIF) DRV - [2011-07-22 18:27:02 \| 000,012,880 \|——\| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel \| System \| Running]—C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS—(SASDIFSV) DRV - [2011-07-12 23:55:22 \| 000,067,664 \|——\| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel \| System \| Running]—C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS—(SASKUTIL) DRV - [2010-06-09 17:43:52 \| 000,011,352 \|——\| M] (Kaspersky Lab ZAO) [Kernel \| System \| Running]—C:\Windows\System32\drivers\kl2.sys—(kl2) DRV - [2010-06-09 17:43:50 \| 000,132,184 \|——\| M] (Kaspersky Lab ZAO) [Kernel \| Boot \| Running]—C:\Windows\System32\drivers\kl1.sys—(KL1) DRV - [2010-04-29 00:11:01 \| 000,037,920 \|——\| M] (RapidSolution Software AG) [Kernel \| On_Demand \| Running]—C:\Windows\System32\drivers\tbhsd.sys—(tbhsd) DRV - [2010-04-22 19:07:34 \| 000,022,104 \|——\| M] (Kaspersky Lab ZAO) [Kernel \| System \| Running]—C:\Windows\System32\drivers\klim6.sys—(KLIM6) DRV - [2009-11-02 20:27:16 \| 000,019,984 \|——\| M] (Kaspersky Lab) [Kernel \| On_Demand \| Running]—C:\Windows\System32\drivers\klmouflt.sys—(klmouflt) DRV - [2009-07-23 21:01:00 \| 009,791,072 \|——\| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\System32\drivers\nvlddmkm.sys—(nvlddmkm) DRV - [2008-06-05 18:58:42 \| 000,222,208 \|——\| M] (Conexant Systems Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\System32\drivers\CHDRT32.sys—(CnxtHdAudService) DRV - [2008-05-09 21:17:32 \| 000,043,040 \|——\| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\System32\drivers\nvhda32v.sys—(NVHDA) DRV - [2008-04-27 20:07:44 \| 000,909,824 \|——\| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\System32\drivers\athr.sys—(athr) DRV - [2008-04-25 00:51:46 \| 000,014,848 \|——\| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\System32\drivers\nvsmu.sys—(nvsmu) DRV - [2008-01-29 15:55:00 \| 001,042,464 \|——\| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\System32\drivers\nvmfdx32.sys—(NVENETFD) DRV - [2007-10-18 01:36:54 \| 000,008,704 \|——\| M] (Conexant Systems, Inc.) [Kernel \| Auto \| Running]—C:\Windows\System32\drivers\XAudio.sys—(XAudio) DRV - [2007-06-19 02:12:04 \| 000,016,768 \|——\| M] (Hewlett-Packard Development Company, L.P.) [Kernel \| On_Demand \| Running]—C:\Windows\System32\drivers\HpqKbFiltr.sys—(HpqKbFiltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Presario&pf=cnnb IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{45610B82-8EEB-4DAC-9CD0-56521DA48461}: “URL” = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1312&query;={searchTerms}&invocationType=tb50hpcnnbie7-da-dk IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9D392650-9C4C-4ABA-A301-91B2279D53A8}: “URL” = http://dk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913940 IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7&rlz=1I7MOOI_daDK372 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2011-08-03 15:25:11 \| 000,000,000 \|—-D \| M] O1 HOSTS File: ([2012-04-25 10:42:01 \| 000,000,027 \|——\| M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Føj til Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm () O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra ‘Tools’ menuitem : S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelt; Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra ‘Tools’ menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: URL-&kontrol; - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09490DEF-59C4-423A-AB8A-1DCC01D79B32}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C8A6AFF-D2EF-4E87-887B-2FE9ABCE9287}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Dots.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Dots.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 23:43:36 \| 000,000,024 \|——\| M] () - C:\autoexec.bat—[ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open]—“%1” % O35 - HKLM\..exefile [open]—“%1” %* O37 - HKLM\...com [@ = ComFile]—“%1” %* O37 - HKLM\...exe [@ = exefile]—“%1” %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012-05-01 08:24:56 \| 000,595,456 \|——\| C] (OldTimer Tools)—C:\Users\Tom Jørgensen\Desktop\OTL.exe [2012-04-28 11:34:29 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012-04-28 11:34:28 \| 000,000,000 \|—-D \| C]—C:\Program Files\Trend Micro [2012-04-25 20:17:16 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\Desktop\SWF [2012-04-25 18:56:32 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Malwarebytes [2012-04-25 16:36:20 \| 003,654,896 \|——\| C] (Piriform Ltd)—C:\Users\Tom Jørgensen\Desktop\ccsetup318.exe [2012-04-25 10:47:48 \| 000,000,000 \| -HSD \| C]—C:\$RECYCLE.BIN [2012-04-25 10:47:37 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Local\temp [2012-04-25 10:41:57 \| 000,000,000 \|—-D \| C]—C:\Windows\temp [2012-04-25 10:19:00 \| 000,060,416 \|——\| C] (NirSoft)—C:\Windows\NIRCMD.exe [2012-04-25 10:18:43 \| 000,000,000 \|—-D \| C]—C:\ComboFix [2012-04-25 09:39:15 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\Documents\OneNote-notesbøger [2012-04-24 17:09:57 \| 000,518,144 \|——\| C] (SteelWerX)—C:\Windows\SWREG.exe [2012-04-24 17:09:57 \| 000,406,528 \|——\| C] (SteelWerX)—C:\Windows\SWSC.exe [2012-04-24 17:09:38 \| 000,000,000 \|—-D \| C]—C:\Windows\ERDNT [2012-04-24 17:09:23 \| 000,000,000 \|—-D \| C]—C:\Qoobox [2012-04-24 17:07:17 \| 004,474,448 \| R—- \| C] (Swearware)—C:\Users\Tom Jørgensen\Desktop\ComboFix.exe [2012-04-23 16:13:25 \| 000,607,260 \| R—- \| C] (Swearware)—C:\Users\Tom Jørgensen\Desktop\dds.scr [2012-04-23 13:35:49 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\HpUpdate [2012-04-23 09:25:41 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Local\Secunia PSI (BETA) [2012-04-18 10:40:35 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012-04-18 10:39:55 \| 000,000,000 \|—-D \| C]—C:\Program Files\QuickTime [2012-04-18 07:37:40 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Local\Apple [2012-04-17 14:43:47 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Macromedia [2012-04-17 14:42:57 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Adobe [2012-04-17 14:42:15 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Google [2012-04-17 14:41:59 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Local\Google [2012-04-17 14:41:43 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Local\AOL [2012-04-17 14:23:54 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012-04-17 14:23:54 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\Searches [2012-04-17 14:23:54 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012-04-17 14:23:17 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Identities [2012-04-17 14:23:10 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\Contacts [2012-04-17 14:20:43 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Local\VirtualStore [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\Documents\Videoer [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\AppData\Local\Temporary Internet Files [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\Skabeloner [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\SendTo [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\Recent [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\Printere [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\AppData\Local\Oversigt [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\Documents\Musik [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\Menuen Start [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\Lokale indstillinger [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\Dokumenter [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\Cookies [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\Documents\Billeder [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\Application Data [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\AppData\Local\Application Data [2012-04-17 14:20:29 \| 000,000,000 \| -HSD \| C]—C:\Users\Tom Jørgensen\Andre computere [2012-04-17 14:20:22 \| 000,000,000 \|—SD \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Microsoft [2012-04-17 14:20:22 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\Videos [2012-04-17 14:20:22 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\Saved Games [2012-04-17 14:20:22 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\Pictures [2012-04-17 14:20:22 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\Music [2012-04-17 14:20:22 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012-04-17 14:20:22 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\Links [2012-04-17 14:20:22 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\Favorites [2012-04-17 14:20:22 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\Downloads [2012-04-17 14:20:22 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\Documents [2012-04-17 14:20:22 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\Desktop [2012-04-17 14:20:22 \| 000,000,000 \| R—D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012-04-17 14:20:22 \| 000,000,000 \| -H-D \| C]—C:\Users\Tom Jørgensen\AppData [2012-04-17 14:20:22 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Local\Microsoft Help [2012-04-17 14:20:22 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Local\Microsoft [2012-04-17 14:20:22 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Media Center Programs [2012-04-17 14:20:22 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam [2012-04-17 14:20:22 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite [2012-04-17 14:20:22 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Roaming\Apple Computer [2012-04-17 14:20:22 \| 000,000,000 \|—-D \| C]—C:\Users\Tom Jørgensen\AppData\Local\Apple Computer [2012-04-17 09:27:41 \| 000,000,000 \|—-D \| C]—C:\Program Files\Adobe [2012-04-16 22:50:42 \| 000,000,000 \|—-D \| C]—C:\Windows\Hewlett-Packard [2012-04-13 21:48:48 \| 000,404,640 \|——\| C] (Adobe Systems Incorporated)—C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-04-13 21:44:39 \| 000,000,000 \|—-D \| C]—C:\Windows\System32\Adobe [2012-04-13 21:25:44 \| 000,000,000 \|—-D \| C]—C:\Program Files\Secunia [2012-04-13 18:56:39 \| 000,161,792 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\msls31.dll [2012-04-13 18:56:38 \| 000,065,024 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\jsproxy.dll [2012-04-13 18:56:37 \| 000,162,304 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\msrating.dll [2012-04-13 18:56:36 \| 000,076,800 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\SetIEInstalledDate.exe [2012-04-13 18:56:36 \| 000,074,752 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\RegisterIEPKEYs.exe [2012-04-13 18:56:35 \| 000,176,640 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\ieui.dll [2012-04-13 18:56:35 \| 000,086,528 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\iesysprep.dll [2012-04-13 18:56:35 \| 000,048,640 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\mshtmler.dll [2012-04-13 18:56:32 \| 000,367,104 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\html.iec [2012-04-13 18:56:32 \| 000,223,232 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\dxtrans.dll [2012-04-13 18:56:31 \| 003,695,416 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\ieapfltr.dat [2012-04-13 18:56:31 \| 000,434,176 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\ieapfltr.dll [2012-04-13 18:56:31 \| 000,353,792 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\dxtmsft.dll [2012-04-13 18:56:31 \| 000,074,240 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\ie4uinit.exe [2012-04-13 18:56:30 \| 000,353,592 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\iedkcs32.dll [2012-04-13 18:56:30 \| 000,231,936 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\url.dll [2012-04-13 18:56:30 \| 000,074,752 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\iesetup.dll [2012-04-13 18:56:30 \| 000,031,744 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\iernonce.dll [2012-04-13 18:56:29 \| 001,427,456 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\inetcpl.cpl [2012-04-13 18:56:29 \| 000,023,552 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\licmgr10.dll [2012-04-13 18:56:28 \| 000,152,064 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\wextract.exe [2012-04-13 18:56:28 \| 000,078,848 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\inseng.dll [2012-04-13 18:56:27 \| 000,580,608 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\msfeeds.dll [2012-04-13 18:56:27 \| 000,150,528 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\iexpress.exe [2012-04-13 18:56:25 \| 002,382,848 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\mshtml.tlb [2012-04-13 18:56:24 \| 000,142,848 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\ieUnatt.exe [2012-04-13 18:56:24 \| 000,054,272 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\pngfilt.dll [2012-04-13 18:56:23 \| 000,101,888 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\admparse.dll [2012-04-13 18:56:22 \| 000,227,840 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\ieaksie.dll [2012-04-13 18:56:22 \| 000,163,840 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\ieakui.dll [2012-04-13 18:56:21 \| 001,799,168 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\jscript9.dll [2012-04-13 18:56:21 \| 000,035,840 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\imgutil.dll [2012-04-13 18:56:20 \| 000,118,784 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\iepeers.dll [2012-04-13 18:56:17 \| 000,041,472 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\msfeedsbs.dll [2012-04-13 18:56:17 \| 000,010,752 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\msfeedssync.exe [2012-04-13 18:56:16 \| 000,110,592 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\IEAdvpack.dll [2012-04-13 18:56:14 \| 000,130,560 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\ieakeng.dll [2012-04-13 18:01:14 \| 000,876,032 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\XpsPrint.dll [2012-04-13 18:01:10 \| 001,172,480 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\d3d10warp.dll [2012-04-13 18:01:10 \| 001,068,544 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\DWrite.dll [2012-04-13 18:01:10 \| 000,683,008 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\d2d1.dll [2012-04-13 18:01:10 \| 000,219,648 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\d3d10_1core.dll [2012-04-13 18:01:10 \| 000,160,768 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\d3d10_1.dll [2012-04-13 06:35:19 \| 000,000,000 \|—-D \| C]—C:\Program Files\Windows Portable Devices [2012-04-12 22:32:35 \| 000,092,672 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\UIAnimation.dll [2012-04-12 22:32:34 \| 001,164,800 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\UIRibbonRes.dll [2012-04-12 22:32:33 \| 003,023,360 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\UIRibbon.dll [2012-04-12 22:26:40 \| 000,369,664 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\WMPhoto.dll [2012-04-12 22:26:37 \| 000,189,440 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\WindowsCodecsExt.dll [2012-04-12 22:26:36 \| 000,321,024 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\PhotoMetadataHandler.dll [2012-04-12 22:26:36 \| 000,252,928 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\dxdiag.exe [2012-04-12 22:26:36 \| 000,195,584 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\dxdiagn.dll [2012-04-12 22:26:35 \| 000,519,680 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\d3d11.dll [2012-04-12 22:22:19 \| 000,031,232 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\BthMtpContextHandler.dll [2012-04-12 22:22:19 \| 000,030,208 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\WPDShextAutoplay.exe [2012-04-12 22:22:15 \| 000,060,928 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\PortableDeviceConnectApi.dll [2012-04-12 22:22:11 \| 000,546,816 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\wpd_ci.dll [2012-04-12 22:22:11 \| 000,334,848 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\PortableDeviceApi.dll [2012-04-12 22:22:11 \| 000,226,816 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\WpdMtp.dll [2012-04-12 22:22:11 \| 000,196,608 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\PortableDeviceWMDRM.dll [2012-04-12 22:22:11 \| 000,160,256 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\PortableDeviceTypes.dll [2012-04-12 22:22:11 \| 000,100,864 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\PortableDeviceClassExtension.dll [2012-04-12 22:22:11 \| 000,061,952 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\WpdMtpUS.dll [2012-04-12 22:22:11 \| 000,033,280 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\WpdConns.dll [2012-04-12 22:22:10 \| 000,350,208 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\WPDSp.dll [2012-04-12 21:55:09 \| 003,602,816 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\ntkrnlpa.exe [2012-04-12 21:55:09 \| 003,550,080 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\ntoskrnl.exe [2012-04-12 18:14:45 \| 000,979,456 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\MFH264Dec.dll [2012-04-12 18:14:44 \| 000,478,720 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\dxgi.dll [2012-04-12 18:14:44 \| 000,135,680 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\XpsRasterService.dll [2012-04-12 18:14:43 \| 000,357,376 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\MFHEAACdec.dll [2012-04-12 18:14:43 \| 000,261,632 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\mfreadwrite.dll [2012-04-12 18:14:42 \| 002,873,344 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\mf.dll [2012-04-12 18:14:42 \| 000,302,592 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\mfmp4src.dll [2012-04-12 18:14:42 \| 000,037,376 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\cdd.dll [2012-04-12 18:14:41 \| 000,667,648 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\printfilterpipelinesvc.exe [2012-04-12 18:14:41 \| 000,209,920 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\mfplat.dll [2012-04-12 18:14:38 \| 000,098,816 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\mfps.dll [2012-04-12 18:14:38 \| 000,026,112 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\printfilterpipelineprxy.dll [2012-04-12 18:13:45 \| 001,029,120 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\d3d10.dll [2012-04-12 18:13:44 \| 001,554,432 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\xpsservices.dll [2012-04-12 18:13:44 \| 000,486,400 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\d3d10level9.dll [2012-04-12 18:13:44 \| 000,189,952 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\d3d10core.dll [2012-04-12 18:13:43 \| 000,847,360 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\OpcServices.dll [2012-04-12 18:13:43 \| 000,288,768 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\XpsGdiConverter.dll [2012-04-12 18:11:50 \| 000,555,520 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\UIAutomationCore.dll [2012-04-12 18:11:50 \| 000,004,096 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\oleaccrc.dll [2012-04-12 18:11:36 \| 001,314,816 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\quartz.dll [2012-04-12 18:11:36 \| 000,497,152 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\qdvd.dll [2012-04-12 18:11:22 \| 000,002,048 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\tzres.dll [2012-04-12 18:11:10 \| 000,293,376 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\psisdecd.dll [2012-04-12 18:11:09 \| 000,217,088 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\psisrndr.ax [2012-04-12 18:11:09 \| 000,069,632 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\Mpeg2Data.ax [2012-04-12 18:11:09 \| 000,057,856 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\MSDvbNP.ax [2012-04-12 18:10:39 \| 000,049,152 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\csrsrv.dll [2012-04-12 18:10:36 \| 000,023,552 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\mciseq.dll [2012-04-12 18:10:28 \| 000,429,056 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\EncDec.dll [2012-04-12 18:10:25 \| 000,376,320 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\winsrv.dll [2012-04-12 18:10:22 \| 002,044,416 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\win32k.sys [2012-04-12 18:10:20 \| 000,066,560 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\packager.dll [2012-04-12 18:02:28 \| 000,231,424 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\msshsq.dll [2012-04-12 08:00:13 \| 000,613,376 \|——\| C] (Microsoft Corporation)—C:\Windows\System32\rdpencom.dll [2012-04-11 23:11:54 \| 000,000,000 \|—-D \| C]—C:\Windows\System32\eu-ES [2012-04-11 23:11:54 \| 000,000,000 \|—-D \| C]—C:\Windows\System32\ca-ES [2012-04-11 23:11:51 \| 000,000,000 \|—-D \| C]—C:\Windows\System32\vi-VN [2012-04-11 19:25:46 \| 000,000,000 \|—-D \| C]—C:\Windows\System32\EventProviders [2012-04-10 19:38:30 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012-04-10 19:38:22 \| 000,000,000 \|—-D \| C]—C:\ProgramData\SUPERAntiSpyware.com [2012-04-10 19:38:22 \| 000,000,000 \|—-D \| C]—C:\Program Files\SUPERAntiSpyware [2012-04-09 21:38:07 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes’ Anti-Malware [2012-04-09 21:37:51 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Malwarebytes [2012-04-09 21:37:50 \| 000,022,344 \|——\| C] (Malwarebytes Corporation)—C:\Windows\System32\drivers\mbam.sys [2012-04-09 21:37:50 \| 000,000,000 \|—-D \| C]—C:\Program Files\Malwarebytes’ Anti-Malware ========== Files - Modified Within 30 Days ========== [2012-05-01 12:02:00 \| 000,000,950 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1067062934-1700640529-938716030-1000UA.job [2012-05-01 12:02:00 \| 000,000,898 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1067062934-1700640529-938716030-1000Core.job [2012-05-01 11:41:26 \| 000,000,922 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-05-01 09:36:36 \| 000,003,216 \| -H—\| M] ()—C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012-05-01 09:36:36 \| 000,003,216 \| -H—\| M] ()—C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012-05-01 09:11:53 \| 000,595,456 \|——\| M] (OldTimer Tools)—C:\Users\Tom Jørgensen\Desktop\OTL.exe [2012-05-01 08:03:06 \| 000,000,248 \|——\| M] ()—C:\Users\Public\Documents\hpqp.ini [2012-05-01 07:56:47 \| 000,049,015 \|——\| M] ()—C:\ProgramData\nvModes.dat [2012-05-01 07:56:46 \| 000,049,015 \|——\| M] ()—C:\ProgramData\nvModes.001 [2012-05-01 07:56:35 \| 000,000,918 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-05-01 07:44:18 \| 000,597,598 \|——\| M] ()—C:\Windows\System32\perfh01D.dat [2012-05-01 07:44:18 \| 000,595,996 \|——\| M] ()—C:\Windows\System32\perfh009.dat [2012-05-01 07:44:18 \| 000,472,392 \|——\| M] ()—C:\Windows\System32\perfh006.dat [2012-05-01 07:44:18 \| 000,452,366 \|——\| M] ()—C:\Windows\System32\perfh014.dat [2012-05-01 07:44:18 \| 000,435,606 \|——\| M] ()—C:\Windows\System32\perfh00B.dat [2012-05-01 07:44:18 \| 000,120,388 \|——\| M] ()—C:\Windows\System32\perfc01D.dat [2012-05-01 07:44:18 \| 000,104,070 \|——\| M] ()—C:\Windows\System32\perfc009.dat [2012-05-01 07:44:18 \| 000,084,170 \|——\| M] ()—C:\Windows\System32\perfc00B.dat [2012-05-01 07:44:18 \| 000,080,386 \|——\| M] ()—C:\Windows\System32\perfc006.dat [2012-05-01 07:44:18 \| 000,079,484 \|——\| M] ()—C:\Windows\System32\perfc014.dat [2012-05-01 07:36:23 \| 000,067,584 \|—S- \| M] ()—C:\Windows\bootstat.dat [2012-05-01 07:36:20 \| 2951,045,120 \| -HS- \| M] ()—C:\hiberfil.sys [2012-04-28 12:30:43 \| 000,002,539 \|——\| M] ()—C:\Users\Tom Jørgensen\Desktop\HiJackThis.lnk [2012-04-28 11:28:01 \| 001,402,880 \|——\| M] ()—C:\Users\Tom Jørgensen\Desktop\HijackThis.msi [2012-04-25 19:42:22 \| 000,000,906 \|——\| M] ()—C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-04-25 16:39:57 \| 000,000,804 \|——\| M] ()—C:\Users\Public\Desktop\CCleaner.lnk [2012-04-25 16:36:21 \| 003,654,896 \|——\| M] (Piriform Ltd)—C:\Users\Tom Jørgensen\Desktop\ccsetup318.exe [2012-04-25 10:42:01 \| 000,000,027 \|——\| M] ()—C:\Windows\System32\drivers\etc\hosts [2012-04-25 10:08:56 \| 000,000,520 \|——\| M] ()—C:\Windows\wininit.ini [2012-04-25 09:39:14 \| 000,001,113 \|——\| M] ()—C:\Users\Tom Jørgensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Screen Clipper and Launcher til OneNote 2007.lnk [2012-04-24 17:07:17 \| 004,474,448 \| R—- \| M] (Swearware)—C:\Users\Tom Jørgensen\Desktop\ComboFix.exe [2012-04-23 16:13:26 \| 000,607,260 \| R—- \| M] (Swearware)—C:\Users\Tom Jørgensen\Desktop\dds.scr [2012-04-23 09:23:55 \| 000,000,899 \|——\| M] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-04-18 10:40:41 \| 000,001,726 \|——\| M] ()—C:\Users\Public\Desktop\QuickTime Player.lnk [2012-04-17 14:41:05 \| 000,000,943 \|——\| M] ()—C:\Users\Tom Jørgensen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012-04-17 09:51:58 \| 000,002,485 \|——\| M] ()—C:\Users\Public\Desktop\Skype.lnk [2012-04-17 09:37:33 \| 000,001,887 \|——\| M] ()—C:\Users\Public\Desktop\Adobe Reader 8.lnk [2012-04-13 21:48:48 \| 000,404,640 \|——\| M] (Adobe Systems Incorporated)—C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-04-13 18:57:22 \| 000,008,798 \|——\| M] ()—C:\Windows\System32\icrav03.rat [2012-04-13 18:57:21 \| 000,001,988 \|——\| M] ()—C:\Windows\System32\ticrf.rat [2012-04-13 18:56:39 \| 000,161,792 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\msls31.dll [2012-04-13 18:56:38 \| 000,065,024 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\jsproxy.dll [2012-04-13 18:56:37 \| 000,162,304 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\msrating.dll [2012-04-13 18:56:36 \| 000,076,800 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\SetIEInstalledDate.exe [2012-04-13 18:56:36 \| 000,074,752 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\RegisterIEPKEYs.exe [2012-04-13 18:56:35 \| 000,176,640 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\ieui.dll [2012-04-13 18:56:35 \| 000,086,528 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\iesysprep.dll [2012-04-13 18:56:35 \| 000,048,640 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\mshtmler.dll [2012-04-13 18:56:32 \| 000,367,104 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\html.iec [2012-04-13 18:56:32 \| 000,223,232 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\dxtrans.dll [2012-04-13 18:56:31 \| 003,695,416 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\ieapfltr.dat [2012-04-13 18:56:31 \| 000,434,176 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\ieapfltr.dll [2012-04-13 18:56:31 \| 000,353,792 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\dxtmsft.dll [2012-04-13 18:56:31 \| 000,074,240 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\ie4uinit.exe [2012-04-13 18:56:30 \| 000,353,592 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\iedkcs32.dll [2012-04-13 18:56:30 \| 000,231,936 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\url.dll [2012-04-13 18:56:30 \| 000,074,752 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\iesetup.dll [2012-04-13 18:56:30 \| 000,072,822 \|——\| M] ()—C:\Windows\System32\ieuinit.inf [2012-04-13 18:56:30 \| 000,031,744 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\iernonce.dll [2012-04-13 18:56:29 \| 001,427,456 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\inetcpl.cpl [2012-04-13 18:56:29 \| 000,023,552 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\licmgr10.dll [2012-04-13 18:56:28 \| 000,152,064 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\wextract.exe [2012-04-13 18:56:28 \| 000,078,848 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\inseng.dll [2012-04-13 18:56:27 \| 000,580,608 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\msfeeds.dll [2012-04-13 18:56:27 \| 000,150,528 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\iexpress.exe [2012-04-13 18:56:25 \| 002,382,848 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\mshtml.tlb [2012-04-13 18:56:24 \| 000,142,848 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\ieUnatt.exe [2012-04-13 18:56:24 \| 000,054,272 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\pngfilt.dll [2012-04-13 18:56:23 \| 000,101,888 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\admparse.dll [2012-04-13 18:56:22 \| 000,227,840 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\ieaksie.dll [2012-04-13 18:56:22 \| 000,163,840 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\ieakui.dll [2012-04-13 18:56:21 \| 001,799,168 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\jscript9.dll [2012-04-13 18:56:21 \| 000,035,840 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\imgutil.dll [2012-04-13 18:56:20 \| 000,118,784 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\iepeers.dll [2012-04-13 18:56:17 \| 000,041,472 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\msfeedsbs.dll [2012-04-13 18:56:17 \| 000,010,752 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\msfeedssync.exe [2012-04-13 18:56:16 \| 000,110,592 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\IEAdvpack.dll [2012-04-13 18:56:14 \| 000,130,560 \|——\| M] (Microsoft Corporation)—C:\Windows\System32\ieakeng.dll [2012-04-13 06:39:14 \| 000,429,392 \|——\| M] ()—C:\Windows\System32\FNTCACHE.DAT [2012-04-13 06:31:52 \| 000,000,000 \| -H—\| M] ()—C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012-04-13 06:18:22 \| 000,000,000 \| -H—\| M] ()—C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012-04-10 19:38:31 \| 000,001,800 \|——\| M] ()—C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012-04-04 15:56:40 \| 000,022,344 \|——\| M] (Malwarebytes Corporation)—C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012-04-28 11:34:29 \| 000,002,539 \|——\| C] ()—C:\Users\Tom Jørgensen\Desktop\HiJackThis.lnk [2012-04-28 11:28:00 \| 001,402,880 \|——\| C] ()—C:\Users\Tom Jørgensen\Desktop\HijackThis.msi [2012-04-25 19:42:22 \| 000,000,906 \|——\| C] ()—C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-04-25 10:08:56 \| 000,000,520 \|——\| C] ()—C:\Windows\wininit.ini [2012-04-25 09:39:14 \| 000,001,113 \|——\| C] ()—C:\Users\Tom Jørgensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Screen Clipper and Launcher til OneNote 2007.lnk [2012-04-24 17:09:57 \| 000,256,000 \|——\| C] ()—C:\Windows\PEV.exe [2012-04-24 17:09:57 \| 000,208,896 \|——\| C] ()—C:\Windows\MBR.exe [2012-04-24 17:09:57 \| 000,098,816 \|——\| C] ()—C:\Windows\sed.exe [2012-04-24 17:09:57 \| 000,080,412 \|——\| C] ()—C:\Windows\grep.exe [2012-04-24 17:09:57 \| 000,068,096 \|——\| C] ()—C:\Windows\zip.exe [2012-04-23 09:23:55 \| 000,000,899 \|——\| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-04-23 09:23:55 \| 000,000,862 \|——\| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012-04-18 10:40:41 \| 000,001,726 \|——\| C] ()—C:\Users\Public\Desktop\QuickTime Player.lnk [2012-04-17 14:41:05 \| 000,000,943 \|——\| C] ()—C:\Users\Tom Jørgensen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012-04-17 14:24:08 \| 000,000,949 \|——\| C] ()—C:\Users\Tom Jørgensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012-04-17 14:23:47 \| 000,000,944 \|——\| C] ()—C:\Users\Tom Jørgensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012-04-17 14:23:07 \| 000,000,915 \|——\| C] ()—C:\Users\Tom Jørgensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012-04-17 14:20:28 \| 000,000,258 \|——\| C] ()—C:\Users\Tom Jørgensen\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2012-04-17 14:20:28 \| 000,000,240 \|——\| C] ()—C:\Users\Tom Jørgensen\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2012-04-17 09:29:38 \| 000,001,887 \|——\| C] ()—C:\Users\Public\Desktop\Adobe Reader 8.lnk [2012-04-17 09:29:37 \| 000,002,425 \|——\| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk [2012-04-13 18:56:30 \| 000,072,822 \|——\| C] ()—C:\Windows\System32\ieuinit.inf [2012-04-13 06:31:52 \| 000,000,000 \| -H—\| C] ()—C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012-04-13 06:18:22 \| 000,000,000 \| -H—\| C] ()—C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012-04-10 19:38:31 \| 000,001,800 \|——\| C] ()—C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011-08-03 15:26:42 \| 000,115,369 \|——\| C] ()—C:\Windows\System32\drivers\klin.dat [2011-08-03 15:26:42 \| 000,097,961 \|——\| C] ()—C:\Windows\System32\drivers\klick.dat < End of report > OTL Extras logfile created on: 01-05-2012 09:14:59 - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Tom Jørgensen\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16443) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 2,75 Gb Total Physical Memory \| 1,42 Gb Available Physical Memory \| 51,74% Memory free 5,70 Gb Paging File \| 4,47 Gb Available in Paging File \| 78,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 223,23 Gb Total Space \| 143,22 Gb Free Space \| 64,16% Space Free \| Partition Type: NTFS Drive D: \| 9,66 Gb Total Space \| 1,73 Gb Free Space \| 17,89% Space Free \| Partition Type: NTFS Computer Name: ZIAL-PC \| User Name: Tom Jørgensen \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile]—rundll32.exe shell32.dll,Control_RunDLL “%1”,%* .hlp [@ = hlpfile]—C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open]—“%1” %* cmdfile [open]—“%1” %* comfile [open]—“%1” %* cplfile [cplopen]—rundll32.exe shell32.dll,Control_RunDLL “%1”,%* exefile [open]—“%1” %* helpfile [open]—Reg Error: Key error. hlpfile [open]—%SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open]—“%1” %* regfile [merge]—Reg Error: Key error. scrfile [config]—“%1” scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open]—“%1” /S txtfile [edit]—Reg Error: Key error. Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd]—cmd.exe /s /k pushd “%V” (Microsoft Corporation) Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open]—C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE “%L” Folder [open]—%SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore]—%SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] “cval” = 1 “FirewallDisableNotify” = 0 “AntiVirusDisableNotify” = 0 “UpdatesDisableNotify” = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] “DisableMonitoring” = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] “DisableMonitoring” = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] “DisableMonitoring” = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] “DisableMonitoring” = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] “AntiVirusOverride” = 0 “AntiSpywareOverride” = 0 “FirewallOverride” = 0 “VistaSp1” = Reg Error: Unknown registry data type—File not found “VistaSp2” = Reg Error: Unknown registry data type—File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] “DisableSR” = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] “EnableFirewall” = 0 “DisableNotifications” = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] “EnableFirewall” = 0 “DisableNotifications” = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] “EnableFirewall” = 0 “DisableNotifications” = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] “{A7B41B6E-E452-4AAA-90D4-E9E29ADC4711}” = lport=6004 \| protocol=17 \| dir=in \| app=c:\program files\microsoft office\office12\outlook.exe \| “{B6CAE77E-C8C4-4223-95B9-F1379B228658}” = lport=2869 \| protocol=6 \| dir=in \| app=system \| “{F74EA82C-545F-4CDD-94F7-B48221251601}” = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=svchost.exe \| ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] “{389751C0-69FA-491A-AA91-D61B86AF4253}” = protocol=6 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| “{3F076D65-8B70-4DE7-B3AC-990129F07662}” = protocol=17 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| “{43964BA8-1147-481D-AC3B-65991B1FE8CA}” = protocol=6 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| “{5B9914E9-A9DA-491E-87B2-9DD02F6BDE1F}” = protocol=6 \| dir=in \| app=c:\program files\microsoft office\office12\groove.exe \| “{70092852-5C50-486C-941C-F91147D9091E}” = dir=in \| app=c:\program files\cyberlink\powerdirector\pdr.exe \| “{822F9726-8006-4389-88AB-4E53F1EF6328}” = protocol=17 \| dir=in \| app=c:\program files\itunes\itunes.exe \| “{ACDEF455-99EA-4426-9AB1-01B7E65A17BD}” = dir=in \| app=c:\program files\hp\quickplay\qp.exe \| “{B24406F5-F2A1-47F7-B75F-5BB3B155407F}” = protocol=17 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| “{B5223939-21B7-4A62-9E8E-AA1B95649811}” = protocol=6 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| “{C1BF33CC-8B4A-4157-9E95-D646E258ADBC}” = protocol=6 \| dir=in \| app=c:\program files\itunes\itunes.exe \| “{C3734F40-AA2D-4E2D-B2FC-CC46D5012BA4}” = dir=in \| app=c:\program files\skype\phone\skype.exe \| “{C5B58760-D30D-4BF5-89CC-656DE200E27D}” = dir=in \| app=c:\program files\hp\quickplay\qpservice.exe \| “{CF663BBE-B161-4CFB-80B1-3D03BB872FBF}” = protocol=17 \| dir=in \| app=c:\program files\microsoft office\office12\groove.exe \| “{D95013BE-55E1-4A15-978D-FF844DEB02CC}” = dir=in \| app=c:\program files\windows live\messenger\msnmsgr.exe \| “{F2D048FF-3E2C-4C44-B179-6658F0504DE3}” = protocol=17 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| “{F8218734-0716-4DA1-AF57-936ADFEC8033}” = dir=in \| app=c:\program files\windows live\sync\windowslivesync.exe \| “TCP Query User{12CFB566-1C99-4D27-8CBB-8E7A6FF8CED1}C:\program files\internet explorer\iexplore.exe” = protocol=6 \| dir=in \| app=c:\program files\internet explorer\iexplore.exe \| “TCP Query User{5C06E6D3-2A50-44B9-9CA6-E06B242849F4}C:\program files\java\jre6\bin\java.exe” = protocol=6 \| dir=in \| app=c:\program files\java\jre6\bin\java.exe \| “TCP Query User{AF02979C-C114-42E2-9267-84682C767253}C:\program files\java\jre6\bin\java.exe” = protocol=6 \| dir=in \| app=c:\program files\java\jre6\bin\java.exe \| “UDP Query User{3AEA003B-873F-4E9F-B12B-037674462429}C:\program files\java\jre6\bin\java.exe” = protocol=17 \| dir=in \| app=c:\program files\java\jre6\bin\java.exe \| “UDP Query User{8E24D5C6-5007-47FF-8FD7-2240102BBC0D}C:\program files\internet explorer\iexplore.exe” = protocol=17 \| dir=in \| app=c:\program files\internet explorer\iexplore.exe \| “UDP Query User{C1F17C4E-F45D-4D31-A718-34951310AC39}C:\program files\java\jre6\bin\java.exe” = protocol=17 \| dir=in \| app=c:\program files\java\jre6\bin\java.exe \| ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}” = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 “{0059ECD1-BB50-41CF-B729-0958A120F152}” = Windows Live Messenger “{01FB4998-33C4-4431-85ED-079E3EEFE75D}” = CyberLink YouCam “{02B8DBC1-7312-43AF-8BA7-9F29CDD6B348}” = Windows Live Sync “{03B3C771-9456-4334-9F7A-C3A258F8FC0B}_is1” = Gyldendals Røde Ordbøger - Dansk “{082702D5-5DD8-4600-BCE5-48B15174687F}” = HP Doc Viewer “{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}” = Tilmeldingsassistent til Windows Live ID “{17989108-D54A-4277-BD1C-2BDA7ADC19E2}” = Windows Live Family Safety “{18455581-E099-4BA8-BC6B-F34B2F06600C}” = Google Toolbar for Internet Explorer “{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}” = Adobe Shockwave Player “{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}” = CyberLink DVD Suite “{205C6BDD-7B73-42DE-8505-9A093F35A238}” = Overførselsværktøj til Windows Live “{228C6B46-64E2-404E-898A-EF0830603EF4}” = HPNetworkAssistant “{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}” = MSVCRT “{2318C2B1-4965-11d4-9B18-009027A5CD4F}” = Google Toolbar for Internet Explorer “{254C37AA-6B72-4300-84F6-98A82419187E}” = ActiveCheck component for HP Active Support Library “{26A24AE4-039D-4CA4-87B4-2F83216031FF}” = Java(TM) 6 Update 31 “{28511D89-C359-46F3-ACAD-A97F129D0DE7}” = Windows Live Photo Gallery “{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}” = HP Update “{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}” = Windows Live Communications Platform “{3248F0A8-6813-11D6-A77B-00B0D0160050}” = Java(TM) 6 Update 5 “{340F521E-3576-4E1A-B75C-EB0ACF751379}” = HP Wireless Assistant “{34D2AB40-150D-475D-AE32-BD23FB5EE355}” = HP Quick Launch Buttons 6.40 D3 “{3877C901-7B90-4727-A639-B6ED2DD59D43}” = ESU for Microsoft Vista “{3C3901C5-3455-3E0A-A214-0B093A5070A6}” = Microsoft .NET Framework 4 Client Profile “{3D3E663D-4E7E-4577-A560-7ECDDD45548A}” = PVSonyDll “{3F92ABBB-6BBF-11D5-B229-002078017FBF}” = NetWaiting “{40BF1E83-20EB-11D8-97C5-0009C5020658}” = Power2Go “{415B2719-AD3A-4944-B404-C472DB6085B3}” = Cisco EAP-FAST Module “{45A66726-69BC-466B-A7A4-12FCBA4883D7}” = HiJackThis “{45D707E9-F3C4-11D9-A373-0050BAE317E1}” = HP DVD Play 3.7 “{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater “{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}” = HP Easy Setup - Frontend “{582287DA-0806-4AC0-BF19-C15E3A466034}” = LightScribe System Software 1.12.33.2 “{612C34C7-5E90-47D8-9B5C-0F717DD82726}” = swMSM “{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}” = Cisco PEAP Module “{669D4A35-146B-4314-89F1-1AC3D7B88367}” = HPAsset component for HP Active Support Library “{66F1F013-008F-4875-B283-5A814B820347}” = Kaspersky Anti-Virus 2011 “{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}” = Windows Media Player Firefox Plugin “{6AC9C43D-7117-48AE-A22F-C7CDCF08C046}” = Windows Live Movie Maker “{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable “{770657D0-A123-3C07-8E44-1C83EC895118}” = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 “{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}” = Apple Software Update “{79155F2B-9895-49D7-8612-D92580E0DE5B}” = Bonjour “{7BE15435-2D3E-4B58-867F-9C75BED0208C}” = QuickTime “{83770D14-21B9-44B3-8689-F7B523F94560}” = Cisco LEAP Module “{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}” = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 “{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight “{8A74E887-8F0F-4017-AF53-CBA42211AAA5}” = Microsoft Sync Framework Runtime Native v1.0 (x86) “{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}” = HP Help and Support “{8E5233E1-7495-44FB-8DEB-4BE906D59619}” = Junk Mail filter update “{8F3B6BD9-781B-4226-BB8F-9C1707B91C0A}” = Politikens Tysk-Dansk Dansk-Tysk Ordbog “{90120000-0015-0406-0000-0000000FF1CE}” = Microsoft Office Access MUI (Danish) 2007 “{90120000-0015-0406-0000-0000000FF1CE}_ENTERPRISER_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3) “{90120000-0016-0406-0000-0000000FF1CE}” = Microsoft Office Excel MUI (Danish) 2007 “{90120000-0016-0406-0000-0000000FF1CE}_ENTERPRISER_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3) “{90120000-0018-0406-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (Danish) 2007 “{90120000-0018-0406-0000-0000000FF1CE}_ENTERPRISER_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3) “{90120000-0019-0406-0000-0000000FF1CE}” = Microsoft Office Publisher MUI (Danish) 2007 “{90120000-0019-0406-0000-0000000FF1CE}_ENTERPRISER_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3) “{90120000-001A-0406-0000-0000000FF1CE}” = Microsoft Office Outlook MUI (Danish) 2007 “{90120000-001A-0406-0000-0000000FF1CE}_ENTERPRISER_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3) “{90120000-001B-0406-0000-0000000FF1CE}” = Microsoft Office Word MUI (Danish) 2007 “{90120000-001B-0406-0000-0000000FF1CE}_ENTERPRISER_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3) “{90120000-001F-0406-0000-0000000FF1CE}” = Microsoft Office Proof (Danish) 2007 “{90120000-001F-0406-0000-0000000FF1CE}_ENTERPRISER_{8F771259-9037-4097-AA88-8613F3BE5627}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) “{90120000-001F-0407-0000-0000000FF1CE}” = Microsoft Office Proof (German) 2007 “{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) “{90120000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2007 “{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) “{90120000-0020-0406-0000-0000000FF1CE}” = Kompatibilitetspakke til Office 2007-systemet “{90120000-002C-0406-0000-0000000FF1CE}” = Microsoft Office Proofing (Danish) 2007 “{90120000-0044-0406-0000-0000000FF1CE}” = Microsoft Office InfoPath MUI (Danish) 2007 “{90120000-0044-0406-0000-0000000FF1CE}_ENTERPRISER_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3) “{90120000-006E-0406-0000-0000000FF1CE}” = Microsoft Office Shared MUI (Danish) 2007 “{90120000-006E-0406-0000-0000000FF1CE}_ENTERPRISER_{11584158-91C7-4B1B-BFD1-F47D680F13CF}” = Microsoft Office 2007 Service Pack 3 (SP3) “{90120000-00A1-0406-0000-0000000FF1CE}” = Microsoft Office OneNote MUI (Danish) 2007 “{90120000-00A1-0406-0000-0000000FF1CE}_ENTERPRISER_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3) “{90120000-00BA-0406-0000-0000000FF1CE}” = Microsoft Office Groove MUI (Danish) 2007 “{90120000-00BA-0406-0000-0000000FF1CE}_ENTERPRISER_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3) “{90140000-2005-0000-0000-0000000FF1CE}” = Microsoft Offi

1 af 2

Næste