Spywarefri Forum | Rootkit.0access

1 af 2

Rootkit.0access

[ Ignorer ] clr
26.07.2012 10:24:33 Antal indlæg: 16	Hej Jeg har her til morgen en computer der genstarter næsten hele tiden. I går aftes efter en McAfee opdatering fandt og eliminerede den en trojansk hest kan ikke lige huske navnet, det var noget med A. Her til morgen var min firewall slået fra og når jeg prøvede at slå den til, blev den straks efter slået fra igen, prøvede at køre en virusscan, men computer “frøs” og jeg tog strømmen. Herefter har opstartningssekvens været: 1: fejl i windows stifinder programmet genstartes og noget efter “windows har et alvorligt problem og computeren genstartes om 60 sekunder. Har kørt Malwarebites Anti-Malware(hurtig scanning) og fået denne log: Malwarebytes Anti-Malware 1.62.0.1300 http://www.malwarebytes.org Database version: v2012.07.26.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 26-07-2012 08:09:41 mbam-log-2012-07-26 (08-20-28).txt Skanningstype: Hurtig skanning Skanningsmuligheder valgt: Hukommelse \| Opstart \| Registreringsdatabasen \| Filsystem \| Heuristics/Ekstra \| Heuristics/Shuriken \| PUP \| PUM Skanningsmuligheder som er deaktiverede: P2P Objekter skannet: 192879 Tid gået: 8 minut(ter), Hukommelses Processorer Inficeret: 0 (Ingen skadelige objekter blev fundet) Hukommelses Moduler Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabasenøgler Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabaseværdier Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabasedata Objekter Inficeret: 0 (Ingen skadelige objekter blev fundet) Inficerede Mapper: 0 (Ingen skadelige objekter blev fundet) Inficerede Filer: 1 C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\n (Rootkit.0Access) -> Ingen handling valgt. (færdig) Har prøvet og fjernet den, men problemet med genstart fortsætter (her efter et par timer er der åbenbart en pause i genstartsprocessen). Skal jeg prøve en fuldscan eller er der andre løsningsforslag? Med venlig hilsen Claus
[ Ignorer ] [ # 1 ] f-arn TeamSpywarefri
26.07.2012 10:32:25 Administrator Team Spywarefri Antal indlæg: 7045	Hej, og velkommmen til Du skal helst downloade fra en anden PC. ——— Til 64 bit Windows, hent Farbar Recovery Scan Tool x64 og gem den på en USB nøgle. Sæt USB nøglen i den inficerede PC. Start PCen op med “Advanced Boot Options” (Tryk F8 flere gange under opstart) Vælg “Repair Your Computer” Vælg sprog. Vælg Bruger konto. Så skal du vælge Kommando Prompt. Der skriver du notepad, og trykker <Enter> Vælg Fil menu -> Åbn og vælg “Computer”. Find drevbogstavet til din USB nøgle. Luk Notesblok. Ved Kommando prompten skriver du e:\frst64 Erstat e med det rigtige bogstav. Når Farbar Recovery Scan Tool er startet, klikker du på Scan. Den laver FRST.txt på USB nøglen. Kopier den herind i dit næste indlæg. Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 2 ] clr
26.07.2012 11:28:00 Antal indlæg: 16	Tak her er resultattet: Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by SYSTEM at 26-07-2012 12:13:52 Running from J:\ Windows 7 Home Premium (X64) OS Language: Danish The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9608224 2009-11-18] (Realtek Semiconductor) HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.) HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.) HKLM\...\Run: [DellStage] “C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe” “C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj”—startup [207350 2011-01-25] () HKLM-x32\...\Run: [StartCCC] “c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun [98304 2010-01-13] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.) HKLM-x32\...\Run: [THX Audio Control Panel] “C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe” /r [963584 2009-12-01] (Creative Technology Ltd) HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [mcui_exe] “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey [1675160 2012-03-21] (McAfee, Inc.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [RoxWatchTray] “C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe” [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] “C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe” [514544 2010-11-17] () HKLM-x32\...\Run: [Adobe Reader Speed Launcher] “C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe” [35736 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [843712 2012-01-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WinampAgent] “C:\Program Files (x86)\Winamp\winampa.exe” [74752 2011-03-22] (Nullsoft, Inc.) HKLM-x32\...\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google) HKLM-x32\...\Run: [APSDaemon] “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe” [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe” [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [QuickTime Task] “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [AirPort Base Station Agent] “C:\Program Files (x86)\AirPort\APAgent.exe” [771360 2009-11-11] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] “C:\Program Files (x86)\iTunes\iTunesHelper.exe” [421776 2012-06-07] (Apple Inc.) HKU\Claus\...\Run: [Steam] “C:\Program Files (x86)\Steam\Steam.exe” -silent [1242448 2011-08-02] (Valve Corporation) HKU\Claus\...\Run: [Octoshape Streaming Services] “C:\Users\Claus\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe” -inv:bootrun [107800 2011-03-24] (Octoshape ApS) HKU\Claus\...\Run: [Boxoft Tools] “C:\ProgramData\Boxtools\Boxofttoolbox.exe” -autorun [514048 2010-12-15] () HKU\Claus\...\Run: [Spotify Web Helper] “C:\Users\Claus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe” [932528 2012-06-11] () HKLM-x32\...\RunOnce: [“C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe”] “C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe” [559616 2011-10-06] (Dell) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.1 PE.lnk ShortcutTarget: PHOTOfunSTUDIO 8.1 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) ==================== Services (Whitelisted) ====== 2 AMDFusionSVC; C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [383544 2009-09-08] (Advanced Micro Devices) 2 AMD_RAIDXpert; “C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe” -s [122880 2009-03-16] (AMD) 2 HPSLPSVC; C:\Users\Claus\AppData\Local\Temp\7zS583B\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.) 3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.) 2 McMPFSvc; “C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe” /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 mcmscsvc; “C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe” /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McNaiAnn; “C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe” /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McNASvc; “C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe” /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 3 McODS; “C:\Program Files\mcafee\VirusScan\mcods.exe” [502032 2012-04-19] (McAfee, Inc.) 4 McOobeSv; “C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe” /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McProxy; “C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe” /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 McShield; “C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe” [199272 2012-03-20] (McAfee, Inc.) 2 mfefire; “C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe” [210584 2012-03-20] (McAfee, Inc.) 2 mfevtp; “C:\Windows\system32\mfevtps.exe” [162192 2012-03-20] (McAfee, Inc.) 2 MSK80Service; “C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe” /McCoreSvc [249936 2011-01-27] (McAfee, Inc.) 2 RoxWatch12; “C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe” [219632 2010-11-25] (Sonic Solutions) 3 stllssvr; “C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe” [74392 2010-11-08] (MicroVision Development, Inc.) ========================== Drivers (Whitelisted) ============= 3 AmdLLD64; C:\Windows\System32\Drivers\AmdLLD64.sys [47672 2009-04-22] (Advanced Micro Devices) 2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [88480 2011-06-21] () 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.) 2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [46400 2011-06-21] () 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.) 1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.) 3 mfeavfk01; [x] 3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-26 12:13 - 2012-07-26 12:13 - 00000000 ____D C:\FRST 2012-07-26 10:38 - 2012-07-26 10:38 - 01438391 ____A (Farbar) C:\Users\Claus\Desktop\FRST64.exe 2012-07-26 08:09 - 2012-07-26 08:09 - 00000000 ____D C:\Users\Claus\Application Data\Malwarebytes 2012-07-26 08:09 - 2012-07-26 08:09 - 00000000 ____D C:\Users\Claus\AppData\Roaming\Malwarebytes 2012-07-26 08:08 - 2012-07-26 08:08 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-26 08:08 - 2012-07-26 08:08 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-26 08:08 - 2012-07-26 08:08 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-07-26 08:08 - 2012-07-26 08:08 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes 2012-07-26 08:08 - 2012-07-26 08:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes’ Anti-Malware 2012-07-26 08:08 - 2012-07-03 13:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-26 06:09 - 2009-07-14 03:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\zz-services.tmp 2012-07-25 20:18 - 2012-07-25 20:18 - 00000000 ____D C:\Users\Claus\AppData\Local\{96A461ED-BCB7-4BBE-86FF-D65A29028B6C} 2012-07-25 20:17 - 2012-07-25 20:18 - 00000000 ____D C:\Users\Claus\AppData\Local\{9D3523C2-079D-431F-AE45-C07FC96D0B4A} 2012-07-24 19:02 - 2012-07-24 19:02 - 00000000 ____D C:\Users\Claus\AppData\Local\{DE27C96C-9638-4E63-BD13-26EEE2DE0994} 2012-07-24 19:02 - 2012-07-24 19:02 - 00000000 ____D C:\Users\Claus\AppData\Local\{2C727800-F35E-492F-AA51-15E99D2B29A3} 2012-07-24 06:00 - 2012-07-24 06:01 - 00000000 ____D C:\Users\Claus\AppData\Local\{50D9963F-F494-41C3-A6A3-F1BCAF91220E} 2012-07-24 06:00 - 2012-07-24 06:00 - 00000000 ____D C:\Users\Claus\AppData\Local\{241CEB50-0F8B-4AD8-817A-33FD12B187FE} 2012-07-23 15:23 - 2012-07-23 15:23 - 00000000 ____D C:\Users\Claus\AppData\Local\{92DEB7D3-F0DB-4FD2-80BE-51AC92E1E5ED} 2012-07-23 15:23 - 2012-07-23 15:23 - 00000000 ____D C:\Users\Claus\AppData\Local\{8D9E914E-E4D2-40D8-87E3-6D89815C4912} 2012-07-23 09:46 - 2012-07-23 09:46 - 00000000 ____D C:\Users\Claus\AppData\Local\{F5DB46C4-25FD-4D08-B491-0033090C97C1} 2012-07-22 20:16 - 2012-07-22 20:16 - 00000000 ____D C:\Users\Claus\AppData\Local\{09613BB5-6135-4CCA-9BC9-94F90EC90422} 2012-07-22 20:15 - 2012-07-22 20:16 - 00000000 ____D C:\Users\Claus\AppData\Local\{8C036DD1-FFEF-4F00-A046-EE5286A7B396} 2012-07-22 02:42 - 2012-07-22 02:42 - 00000000 ____D C:\Users\Claus\AppData\Local\{203A693C-B6FE-4366-A9AC-A1917E16856F} 2012-07-22 02:41 - 2012-07-22 02:42 - 00000000 ____D C:\Users\Claus\AppData\Local\{C20F7450-0D22-4371-8BA9-8CA6EBE14BCD} 2012-07-21 07:44 - 2012-07-21 07:44 - 00000000 ____D C:\Users\Claus\AppData\Local\{544A21EF-4562-4FFA-97EA-90EC60190094} 2012-07-21 07:44 - 2012-07-21 07:44 - 00000000 ____D C:\Users\Claus\AppData\Local\{05B6834B-AD17-49E1-9D5E-759A59648DED} 2012-07-20 20:04 - 2012-07-20 20:04 - 00000000 ____D C:\Users\Claus\AppData\Local\{9645B883-D3CA-4F93-B71F-44AE43A5909A} 2012-07-20 08:09 - 2012-07-20 08:09 - 00000000 ____D C:\Users\Claus\AppData\Local\{8EEF74C3-FDB8-4C92-B406-AB8DBC8A05F1} 2012-07-20 08:08 - 2012-07-20 08:09 - 00000000 ____D C:\Users\Claus\AppData\Local\{9EEAE9EE-FA65-4997-B6A3-BFD51CAA9B0E} 2012-07-19 09:50 - 2012-07-19 09:50 - 00000000 ____D C:\Users\Claus\AppData\Local\{FBF6526C-DE18-4D63-AB79-4F701EA9F6E9} 2012-07-19 09:49 - 2012-07-19 09:50 - 00000000 ____D C:\Users\Claus\AppData\Local\{69B84729-6476-4E21-906C-68A2B8BE8B44} 2012-07-18 23:03 - 2012-07-18 23:06 - 00000000 ____D C:\Users\Claus\Documents\20120718 2012-07-18 21:07 - 2012-07-18 21:07 - 00000000 ____D C:\Users\Claus\AppData\Local\{7647A441-1B5B-407A-9F11-95173EB5647E} 2012-07-18 21:06 - 2012-07-18 21:06 - 00000000 ____D C:\Users\Claus\AppData\Local\{577269AD-9D38-4E7D-AB6B-14308FFBCFC6} 2012-07-18 17:30 - 2012-07-18 17:30 - 00000000 ____D C:\Users\Claus\AppData\Local\{ADB6A11F-075B-4255-BE94-23EB964D1C9A} 2012-07-17 11:26 - 2012-07-17 11:26 - 00000000 ____D C:\Users\Claus\AppData\Local\{FB472CE6-0A8E-4A4C-82D0-F0D0DD36518E} 2012-07-17 11:26 - 2012-07-17 11:26 - 00000000 ____D C:\Users\Claus\AppData\Local\{010C318C-0495-4F7E-8117-CD352715715D} 2012-07-16 22:17 - 2012-07-16 22:17 - 00000000 ____D C:\Users\Claus\AppData\Local\{A3894B16-C615-4D92-9951-B34F61F7078C} 2012-07-16 22:17 - 2012-07-16 22:17 - 00000000 ____D C:\Users\Claus\AppData\Local\{80BCB421-F5AF-4849-8C89-1ED99B739628} 2012-07-16 19:14 - 2012-07-16 19:14 - 00000000 ____D C:\Users\Claus\AppData\Local\{DC4BCFE6-723B-4D32-94DA-DC210CBB3D10} 2012-07-16 19:14 - 2012-07-16 19:14 - 00000000 ____D C:\Users\Claus\AppData\Local\{8969EC1B-6FF8-4019-B5C7-8A6BD74011DE} 2012-07-15 23:05 - 2012-07-15 23:05 - 00000000 ____D C:\Users\Claus\AppData\Local\{985A5B11-26D8-462B-9A7C-7EB3770965CA} 2012-07-15 23:05 - 2012-07-15 23:05 - 00000000 ____D C:\Users\Claus\AppData\Local\{833CC238-1F7F-4D14-A782-9D5C4A6B0D73} 2012-07-15 23:04 - 2012-07-15 23:05 - 00000000 ____D C:\Users\Claus\AppData\Local\{99ABAC66-2CB8-4F1F-8D4A-EB12B51C26DA} 2012-07-15 20:20 - 2012-07-15 20:20 - 00000000 ____D C:\Users\Claus\AppData\Local\{2E8277BB-DB92-4C34-A464-1AC69342A4A3} 2012-07-15 19:55 - 2012-07-15 19:55 - 00000000 ____D C:\Users\Claus\AppData\Local\{E9F2E924-2FEF-4A33-93DF-88DDD5D0B260} 2012-07-15 19:55 - 2012-07-15 19:55 - 00000000 ____D C:\Users\Claus\AppData\Local\{CC0CD3E9-7428-4AF6-AEDC-4C7DE2958D90} 2012-07-14 23:28 - 2012-07-14 23:28 - 00000000 ____D C:\Users\Claus\AppData\Local\{5495B8D7-FD7E-4D82-A2AE-BBDAF1A54AE3} 2012-07-14 23:27 - 2012-07-14 23:27 - 00000000 ____D C:\Users\Claus\AppData\Local\{AD5FDAF0-2922-4879-A306-26AD1344C4C9} 2012-07-14 23:27 - 2012-07-14 23:27 - 00000000 ____D C:\Users\Claus\AppData\Local\{3AB7538D-B640-4CD2-9E1C-0349C870DD41} 2012-07-14 20:16 - 2012-07-14 20:16 - 00000000 ____D C:\Users\Claus\AppData\Local\{3988F0E7-A12A-4A02-809A-5D404E68B9F1} 2012-07-14 07:55 - 2012-07-14 07:56 - 00000000 ____D C:\Users\Claus\AppData\Local\{7D1CCC69-98C9-459A-AF84-88F90E78E5FF} 2012-07-14 07:55 - 2012-07-14 07:55 - 00000000 ____D C:\Users\Claus\AppData\Local\{DB52FAEE-8C70-4448-8C59-C344C6827697} 2012-07-13 11:05 - 2012-07-13 11:06 - 00000000 ____D C:\Users\Claus\AppData\Local\{E7A7B5AF-1FA8-4DF4-923A-DEF669279178} 2012-07-13 11:05 - 2012-07-13 11:05 - 00000000 ____D C:\Users\Claus\AppData\Local\{3A720DD1-9F76-48E8-9D90-ECAA119E33A6} 2012-07-12 21:56 - 2012-07-12 21:56 - 00000000 ____D C:\Users\Claus\AppData\Local\{FAC1ABC2-BE6E-4989-9BF7-BF2B1FB6DF7F} 2012-07-12 21:55 - 2012-07-12 21:56 - 00000000 ____D C:\Users\Claus\AppData\Local\{CB6E43C6-A01B-44CA-9F0C-E6E7CAE1E270} 2012-07-12 13:58 - 2012-07-12 13:58 - 00000000 ____D C:\Users\Claus\AppData\Local\{EA45C23E-8331-4742-B36B-D4F3AFD2BB3A} 2012-07-12 12:10 - 2012-07-12 12:10 - 00000000 ____D C:\Users\Claus\AppData\Local\{C6D6DB07-061C-45B8-9DB1-C0441101492D} 2012-07-12 09:21 - 2012-07-12 09:21 - 00000000 ____D C:\Users\Claus\AppData\Local\{37F0621A-0026-48BB-9AE9-4979738A472C} 2012-07-12 00:29 - 2012-06-12 05:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-12 00:26 - 2012-06-02 14:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-12 00:26 - 2012-06-02 14:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-12 00:26 - 2012-06-02 14:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-12 00:26 - 2012-06-02 14:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-12 00:26 - 2012-06-02 14:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-12 00:26 - 2012-06-02 14:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-12 00:26 - 2012-06-02 14:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-12 00:26 - 2012-06-02 14:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-12 00:26 - 2012-06-02 14:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-12 00:26 - 2012-06-02 14:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-12 00:26 - 2012-06-02 13:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-12 00:26 - 2012-06-02 13:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-12 00:26 - 2012-06-02 13:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-12 00:26 - 2012-06-02 13:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-12 00:26 - 2012-06-02 11:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-12 00:26 - 2012-06-02 10:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-12 00:26 - 2012-06-02 10:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-12 00:26 - 2012-06-02 10:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-12 00:26 - 2012-06-02 10:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-12 00:26 - 2012-06-02 10:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-12 00:26 - 2012-06-02 10:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-12 00:26 - 2012-06-02 10:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-12 00:26 - 2012-06-02 10:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-12 00:26 - 2012-06-02 10:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-12 00:26 - 2012-06-02 10:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-12 00:26 - 2012-06-02 10:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-12 00:26 - 2012-06-02 10:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-12 00:26 - 2012-06-02 10:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-12 00:11 - 2012-06-06 08:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-12 00:11 - 2012-06-06 08:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-12 00:11 - 2012-06-06 07:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-12 00:11 - 2012-06-06 07:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-12 00:11 - 2010-06-26 05:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-12 00:11 - 2010-06-26 05:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-12 00:10 - 2012-06-09 07:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-12 00:10 - 2012-06-09 06:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-12 00:10 - 2012-06-06 08:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-12 00:10 - 2012-06-06 07:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-12 00:10 - 2012-06-02 07:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-12 00:10 - 2012-06-02 07:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-12 00:10 - 2012-06-02 07:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-12 00:10 - 2012-06-02 07:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-12 00:10 - 2012-06-02 07:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-12 00:10 - 2012-06-02 06:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-12 00:10 - 2012-06-02 06:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-12 00:10 - 2012-06-02 06:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-12 00:10 - 2012-06-02 06:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-11 20:15 - 2012-07-11 20:15 - 00000000 ____D C:\Users\Claus\AppData\Local\{8A98EEBB-CB5C-492B-8E78-BAEF85B51914} 2012-07-11 20:14 - 2012-07-11 20:15 - 00000000 ____D C:\Users\Claus\AppData\Local\{7393724D-08F0-473B-9CC0-01943430312C} 2012-07-11 13:12 - 2012-07-11 13:12 - 00000000 ____D C:\Program Files\Mount&Blade; Warband 2012-07-10 00:50 - 2012-07-10 00:51 - 00000000 ____D C:\Users\Claus\AppData\Local\{01BAD8FE-CAF5-4BF4-9BEC-3B3EAAF29626} 2012-07-10 00:50 - 2012-07-10 00:50 - 00000000 ____D C:\Users\Claus\AppData\Local\{38D69F9D-D4EE-462F-B28D-4EA0A86FC566} 2012-07-09 11:51 - 2012-07-09 11:51 - 00000000 ____D C:\Users\Claus\AppData\Local\{E2CA7F74-EC3F-4534-A022-4076B15A9F5C} 2012-07-09 11:51 - 2012-07-09 11:51 - 00000000 ____D C:\Users\Claus\AppData\Local\{6518DC2E-E18C-4B03-A94F-117C3F7FFEE4} 2012-07-08 22:51 - 2012-07-08 22:51 - 00000000 ____D C:\Users\Claus\AppData\Local\{093F310E-483F-4C24-AC19-C315BE54EA19} 2012-07-08 22:50 - 2012-07-08 22:51 - 00000000 ____D C:\Users\Claus\AppData\Local\{3CFA093C-8D70-42A5-8FC3-7D8E3BC0E25A} 2012-07-08 19:44 - 2012-07-08 19:44 - 00000000 ____D C:\Users\Claus\AppData\Local\{C9246EE0-BE8E-4FA8-A792-16C0B3FA83C4} 2012-07-08 09:03 - 2012-07-08 09:03 - 00000000 ____D C:\Users\Claus\AppData\Local\{7EB5136E-8CB5-49B9-82C3-90015CC17D84} 2012-07-08 09:02 - 2012-07-08 09:03 - 00000000 ____D C:\Users\Claus\AppData\Local\{41951187-571C-40E8-9CAE-A09FF5DC585C} 2012-07-08 08:55 - 2012-07-08 08:55 - 00000000 ____D C:\Users\Claus\AppData\Local\{0D6FE203-5253-4000-8A50-9F60E74FEE8A} 2012-07-07 20:41 - 2012-07-07 20:41 - 00000000 ____D C:\Users\Claus\AppData\Local\{E023A02F-1488-4400-8A4C-EB1D197CC9A6} 2012-07-07 20:41 - 2012-07-07 20:41 - 00000000 ____D C:\Users\Claus\AppData\Local\{BA3BEBD7-CB3F-441A-942E-53995FCBAC97} 2012-07-06 20:29 - 2012-07-06 20:29 - 00000000 ____D C:\Users\Claus\AppData\Local\{3B26CA32-CE7F-4BCD-8E8C-A106C0C42D52} 2012-07-06 20:29 - 2012-07-06 20:29 - 00000000 ____D C:\Users\Claus\AppData\Local\{0F265FAA-B99B-4844-99C7-8B58197A8113} 2012-07-06 14:08 - 2012-07-06 14:08 - 00000000 ____D C:\Users\Claus\Documents\20120706 2012-07-06 14:07 - 2012-07-23 07:38 - 00000000 ____D C:\PFS8.1 PE_TMP 2012-07-06 11:28 - 2012-07-06 11:28 - 00000000 ____D C:\Users\All Users\Panasonic 2012-07-06 11:28 - 2012-07-06 11:28 - 00000000 ____D C:\Users\All Users\Application Data\Panasonic 2012-07-06 11:17 - 2012-07-06 11:17 - 00001162 ____A C:\Users\Claus\Desktop\TZ30_TZ31 Betjeningsvejledninger.lnk 2012-07-06 11:16 - 2011-08-04 11:45 - 00000188 ____A C:\Users\Public\Desktop\Download video editor LoiLoScope.url 2012-07-06 11:16 - 2011-08-04 11:45 - 00000188 ____A C:\Users\All Users\Desktop\Download video editor LoiLoScope.url 2012-07-06 11:15 - 2012-07-06 11:15 - 00001914 ____A C:\Users\Public\Desktop\LUMIX Map Tool.lnk 2012-07-06 11:15 - 2012-07-06 11:15 - 00001914 ____A C:\Users\All Users\Desktop\LUMIX Map Tool.lnk 2012-07-06 11:15 - 2012-07-06 11:15 - 00000000 ____D C:\Users\Claus\AppData\Local\Panasonic 2012-07-06 11:14 - 2012-07-06 11:14 - 00000000 ____D C:\Users\Claus\Application Data\InstallShield 2012-07-06 11:14 - 2012-07-06 11:14 - 00000000 ____D C:\Users\Claus\AppData\Roaming\InstallShield 2012-07-06 11:14 - 2007-06-22 00:10 - 00501912 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll 2012-07-06 11:14 - 2007-06-22 00:10 - 00000097 ____A C:\Windows\SysWOW64\PICSDK.ini 2012-07-06 11:14 - 2006-10-31 00:10 - 00120992 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll 2012-07-06 11:14 - 2006-10-31 00:10 - 00071840 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll 2012-07-06 11:14 - 2006-10-20 00:10 - 00108704 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll 2012-07-06 11:14 - 2006-10-20 00:10 - 00080024 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll 2012-07-06 11:14 - 2005-06-01 00:20 - 00111932 ____A C:\Windows\SysWOW64\EPPICPrinterDB.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00031053 ____A C:\Windows\SysWOW64\EPPICPattern131.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00027417 ____A C:\Windows\SysWOW64\EPPICPattern121.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00026154 ____A C:\Windows\SysWOW64\EPPICPattern1.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00024903 ____A C:\Windows\SysWOW64\EPPICPattern3.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00021390 ____A C:\Windows\SysWOW64\EPPICPattern5.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00020148 ____A C:\Windows\SysWOW64\EPPICPattern2.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00013732 ____A C:\Windows\SysWOW64\EPPICLocal_EN.cfg 2012-07-06 11:14 - 2004-03-03 06:10 - 00011811 ____A C:\Windows\SysWOW64\EPPICPattern4.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00006442 ____A C:\Windows\SysWOW64\EPPICLocal_IT.cfg 2012-07-06 11:14 - 2004-03-03 06:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_PT.cfg 2012-07-06 11:14 - 2004-03-03 06:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_BP.cfg 2012-07-06 11:14 - 2004-03-03 06:10 - 00006335 ____A C:\Windows\SysWOW64\EPPICLocal_GE.cfg 2012-07-06 11:14 - 2004-03-03 06:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_FR.cfg 2012-07-06 11:14 - 2004-03-03 06:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_CF.cfg 2012-07-06 11:14 - 2004-03-03 06:10 - 00006122 ____A C:\Windows\SysWOW64\EPPICLocal_DU.cfg 2012-07-06 11:14 - 2004-03-03 06:10 - 00006103 ____A C:\Windows\SysWOW64\EPPICLocal_ES.cfg 2012-07-06 11:14 - 2004-03-03 06:10 - 00005817 ____A C:\Windows\SysWOW64\EPPICLocal_KO.cfg 2012-07-06 11:14 - 2004-03-03 06:10 - 00005436 ____A C:\Windows\SysWOW64\EPPICLocal_SC.cfg 2012-07-06 11:14 - 2004-03-03 06:10 - 00004943 ____A C:\Windows\SysWOW64\EPPICPattern6.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00002889 ____A C:\Windows\SysWOW64\EPPICLocal_RU.cfg 2012-07-06 11:14 - 2004-03-03 06:10 - 00002426 ____A C:\Windows\SysWOW64\EPPICLocal_TC.cfg 2012-07-06 11:14 - 2004-03-03 06:10 - 00001146 ____A C:\Windows\SysWOW64\EPPICPresetData_DU.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_PT.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_BP.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00001136 ____A C:\Windows\SysWOW64\EPPICPresetData_ES.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_FR.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_CF.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00001120 ____A C:\Windows\SysWOW64\EPPICPresetData_IT.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00001107 ____A C:\Windows\SysWOW64\EPPICPresetData_GE.dat 2012-07-06 11:14 - 2004-03-03 06:10 - 00001104 ____A C:\Windows\SysWOW64\EPPICPresetData_EN.dat 2012-07-06 11:06 - 2012-07-06 11:06 - 00002208 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.1 PE.lnk 2012-07-06 11:06 - 2012-07-06 11:06 - 00002208 ____A C:\Users\All Users\Desktop\PHOTOfunSTUDIO 8.1 PE.lnk 2012-07-06 11:04 - 2012-07-06 11:17 - 00000000 ____D C:\Program Files (x86)\Panasonic 2012-07-06 11:04 - 2012-07-06 11:04 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services 2012-07-06 11:04 - 2012-07-06 11:04 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition 2012-07-06 11:03 - 2012-07-06 11:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2012-07-06 08:03 - 2012-07-06 08:03 - 00000000 ____D C:\Users\Claus\AppData\Local\{A3D5DC09-9E77-4CC4-B135-65F6AC631FAD} 2012-07-06 08:03 - 2012-07-06 08:03 - 00000000 ____D C:\Users\Claus\AppData\Local\{5B4BDF6C-EB54-4EA1-A070-BA3BBC064FD8} 2012-07-05 12:50 - 2012-07-05 12:51 - 00000000 ____D C:\Users\Claus\AppData\Local\{50108E39-4E99-45B7-A5F6-6B9BA17521C2} 2012-07-05 12:50 - 2012-07-05 12:50 - 00000000 ____D C:\Users\Claus\AppData\Local\{EA8EFAFF-2970-4C03-81BE-82DC88C0851B} 2012-07-04 22:02 - 2012-07-04 22:02 - 00000000 ____D C:\Users\Claus\AppData\Local\{8EA6E181-EA39-421A-B0E6-336465ED8DC7} 2012-07-04 22:02 - 2012-07-04 22:02 - 00000000 ____D C:\Users\Claus\AppData\Local\{337F8827-270D-4DFC-8A76-78ACDF67FE6B} 2012-07-04 19:48 - 2012-07-04 19:48 - 00000000 ____D C:\Users\Claus\AppData\Local\{24270B77-DC74-4630-8A41-F21F9C1BD6B4} 2012-07-03 19:46 - 2012-07-03 19:46 - 00000000 ____D C:\Users\Claus\AppData\Local\{43509E9B-7731-412F-B570-60B0FC904F1E} 2012-07-03 19:46 - 2012-07-03 19:46 - 00000000 ____D C:\Users\Claus\AppData\Local\{1E58C724-2C55-48A5-872F-F27F9705D182} 2012-07-03 07:43 - 2012-07-03 07:43 - 00000000 ____D C:\Users\Claus\AppData\Local\{9635B5D9-DD50-4698-A81F-891E18C80A16} 2012-07-03 07:43 - 2012-07-03 07:43 - 00000000 ____D C:\Users\Claus\AppData\Local\{0E5F82CF-2983-4CBB-8126-DF4828633755} 2012-07-02 18:45 - 2012-07-02 18:45 - 00000000 ____D C:\Users\Claus\AppData\Local\{66DF8AC5-5192-4CA8-B582-D5F5F85A54AC} 2012-07-02 18:44 - 2012-07-02 18:45 - 00000000 ____D C:\Users\Claus\AppData\Local\{359D1BAA-4C8A-4F4B-9D79-1CF4CA94B113} 2012-07-01 20:22 - 2012-07-01 20:22 - 00000000 ____D C:\Users\Claus\AppData\Local\{B94A18F9-D3A0-441A-BA03-7D1B4926FDE0} 2012-07-01 20:22 - 2012-07-01 20:22 - 00000000 ____D C:\Users\Claus\AppData\Local\{40EA1881-71A8-48D1-AC9D-2405F57DD21E} 2012-06-30 13:57 - 2012-06-30 13:57 - 00000000 ____D C:\Users\Claus\AppData\Local\{EB1C653F-A4A1-4D5C-AA1B-50EA642230E3} 2012-06-30 08:00 - 2012-06-30 08:00 - 00000000 ____D C:\Users\Claus\AppData\Local\{CCB05F31-9FC6-4E49-A6A4-6BEA3975ABFB} 2012-06-29 19:53 - 2012-06-29 19:54 - 00000000 ____D C:\Users\Claus\AppData\Local\{7E567270-7BE3-443B-AAEB-2501137D55CA} 2012-06-29 19:53 - 2012-06-29 19:53 - 00000000 ____D C:\Users\Claus\AppData\Local\{F64550EC-265F-4906-A66D-90EDB3014F0D} 2012-06-29 10:53 - 2012-06-29 10:53 - 00000000 ____D C:\Users\Claus\AppData\Local\{95A00BB0-E124-4A80-9745-6759DB241A7E} 2012-06-28 22:46 - 2012-06-28 22:46 - 00000000 ____D C:\Users\Claus\AppData\Local\{344F7794-8436-4BCF-8E68-38B9C1E600B4} 2012-06-28 22:45 - 2012-06-28 22:46 - 00000000 ____D C:\Users\Claus\AppData\Local\{4CA55775-A30A-4626-9BED-30422FE27006} 2012-06-28 06:51 - 2012-06-28 06:51 - 00000000 ____D C:\Users\Claus\AppData\Local\{987D83C5-F085-40EC-975F-287EB00781BF} 2012-06-28 06:51 - 2012-06-28 06:51 - 00000000 ____D C:\Users\Claus\AppData\Local\{6337C069-CF7E-483F-961B-81260F8B0A31} 2012-06-27 20:17 - 2012-06-27 20:17 - 00000000 ____D C:\Users\Claus\AppData\Local\{948F683D-02EF-410C-B63D-ADF26C91ECC0} 2012-06-26 08:30 - 2012-06-26 08:31 - 00000000 ____D C:\Users\Claus\AppData\Local\{F2AC458A-D411-4BF8-AFEC-E8840866D46B} 2012-06-26 08:30 - 2012-06-26 08:30 - 00000000 ____D C:\Users\Claus\AppData\Local\{C2F1A738-0FD9-4B52-866B-2C55CCCA94BA} ============ 3 Months Modified Files ======================== 2012-07-26 11:06 - 2011-08-08 15:03 - 00000926 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-26 11:06 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-26 11:06 - 2009-07-14 06:51 - 00103805 ____A C:\Windows\setupact.log 2012-07-26 10:46 - 2011-03-05 22:32 - 00034204 ____A C:\Windows\PFRO.log 2012-07-26 10:41 - 2009-07-14 09:34 - 00507452 ____A C:\Windows\System32\perfh006.dat 2012-07-26 10:41 - 2009-07-14 09:34 - 00097456 ____A C:\Windows\System32\perfc006.dat 2012-07-26 10:41 - 2009-07-14 07:13 - 01373978 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-26 10:40 - 2011-08-08 15:03 - 00000930 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-26 10:38 - 2012-07-26 10:38 - 01438391 ____A (Farbar) C:\Users\Claus\Desktop\FRST64.exe 2012-07-26 10:26 - 2012-04-01 10:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-26 10:06 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-26 10:06 - 2009-07-14 06:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-26 08:08 - 2012-07-26 08:08 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-26 08:08 - 2012-07-26 08:08 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-26 07:30 - 2009-07-14 07:08 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-25 22:04 - 2009-07-14 07:10 - 01314664 ____A C:\Windows\WindowsUpdate.log 2012-07-25 21:23 - 2012-04-18 09:05 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job 2012-07-22 02:45 - 2011-03-29 10:22 - 00695741 ____A C:\Users\Claus\danid.log 2012-07-19 11:58 - 2011-03-10 23:26 - 00011776 ____A C:\Users\Claus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-07-12 09:13 - 2009-07-14 06:45 - 00354416 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-12 00:27 - 2011-03-14 13:08 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-11 20:26 - 2012-04-01 10:38 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-11 20:26 - 2011-05-20 20:19 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-06 11:17 - 2012-07-06 11:17 - 00001162 ____A C:\Users\Claus\Desktop\TZ30_TZ31 Betjeningsvejledninger.lnk 2012-07-06 11:15 - 2012-07-06 11:15 - 00001914 ____A C:\Users\Public\Desktop\LUMIX Map Tool.lnk 2012-07-06 11:15 - 2012-07-06 11:15 - 00001914 ____A C:\Users\All Users\Desktop\LUMIX Map Tool.lnk 2012-07-06 11:15 - 2011-03-10 15:00 - 00083560 ____A C:\Users\Claus\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-06 11:06 - 2012-07-06 11:06 - 00002208 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.1 PE.lnk 2012-07-06 11:06 - 2012-07-06 11:06 - 00002208 ____A C:\Users\All Users\Desktop\PHOTOfunSTUDIO 8.1 PE.lnk 2012-07-05 17:43 - 2012-04-18 09:05 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2012-07-03 13:46 - 2012-07-26 08:08 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-16 07:37 - 2012-06-16 07:37 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-16 07:37 - 2012-06-16 07:37 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-06-12 05:08 - 2012-07-12 00:29 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-09 07:43 - 2012-07-12 00:10 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-09 06:41 - 2012-07-12 00:10 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-06 08:06 - 2012-07-12 00:11 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-06 08:06 - 2012-07-12 00:11 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-06 08:02 - 2012-07-12 00:10 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-06 07:05 - 2012-07-12 00:11 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-06 07:05 - 2012-07-12 00:11 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-06 07:03 - 2012-07-12 00:10 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-03 00:19 - 2012-06-21 09:03 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-03 00:19 - 2012-06-21 09:03 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-03 00:19 - 2012-06-21 09:03 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-03 00:19 - 2012-06-21 09:03 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-03 00:19 - 2012-06-21 09:03 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-03 00:15 - 2012-06-21 09:03 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-03 00:15 - 2012-06-21 09:03 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 15:19 - 2012-06-21 09:02 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 15:15 - 2012-06-21 09:02 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 14:49 - 2012-07-12 00:26 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 14:17 - 2012-07-12 00:26 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 14:12 - 2012-07-12 00:26 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 14:05 - 2012-07-12 00:26 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 14:05 - 2012-07-12 00:26 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 14:04 - 2012-07-12 00:26 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 14:04 - 2012-07-12 00:26 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 14:03 - 2012-07-12 00:26 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 14:01 - 2012-07-12 00:26 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 14:00 - 2012-07-12 00:26 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 13:59 - 2012-07-12 00:26 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 13:57 - 2012-07-12 00:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 13:57 - 2012-07-12 00:26 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 13:54 - 2012-07-12 00:26 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 11:07 - 2012-07-12 00:26 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 10:43 - 2012-07-12 00:26 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 10:33 - 2012-07-12 00:26 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 10:26 - 2012-07-12 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 10:25 - 2012-07-12 00:26 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 10:25 - 2012-07-12 00:26 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 10:23 - 2012-07-12 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 10:21 - 2012-07-12 00:26 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 10:20 - 2012-07-12 00:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 10:19 - 2012-07-12 00:26 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 10:19 - 2012-07-12 00:26 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 10:17 - 2012-07-12 00:26 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 10:16 - 2012-07-12 00:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 10:14 - 2012-07-12 00:26 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-02 07:50 - 2012-07-12 00:10 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-02 07:48 - 2012-07-12 00:10 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-02 07:48 - 2012-07-12 00:10 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-02 07:45 - 2012-07-12 00:10 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-02 07:44 - 2012-07-12 00:10 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-02 06:40 - 2012-07-12 00:10 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-02 06:40 - 2012-07-12 00:10 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-02 06:39 - 2012-07-12 00:10 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-02 06:34 - 2012-07-12 00:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-31 12:25 - 2011-12-25 11:42 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2012-05-21 21:18 - 2011-03-29 10:22 - 01118489 ____A C:\Users\Claus\danid.log.1 2012-05-19 21:17 - 2012-05-19 21:17 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-05-19 21:17 - 2012-05-19 21:17 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk 2012-05-04 13:06 - 2012-06-13 07:51 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 12:03 - 2012-06-13 07:51 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 12:03 - 2012-06-13 07:51 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-02 22:32 - 2012-05-02 22:19 - 00002834 ____A C:\Users\Claus\Desktop\The Elder Scrolls V Skyrim skyui.lnk 2012-05-01 07:40 - 2012-06-13 07:51 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-28 05:55 - 2012-06-13 07:51 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys ZeroAccess: C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316} C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\@ C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\L C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\L\00000004.@ C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\80000000.@ C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\80000064.@ ZeroAccess: C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316} C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\@ C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\L C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\n C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\L\00000004.@ C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\00000004.@ C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\00000008.@ C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\000000cb.@ C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\80000000.@ C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\80000032.@ C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\80000064.@ ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: “%1” %* => OK ========================= Memory info ====================== Percentage of memory in use: 9% Total physical RAM: 8191.3 MB Available physical RAM: 7397.67 MB Total Pagefile: 8189.45 MB Available Pagefile: 7393.32 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:1384.88 GB) (Free:815.75 GB) NTFS 7 Drive i: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.26 GB) NTFS ==>[System with boot components (obtained from reading drive)] 8 Drive j: (STORE N GO) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32 9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Str. Ledig Dyn GPT ——————————- ———- ———- —- —- Disk 0 Online 1397 GB 0 B Disk 1 Online 3822 MB 0 B Disk 2 Intet medie 0 B 0 B Disk 3 Intet medie 0 B 0 B Disk 4 Intet medie 0 B 0 B Disk 5 Intet medie 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Str. Forskydning ——————- ———————————- —————- Partition 1 OEM 133 MB 31 KB Partition 2 Prim‘r 12 GB 134 MB Partition 3 Prim‘r 1384 GB 12 GB ================================================================================== Disk: 0 Partition 1 Type : DE Skjult: Ja Aktiv : Nej Forskydning i byte: 32256 Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 8 FAT Partition 133 MB I orden Skjult ================================================================================== Disk: 0 Partition 2 Type : 07 Skjult: Nej Aktiv : Ja Forskydning i byte: 140509184 Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 1 I RECOVERY NTFS Partition 12 GB I orden ================================================================================== Disk: 0 Partition 3 Type : 07 Skjult: Nej Aktiv : Nej Forskydning i byte: 13291749376 Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 2 C OS NTFS Partition 1384 GB I orden ================================================================================== Partitions of Disk 1: =============== Partition ### Type Str. Forskydning ——————- ———————————- —————- Partition 1 Prim‘r 3821 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Skjult: Nej Aktiv : Nej Forskydning i byte: 16384 Diskenhed Bogs. Navn Fs Type Str. Status Oplysn. ————- —————————- ————————- ————- ———— * Diskenhed 3 J STORE N GO FAT32 Flytbar 3821 MB I orden ================================================================================== ========================================================== Last Boot: 2012-07-18 11:15 ======================= End Of Log ==========================
[ Ignorer ] [ # 3 ] f-arn TeamSpywarefri
26.07.2012 11:59:32 Administrator Team Spywarefri Antal indlæg: 7045	Start PCen som da du lavede FRST.txt. Start FRST64. Skriv nedenstående i boksen efter “Search:”. services.exe Klik på Search File(s) knappen, og kopier loggen (Search.txt) herind. Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 4 ] clr
26.07.2012 12:23:22 Antal indlæg: 16	Her er resultatet: Farbar Recovery Scan Tool Version: 25-07-2012 01 Ran by SYSTEM at 2012-07-26 14:09:10 Running from J:\ ================== Search: “services.exe” =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-14 01:19] - [2009-07-14 03:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
[ Ignorer ] [ # 5 ] f-arn TeamSpywarefri
26.07.2012 13:00:58 Administrator Team Spywarefri Antal indlæg: 7045	Jeg vedhæfter Fixlist.txt. Gem den på din USB nøgle. Start PCen op med Kommando prompt. (Som før) Ved Kommando prompten starter du FRST (Farbar Recovery Scan Tool) og klikker på FIX (og venter til den er færdig) Den laver Fixlog.txt, som du skal kopiere herind i dit næste indlæg. Luk Farbar Recovery Scan Tool, og genstart PCen. Vedhæftede filer Fixlist.txt (Filstørrelse: 2 - Downloads: 27) Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 6 ] clr
26.07.2012 13:23:54 Antal indlæg: 16	Computeren ser ikke ud til at genstarte , men McAfee kan stadig ikke aktiveres Resultatet af fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01 Ran by SYSTEM at 2012-07-26 16:15:49 Run:1 Running from J:\ ============================================== C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\80000064.@ moved successfully. C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\80000000.@ moved successfully. C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\L\00000004.@ moved successfully. C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U moved successfully. C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\L moved successfully. C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\@ moved successfully. C:\Windows\Installer\{0752fc2f-fe43-5981-abfe-aec4f3dd3316} moved successfully. C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\80000064.@ moved successfully. C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\80000032.@ moved successfully. C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\80000000.@ moved successfully. C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\000000cb.@ moved successfully. C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\00000008.@ moved successfully. C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U\00000004.@ moved successfully. C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\L\00000004.@ moved successfully. C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\U moved successfully. C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\n moved successfully. C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\L moved successfully. C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316}\@ moved successfully. C:\Users\Claus\AppData\Local\{0752fc2f-fe43-5981-abfe-aec4f3dd3316} moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. ========= sc config HPSLPSVC start= disabled ========= ‘sc’ blev ikke genkendt som en intern eller ekstern kommando, et program eller en batchfil. ========= End of CMD: ========= C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====
[ Ignorer ] [ # 7 ] f-arn TeamSpywarefri
26.07.2012 13:54:18 Administrator Team Spywarefri Antal indlæg: 7045	Hent og gem ComboFix på dit skrivebord. <- Vigtigt Kør så ComboFix og følg anvisningerne. Da ComboFix kan konflikte med dine sikkerhedsprogrammer, er det vigtigt at du deaktiverer dem. <- Vigtigt Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt Indholdet af denne fil må du gerne lægge herind. Den kan findes her: C:\ComboFix.txt Får du noget der ligner denne fejl. Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning Så genstart, en gang mere, det burde løse det. Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 8 ] clr
26.07.2012 14:55:07 Antal indlæg: 16	Det ser ud til at det lykkedes, men jeg vil lige have grønt lys, håber det ser godt ud. Her er Combofix loggen: ComboFix 12-07-27.01 - Claus 26-07-2012 14:16:24.1.6 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.45.1030.18.8191.6570 [GMT 2:00] Kører fra: c:\users\Claus\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware Enabled/Updated {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall Enabled {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware Enabled/Updated {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\5907\Downloads\16ab6978-b6b5-41fa-81a1-8bffc55a69b9.dll c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll c:\programdata\PCDr\5907\Downloads\a31dcb19-c462-4b91-b5af-0c0196d8d501.dll c:\programdata\PCDr\5907\Downloads\c2690c4c-81f4-4565-a861-643c7af1fa90.dll c:\programdata\PCDr\5907\Downloads\eb1a169a-7868-4b2c-ae46-52b55b4db151.dll c:\users\Claus\AppData\Local\Temp\7zS583B\HPSLPSVC64.DLL c:\users\Claus\AppData\Roaming\Microsoft\Windows\Recent\The Elder Scrolls V Skyrim.url Y:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . . ———-\Service_HPSLPSVC . . ((((((((((((((((((((((((((((( Filer skabt fra 2012-06-26 til 2012-07-26 ))))))))))))))))))))))))))))))))))) . . 2012-07-26 12:29 . 2012-07-26 12:29 ———— d——-w- c:\users\Default\AppData\Local\temp 2012-07-26 10:13 . 2012-07-26 10:13 ———— d——-w- C:\FRST 2012-07-26 06:09 . 2012-07-26 06:09 ———— d——-w- c:\users\Claus\AppData\Roaming\Malwarebytes 2012-07-26 06:08 . 2012-07-26 06:08 ———— d——-w- c:\programdata\Malwarebytes 2012-07-26 06:08 . 2012-07-03 11:46 24904 ——a-w- c:\windows\system32\drivers\mbam.sys 2012-07-26 06:08 . 2012-07-26 06:08 ———— d——-w- c:\program files (x86)\Malwarebytes’ Anti-Malware 2012-07-26 04:09 . 2009-07-14 01:39 328704 ——a-w- c:\windows\system32\zz-services.tmp 2012-07-11 22:29 . 2012-06-12 03:08 3148800 ——a-w- c:\windows\system32\win32k.sys 2012-07-11 22:11 . 2012-06-06 06:06 2004480 ——a-w- c:\windows\system32\msxml6.dll 2012-07-11 22:11 . 2012-06-06 06:06 1881600 ——a-w- c:\windows\system32\msxml3.dll 2012-07-11 22:11 . 2012-06-06 05:05 1390080 ——a-w- c:\windows\SysWow64\msxml6.dll 2012-07-11 22:11 . 2012-06-06 05:05 1236992 ——a-w- c:\windows\SysWow64\msxml3.dll 2012-07-11 22:11 . 2010-06-26 03:24 2048 ——a-w- c:\windows\SysWow64\msxml3r.dll 2012-07-11 22:11 . 2010-06-26 03:55 2048 ——a-w- c:\windows\system32\msxml3r.dll 2012-07-11 11:12 . 2012-07-11 11:12 ———— d——-w- c:\program files\Mount&Blade; Warband 2012-07-06 12:07 . 2012-07-23 05:38 ———— d——-w- C:\PFS8.1 PE_TMP 2012-07-06 09:28 . 2012-07-06 09:28 ———— d——-w- c:\programdata\Panasonic 2012-07-06 09:15 . 2012-07-06 09:15 ———— d——-w- c:\users\Claus\AppData\Local\Panasonic 2012-07-06 09:14 . 2007-06-21 22:10 501912 ——a-w- c:\windows\SysWow64\PICSDK2.dll 2012-07-06 09:14 . 2006-10-30 22:10 120992 ——a-w- c:\windows\SysWow64\EpPicPrt.dll 2012-07-06 09:14 . 2006-10-19 22:10 80024 ——a-w- c:\windows\SysWow64\PICSDK.dll 2012-07-06 09:14 . 2006-10-19 22:10 108704 ——a-w- c:\windows\SysWow64\PICEntry.dll 2012-07-06 09:14 . 2006-10-30 22:10 71840 ——a-w- c:\windows\SysWow64\EPPicMgr.dll 2012-07-06 09:14 . 2012-07-06 09:14 ———— d——-w- c:\users\Claus\AppData\Roaming\InstallShield 2012-07-06 09:04 . 2012-07-06 09:06 ———— d——-w- c:\program files (x86)\Common Files\Panasonic 2012-07-06 09:04 . 2012-07-06 09:17 ———— d——-w- c:\program files (x86)\Panasonic 2012-07-06 09:04 . 2012-07-06 09:04 ———— d——-w- c:\program files\Microsoft Synchronization Services 2012-07-06 09:04 . 2012-07-06 09:04 ———— d——-w- c:\program files\Microsoft SQL Server Compact Edition 2012-07-06 09:03 . 2012-07-06 09:03 ———— d——-w- c:\program files (x86)\Microsoft Synchronization Services . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 22:27 . 2011-03-14 11:08 59701280 ——a-w- c:\windows\system32\MRT.exe 2012-07-11 18:26 . 2012-04-01 08:38 426184 ——a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 18:26 . 2011-05-20 18:19 70344 ——a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-29 10:04 . 2012-07-25 05:59 9133488 ——a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{709A5AE3-AD92-472F-9BBF-24ACA739EE6D}\mpengine.dll 2012-06-02 22:19 . 2012-06-21 07:03 38424 ——a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 07:03 2428952 ——a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 07:03 57880 ——a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 07:03 44056 ——a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 07:03 701976 ——a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 07:03 2622464 ——a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 07:03 99840 ——a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 07:02 186752 ——a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-21 07:02 36864 ——a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:25 . 2012-07-11 22:26 1129472 ——a-w- c:\windows\SysWow64\wininet.dll 2012-05-31 10:25 . 2011-12-25 09:42 279656 ———w- c:\windows\system32\MpSigStub.exe 2012-05-04 11:06 . 2012-06-13 05:51 5559664 ——a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 05:51 3968368 ——a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 05:51 3913072 ——a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 05:51 209920 ——a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 05:51 210944 ——a-w- c:\windows\system32\drivers\rdpwd.sys . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Steam”=“c:\program files (x86)\Steam\Steam.exe” [2011-08-02 1242448] “Octoshape Streaming Services”=“c:\users\Claus\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe” [2011-03-24 107800] “Boxoft Tools”=“c:\programdata\Boxtools\Boxofttoolbox.exe” [2010-12-15 514048] “Spotify Web Helper”=“c:\users\Claus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe” [2012-06-11 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] “StartCCC”=“c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2010-01-13 98304] “ShwiconXP9106”=“c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe” [2010-03-10 237568] “THX Audio Control Panel”=“c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe” [2009-12-01 963584] “UpdReg”=“c:\windows\UpdReg.EXE” [2000-05-11 90112] “Dell DataSafe Online”=“c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe” [2010-08-25 1117528] “mcui_exe”=“c:\program files\McAfee.com\Agent\mcagent.exe” [2012-03-21 1675160] “RoxWatchTray”=“c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe” [2010-11-25 240112] “Desktop Disc Tool”=“c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe” [2010-11-17 514544] “Adobe Reader Speed Launcher”=“c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe” [2012-04-04 35736] “Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2012-01-03 843712] “WinampAgent”=“c:\program files (x86)\Winamp\winampa.exe” [2011-03-22 74752] “googletalk”=“c:\program files (x86)\Google\Google Talk\googletalk.exe” [2007-01-01 3739648] “APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe” [2012-05-30 59280] “SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2012-01-18 254696] “QuickTime Task”=“c:\program files (x86)\QuickTime\QTTask.exe” [2012-04-18 421888] “AirPort Base Station Agent”=“c:\program files (x86)\AirPort\APAgent.exe” [2009-11-11 771360] “iTunesHelper”=“c:\program files (x86)\iTunes\iTunesHelper.exe” [2012-06-07 421776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] “c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe”=“c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe” [2011-10-06 559616] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PHOTOfunSTUDIO 8.1 PE.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2012-7-6 229000] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”= 0 (0x0) “ConsentPromptBehaviorUser”= 3 (0x3) “EnableLUA”= 0 (0x0) “EnableUIADesktopToggle”= 0 (0x0) “PromptOnSecureDesktop”= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] “aux1”=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @=”“ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @=”“ . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Tjeneste (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-08 136176] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056] R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2010-04-23 264856] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-08 136176] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-11 1255736] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-14 202752] S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-15 122880] S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-09-08 383544] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192] S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-14 6327296] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-14 185344] S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [2009-04-22 47672] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . —- Andre Services/Drivers i Hukommelsen—- . NewlyCreated - WS2IFSL Deregistered - mfeavfk01 . Indhold af mappen ‘Planlagte Opgaver’ . 2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:26] . 2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-08 13:03] . 2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-08 13:03] . 2012-07-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . 2012-07-26 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . . ————- X64 Entries—————- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @=”{C5994560-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ——a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @=”{C5994561-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ——a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @=”{C5994562-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ——a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @=”{C5994563-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ——a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @=”{C5994564-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ——a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @=”{C5994565-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ——a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @=”{C5994566-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ——a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @=”{C5994567-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ——a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @=”{C5994568-53D9-4125-87C9-F193FC689CB2}” [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 06:55 99080 ——a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe” [2009-11-18 9608224] “RunDLLEntry_THXCfg”=“c:\windows\system32\THXCfg64.dll” [2009-10-15 17920] “RunDLLEntry_EptMon”=“c:\windows\system32\EptMon64.dll” [2009-10-15 21504] “DellStage”=“c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe” [2011-01-25 1802472] “combofix”=“c:\combofix\CF16359.3XE” [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “LoadAppInit_DLLs”=0x0 . ———- Yderligere scanning———- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://ni.dk/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = .local IE: Add to Google Photos Screensa&ver; - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.0.1 . - - - - TOMME GENVEJE FJERNET - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) AddRemove-InterCasinoV9EnglishUSD - c:\windows\system32\UnCasino5.exe AddRemove-{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1 - c:\program files\Mount&Blade; Warband\Modules\Brytenwalda\unins000.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] “ImagePath”=”\??\c:\program files\dell support center\pcdsrvc_x64.pkms” . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- . [HKEY_USERS\S-1-5-21-1503206898-520384191-2834299147-1001\Software\SecuROM\License information] “datasecu”=hex:49,04,4f,67,26,23,82,cb,bf,21,50,a9,40,a8,62,4c,bf,03,8b,58,a8, a4,d4,a1,ec,7d,2d,80,f1,6f,7d,ee,97,fc,36,14,88,46,59,b4,e9,ad,c7,4f,b5,48,\ “rkeysecu”=hex:1c,2e,46,0a,c5,ef,13,b1,eb,71,f3,1e,b8,05,82,d0 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @=“FlashBroker” “LocalizedString”=”@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] “Enabled”=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @=“Shockwave Flash Object” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx” “ThreadingModel”=“Apartment” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @=“0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @=“ShockwaveFlash.ShockwaveFlash.11” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @=”{D27CDB6B-AE6D-11cf-96B8-444553540000}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @=“ShockwaveFlash.ShockwaveFlash” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @=“Macromedia Flash Factory Object” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx” “ThreadingModel”=“Apartment” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @=“FlashFactory.FlashFactory.1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @=”{D27CDB6B-AE6D-11cf-96B8-444553540000}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @=“FlashFactory.FlashFactory” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @=“IFlashBroker4” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @=”{00020424-0000-0000-C000-000000000046}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}” “Version”=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] “SymbolicLinkValue”=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ————————————Andre kørende processer———————————— . c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\programdata\Boxtools\Toolbox.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\windows\SysWOW64\WinMsgBalloonServer.exe c:\windows\SysWOW64\WinMsgBalloonClient.exe . ************************************************************************** . Gennemført tid: 2012-07-26 14:49:07 - maskinen blev genstartet ComboFix-quarantined-files.txt 2012-07-26 12:49 . Pre-Kørsel: 888.674.963.456 byte ledig Post-Kørsel: 890.709.561.344 byte ledig . - - End Of File - - 7ADD5D5ED798421EB1FB054719091BAE
[ Ignorer ] [ # 9 ] f-arn TeamSpywarefri
26.07.2012 19:51:52 Administrator Team Spywarefri Antal indlæg: 7045	Vi er ikke færdige Download OTL af OldTimer og gem den på dit skrivebord. Start OTL Vista og Windows 7 - højreklik på filen - Kør som Administrator. Øverst sætter du flueben i “Scan All Users” Luk alle åbne vinduer og klik på “Quick Scan” og lad programmet køre. Det vil give to logfiler på skrivebordet, OTL.txt og Extras.txt. Så kopier følgende ind i dit næste indlæg (i rækkefølge): Indholdet af OTL.txt Indholdet af Extras.txt Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg. Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 10 ] clr
26.07.2012 23:35:14 Antal indlæg: 16	Godt så Her er OTL filen: OTL logfile created on: 26-07-2012 21:59:40 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Claus\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 8,00 Gb Total Physical Memory \| 6,08 Gb Available Physical Memory \| 76,00% Memory free 16,00 Gb Paging File \| 13,53 Gb Available in Paging File \| 84,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 1384,88 Gb Total Space \| 829,17 Gb Free Space \| 59,87% Space Free \| Partition Type: NTFS Computer Name: CLAUS-PC \| User Name: Claus \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Quick Scan \| Include 64bit Scans Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-07-26 21:57:29 \| 000,596,480 \|——\| M] (OldTimer Tools)—C:\Users\Claus\Desktop\OTL.exe PRC - [2012-06-11 22:54:47 \| 000,932,528 \|——\| M] ()—C:\Users\Claus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012-01-12 12:50:00 \| 000,229,000 \|——\| M] (Panasonic Corporation)—C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe PRC - [2012-01-03 06:10:42 \| 000,063,928 \|——\| M] (Adobe Systems Incorporated)—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-10-01 09:30:22 \| 000,219,496 \|——\| M] (Microsoft Corporation)—C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011-10-01 09:30:18 \| 000,508,776 \|——\| M] (Microsoft Corporation)—C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011-09-06 19:29:20 \| 004,259,648 \|——\| M] (SoftThinks - Dell)—C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE PRC - [2011-08-18 17:05:54 \| 002,751,808 \|——\| M] ()—C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE PRC - [2011-08-18 17:05:46 \| 001,692,480 \|——\| M] (SoftThinks SAS)—C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE PRC - [2011-08-02 06:43:25 \| 001,242,448 \|——\| M] (Valve Corporation)—C:\Program Files (x86)\Steam\Steam.exe PRC - [2011-08-01 19:56:48 \| 000,460,096 \|——\| M] (SoftThinks - Dell)—C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe PRC - [2011-03-24 17:11:18 \| 000,107,800 \|——\| M] (Octoshape ApS)—C:\Users\Claus\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe PRC - [2011-03-22 20:37:06 \| 000,074,752 \|——\| M] (Nullsoft, Inc.)—C:\Program Files (x86)\Winamp\winampa.exe PRC - [2011-02-25 11:46:22 \| 000,249,648 \|——\| M] (Microsoft Corporation)—C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011-02-11 16:19:26 \| 002,760,192 \|——\| M] ()—C:\ProgramData\Boxtools\Toolbox.exe PRC - [2010-11-17 11:35:34 \| 000,514,544 \|——\| M] ()—C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010-03-10 17:26:30 \| 000,237,568 \|——\| M] (Alcor Micro Corp.)—C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe PRC - [2009-11-11 16:17:02 \| 000,771,360 \|——\| M] (Apple Inc.)—C:\Program Files (x86)\AirPort\APAgent.exe PRC - [2009-09-08 13:48:24 \| 000,383,544 \|——\| M] (Advanced Micro Devices)—c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe PRC - [2009-03-16 01:47:28 \| 000,122,880 \|——\| M] ()—C:\Windows\SysWOW64\WinMsgBalloonServer.exe PRC - [2009-03-16 01:47:24 \| 000,139,264 \|——\| M] ()—C:\Windows\SysWOW64\WinMsgBalloonClient.exe PRC - [2009-03-16 01:47:22 \| 000,122,880 \|——\| M] (AMD)—C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe PRC - [2009-03-16 01:47:20 \| 000,065,536 \|——\| M] ()—C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ========== Modules (No Company Name) ========== MOD - [2012-06-19 12:36:49 \| 020,313,384 \|——\| M] ()—C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012-06-19 12:36:46 \| 001,099,576 \|——\| M] ()—C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012-06-19 12:36:46 \| 000,895,312 \|——\| M] ()—C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2012-06-19 12:36:46 \| 000,190,776 \|——\| M] ()—C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012-06-19 12:36:46 \| 000,123,192 \|——\| M] ()—C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2012-06-13 12:15:57 \| 014,340,608 \|——\| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012-06-13 12:15:45 \| 012,436,480 \|——\| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012-06-13 12:15:40 \| 001,591,808 \|——\| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012-06-13 12:15:29 \| 012,237,824 \|——\| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012-06-11 22:54:47 \| 000,932,528 \|——\| M] ()—C:\Users\Claus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012-05-11 21:04:21 \| 002,297,856 \|——\| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012-05-11 20:28:37 \| 000,368,128 \|——\| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012-05-11 20:27:44 \| 003,347,968 \|——\| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012-05-11 20:27:40 \| 005,452,800 \|——\| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012-05-11 20:27:37 \| 007,967,232 \|——\| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012-05-11 20:27:37 \| 000,971,264 \|——\| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012-05-11 20:27:32 \| 011,492,864 \|——\| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011-08-18 17:05:54 \| 002,751,808 \|——\| M] ()—C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE MOD - [2011-06-24 22:56:36 \| 000,087,328 \|——\| M] ()—C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011-06-24 22:56:14 \| 001,241,888 \|——\| M] ()—C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011-02-11 16:19:26 \| 002,760,192 \|——\| M] ()—C:\ProgramData\Boxtools\Toolbox.exe MOD - [2010-11-24 23:44:02 \| 000,375,280 \|——\| M] ()—c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll MOD - [2010-11-17 11:35:34 \| 000,514,544 \|——\| M] ()—C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010-11-13 04:03:52 \| 000,299,008 \|——\| M] ()—C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll MOD - [2010-11-05 03:53:38 \| 000,200,704 \|——\| M] ()—C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_da_b77a5c561934e089\System.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012-03-20 13:11:30 \| 000,162,192 \|——\| M] (McAfee, Inc.) [Auto \| Running]—C:\Windows\SysNative\mfevtps.exe—(mfevtp) SRV:64bit: - [2012-03-20 12:56:24 \| 000,210,584 \|——\| M] () [Auto \| Running]—C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe—(mfefire) SRV:64bit: - [2012-03-20 12:55:54 \| 000,199,272 \|——\| M] () [Auto \| Running]—C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe—(McShield) SRV:64bit: - [2011-01-27 18:28:20 \| 000,249,936 \|——\| M] (McAfee, Inc.) [Auto \| Running]—C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe—(MSK80Service) SRV:64bit: - [2011-01-27 18:28:20 \| 000,249,936 \|——\| M] (McAfee, Inc.) [Auto \| Running]—C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe—(McProxy) SRV:64bit: - [2011-01-27 18:28:20 \| 000,249,936 \|——\| M] (McAfee, Inc.) [Disabled \| Stopped]—C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe—(McOobeSv) SRV:64bit: - [2011-01-27 18:28:20 \| 000,249,936 \|——\| M] (McAfee, Inc.) [Auto \| Running]—C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe—(McNASvc) SRV:64bit: - [2011-01-27 18:28:20 \| 000,249,936 \|——\| M] (McAfee, Inc.) [Auto \| Running]—C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe—(McNaiAnn) SRV:64bit: - [2011-01-27 18:28:20 \| 000,249,936 \|——\| M] (McAfee, Inc.) [Auto \| Running]—C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe—(mcmscsvc) SRV:64bit: - [2011-01-27 18:28:20 \| 000,249,936 \|——\| M] (McAfee, Inc.) [Auto \| Running]—C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe—(McMPFSvc) SRV:64bit: - [2010-01-14 08:04:10 \| 000,202,752 \|——\| M] (AMD) [Auto \| Running]—C:\Windows\SysNative\atiesrxx.exe—(AMD External Events Utility) SRV - [2012-07-26 21:26:20 \| 000,250,056 \|——\| M] (Adobe Systems Incorporated) [On_Demand \| Stopped]—C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe—(AdobeFlashPlayerUpdateSvc) SRV - [2012-04-19 08:22:48 \| 000,502,032 \|——\| M] (McAfee, Inc.) [On_Demand \| Stopped]—C:\Programmer\mcafee\virusscan\mcods.exe—(McODS) SRV - [2012-01-03 06:10:42 \| 000,063,928 \|——\| M] (Adobe Systems Incorporated) [Auto \| Running]—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe—(AdobeARMservice) SRV - [2011-10-01 09:30:22 \| 000,219,496 \|——\| M] (Microsoft Corporation) [On_Demand \| Running]—C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe—(sftvsa) SRV - [2011-10-01 09:30:18 \| 000,508,776 \|——\| M] (Microsoft Corporation) [Auto \| Running]—C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe—(sftlist) SRV - [2011-08-18 17:05:46 \| 001,692,480 \|——\| M] (SoftThinks SAS) [Auto \| Running]—C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE—(SftService) SRV - [2011-03-28 21:11:06 \| 002,292,096 \|——\| M] (Microsoft Corp.) [Auto \| Running]—C:\Programmer\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE—(wlidsvc) SRV - [2011-03-10 16:05:35 \| 000,407,336 \|——\| M] (Valve Corporation) [On_Demand \| Stopped]—C:\Program Files (x86)\Common Files\Steam\SteamService.exe—(Steam Client Service) SRV - [2011-03-05 22:50:18 \| 001,045,256 \|——\| M] (Acresso Software Inc.) [On_Demand \| Stopped]—C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe—(FLEXnet Licensing Service) SRV - [2011-02-28 19:44:14 \| 000,183,560 \|——\| M] (Microsoft Corporation.) [On_Demand \| Stopped]—C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE—(BBSvc) SRV - [2011-02-25 11:46:22 \| 000,249,648 \|——\| M] (Microsoft Corporation) [Auto \| Running]—C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE—(SeaPort) SRV - [2010-11-25 06:34:18 \| 000,219,632 \|——\| M] (Sonic Solutions) [Auto \| Stopped]—C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe—(RoxWatch12) SRV - [2010-11-25 06:33:18 \| 001,116,656 \|——\| M] (Sonic Solutions) [On_Demand \| Stopped]—C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe—(RoxMediaDB12OEM) SRV - [2010-09-22 19:10:10 \| 000,057,184 \|——\| M] (Microsoft Corporation) [Disabled \| Stopped]—C:\Programmer\Windows Live\Mesh\wlcrasvc.exe—(wlcrasvc) SRV - [2010-08-30 15:42:00 \| 000,220,528 \|——\| M] (McAfee, Inc.) [On_Demand \| Stopped]—c:\Programmer\mcafee\msc\McAWFwk.exe—(McAWFwk) SRV - [2010-08-25 21:28:54 \| 002,823,000 \|——\| M] (Dell, Inc.) [Auto \| Running]—C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe—(NOBU) SRV - [2010-03-18 14:16:28 \| 000,130,384 \|——\| M] (Microsoft Corporation) [Auto \| Stopped]—C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe—(clr_optimization_v4.0.30319_32) SRV - [2010-01-09 22:34:24 \| 004,925,184 \|——\| M] (Microsoft Corporation) [On_Demand \| Stopped]—C:\Programmer\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE—(osppsvc) SRV - [2009-09-08 13:48:24 \| 000,383,544 \|——\| M] (Advanced Micro Devices) [Auto \| Running]—c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe—(AMDFusionSVC) SRV - [2009-06-10 23:23:09 \| 000,066,384 \|——\| M] (Microsoft Corporation) [Disabled \| Stopped]—C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe—(clr_optimization_v2.0.50727_32) SRV - [2009-03-16 01:47:22 \| 000,122,880 \|——\| M] (AMD) [Auto \| Running]—C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe—(AMD_RAIDXpert) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-03-01 08:46:16 \| 000,023,408 \|——\| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown]—C:\Windows\SysNative\drivers\fs_rec.sys—(Fs_Rec) DRV:64bit: - [2012-02-22 13:29:46 \| 000,647,208 \|——\| M] (McAfee, Inc.) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\mfehidk.sys—(mfehidk) DRV:64bit: - [2012-02-22 13:29:46 \| 000,487,296 \|——\| M] (McAfee, Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\mfefirek.sys—(mfefirek) DRV:64bit: - [2012-02-22 13:29:46 \| 000,289,664 \|——\| M] (McAfee, Inc.) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\mfewfpk.sys—(mfewfpk) DRV:64bit: - [2012-02-22 13:29:46 \| 000,229,528 \|——\| M] (McAfee, Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\mfeavfk.sys—(mfeavfk) DRV:64bit: - [2012-02-22 13:29:46 \| 000,160,792 \|——\| M] (McAfee, Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\mfeapfk.sys—(mfeapfk) DRV:64bit: - [2012-02-22 13:29:46 \| 000,100,912 \|——\| M] (McAfee, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\mferkdet.sys—(mferkdet) DRV:64bit: - [2012-02-22 13:29:46 \| 000,075,936 \|——\| M] (McAfee, Inc.) [Kernel \| System \| Running]—C:\Windows\SysNative\drivers\mfenlfk.sys—(mfenlfk) DRV:64bit: - [2012-02-22 13:29:46 \| 000,065,264 \|——\| M] (McAfee, Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\cfwids.sys—(cfwids) DRV:64bit: - [2012-02-15 12:01:50 \| 000,052,736 \|——\| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\usbaapl64.sys—(USBAAPL64) DRV:64bit: - [2011-10-01 09:30:22 \| 000,022,376 \|——\| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\Sftvollh.sys—(Sftvol) DRV:64bit: - [2011-10-01 09:30:18 \| 000,268,648 \|——\| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\Sftplaylh.sys—(Sftplay) DRV:64bit: - [2011-10-01 09:30:18 \| 000,025,960 \|——\| M] (Microsoft Corporation) [File_System \| On_Demand \| Running]—C:\Windows\SysNative\drivers\Sftredirlh.sys—(Sftredir) DRV:64bit: - [2011-10-01 09:30:10 \| 000,764,264 \|——\| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\Sftfslh.sys—(Sftfs) DRV:64bit: - [2011-06-21 15:29:38 \| 000,088,480 \|——\| M] () [Kernel \| Auto \| Running]—C:\Windows\SysNative\drivers\atksgt.sys—(atksgt) DRV:64bit: - [2011-06-21 15:29:38 \| 000,046,400 \|——\| M] () [Kernel \| Auto \| Running]—C:\Windows\SysNative\drivers\lirsgt.sys—(lirsgt) DRV:64bit: - [2010-11-20 15:33:35 \| 000,078,720 \|——\| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\HpSAMD.sys—(HpSAMD) DRV:64bit: - [2010-11-20 13:07:05 \| 000,059,392 \|——\| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\TsUsbFlt.sys—(TsUsbFlt) DRV:64bit: - [2010-04-23 23:30:10 \| 000,264,856 \|——\| M] (Advanced Micro Devices, Inc) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\ahcix64s.sys—(ahcix64s) DRV:64bit: - [2010-03-19 04:00:00 \| 000,055,856 \|——\| M] (Sonic Solutions) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\PxHlpa64.sys—(PxHlpa64) DRV:64bit: - [2010-01-29 08:33:38 \| 000,116,736 \|——\| M] (ATI Technologies, Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\AtiHdmi.sys—(AtiHdmiService) DRV:64bit: - [2010-01-14 08:26:02 \| 006,327,296 \|——\| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\atipmdag.sys—(amdkmdag) DRV:64bit: - [2010-01-14 07:10:58 \| 000,185,344 \|——\| M] (Advanced Micro Devices, Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\atikmpag.sys—(amdkmdap) DRV:64bit: - [2009-10-24 14:49:46 \| 001,542,656 \|——\| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\athrx.sys—(athr) DRV:64bit: - [2009-10-16 13:32:22 \| 000,321,064 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\k57nd60a.sys—(k57nd60a) DRV:64bit: - [2009-10-08 01:13:34 \| 000,070,200 \|——\| M] (Advanced Micro Devices) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\amdsata.sys—(amdsata) DRV:64bit: - [2009-10-08 01:13:34 \| 000,028,728 \|——\| M] (Advanced Micro Devices) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\amdxata.sys—(amdxata) DRV:64bit: - [2009-08-24 16:55:32 \| 000,016,440 \|——\| M] (Advanced Micro Devices Inc.) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\AtiPcie.sys—(AtiPcie) DRV:64bit: - [2009-07-14 03:52:20 \| 000,194,128 \|——\| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\amdsbs.sys—(amdsbs) DRV:64bit: - [2009-07-14 03:48:04 \| 000,065,600 \|——\| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\lsi_sas2.sys—(LSI_SAS2) DRV:64bit: - [2009-07-14 03:45:55 \| 000,024,656 \|——\| M] (Promise Technology) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\stexstor.sys—(stexstor) DRV:64bit: - [2009-06-10 22:34:33 \| 003,286,016 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\evbda.sys—(ebdrv) DRV:64bit: - [2009-06-10 22:34:28 \| 000,468,480 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\bxvbda.sys—(b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 \| 000,270,848 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\b57nd60a.sys—(b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 \| 000,031,232 \|——\| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\hcw85cir.sys—(hcw85cir) DRV:64bit: - [2009-05-18 14:17:08 \| 000,034,152 \|——\| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\GEARAspiWDM.sys—(GEARAspiWDM) DRV:64bit: - [2009-04-22 15:32:22 \| 000,047,672 \|——\| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\AmdLLD64.sys—(AmdLLD64) DRV:64bit: - [2006-11-01 13:51:00 \| 000,151,656 \|——\| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\WimFltr.sys—(WimFltr) DRV - [2012-04-10 21:04:32 \| 000,025,072 \|——\| M] (PC-Doctor, Inc.) [Kernel \| On_Demand \| Stopped]—c:\Programmer\Dell Support Center\pcdsrvc_x64.pkms—(PCDSRVC{1E208CE0-FB7451FF-06020101}_0) DRV - [2009-07-14 03:19:10 \| 000,019,008 \|——\| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped]—C:\Windows\SysWOW64\drivers\wimmount.sys—(WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: “URL” = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: “URL” = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-21-1503206898-520384191-2834299147-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Claus\Desktop IE - HKU\S-1-5-21-1503206898-520384191-2834299147-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ni.dk/ IE - HKU\S-1-5-21-1503206898-520384191-2834299147-1001\..\SearchScopes,DefaultScope = {DD0F8A95-E0E7-47F0-9687-FD0AA2ADB383} IE - HKU\S-1-5-21-1503206898-520384191-2834299147-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1503206898-520384191-2834299147-1001\..\SearchScopes\{DD0F8A95-E0E7-47F0-9687-FD0AA2ADB383}: “URL” = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie;={inputEncoding?}&oe;={outputEncoding?}&rlz;= IE - HKU\S-1-5-21-1503206898-520384191-2834299147-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-21-1503206898-520384191-2834299147-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = .local ========== FireFox ========== FF:64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Claus\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012-06-29 07:25:37 \| 000,000,000 \|—-D \| M] O1 HOSTS File: ([2012-07-26 14:38:40 \| 000,000,027 \|——\| M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmer\Common Files\mcafee\systemcore\ScriptSn.20120629070954.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programmer\mcafee\msk\mskapbho.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120629070954.dll (McAfee, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-1503206898-520384191-2834299147-1001..\Run: [Boxoft Tools] C:\ProgramData\Boxtools\Boxofttoolbox.exe () O4 - HKU\S-1-5-21-1503206898-520384191-2834299147-1001..\Run: [Octoshape Streaming Services] C:\Users\Claus\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O4 - HKU\S-1-5-21-1503206898-520384191-2834299147-1001..\Run: [Spotify Web Helper] C:\Users\Claus\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-1503206898-520384191-2834299147-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [“C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe”] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1503206898-520384191-2834299147-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1503206898-520384191-2834299147-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1503206898-520384191-2834299147-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver; - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver; - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra ‘Tools’ menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F2D7916-D8B1-4F82-BC76-C3D83A135F78}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E4CB8E1-8F44-4C93-98C6-8327B769F624}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programmer\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open]—“%1” %* O35:64bit: - HKLM\..exefile [open]—“%1” %* O35 - HKLM\..comfile [open]—“%1” %* O35 - HKLM\..exefile [open]—“%1” %* O37:64bit: - HKLM\...com [@ = ComFile]—“%1” %* O37:64bit: - HKLM\...exe [@ = exefile]—“%1” %* O37 - HKLM\...com [@ = ComFile]—“%1” %* O37 - HKLM\...exe [@ = exefile]—“%1” %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-07-26 21:57:21 \| 000,596,480 \|——\| C] (OldTimer Tools)—C:\Users\Claus\Desktop\OTL.exe [2012-07-26 18:50:04 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012-07-26 18:49:24 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{6224A639-D5B9-473C-9A87-6BAC84CD5777} [2012-07-26 18:49:11 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{FC64D5AF-2711-4605-887E-BD7663E56A66} [2012-07-26 14:38:47 \| 000,000,000 \| -HSD \| C]—C:\$RECYCLE.BIN [2012-07-26 14:12:26 \| 000,518,144 \|——\| C] (SteelWerX)—C:\Windows\SWREG.exe [2012-07-26 14:12:26 \| 000,406,528 \|——\| C] (SteelWerX)—C:\Windows\SWSC.exe [2012-07-26 14:12:26 \| 000,060,416 \|——\| C] (NirSoft)—C:\Windows\NIRCMD.exe [2012-07-26 14:00:28 \| 000,000,000 \|—-D \| C]—C:\Qoobox [2012-07-26 13:59:56 \| 000,000,000 \|—-D \| C]—C:\Windows\erdnt [2012-07-26 12:13:46 \| 000,000,000 \|—-D \| C]—C:\FRST [2012-07-26 08:09:13 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Roaming\Malwarebytes [2012-07-26 08:08:49 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes’ Anti-Malware [2012-07-26 08:08:45 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Malwarebytes [2012-07-26 08:08:43 \| 000,024,904 \|——\| C] (Malwarebytes Corporation)—C:\Windows\SysNative\drivers\mbam.sys [2012-07-26 08:08:42 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Malwarebytes’ Anti-Malware [2012-07-25 20:18:07 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{96A461ED-BCB7-4BBE-86FF-D65A29028B6C} [2012-07-25 20:17:55 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{9D3523C2-079D-431F-AE45-C07FC96D0B4A} [2012-07-24 19:02:26 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{2C727800-F35E-492F-AA51-15E99D2B29A3} [2012-07-24 19:02:15 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{DE27C96C-9638-4E63-BD13-26EEE2DE0994} [2012-07-24 06:00:53 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{50D9963F-F494-41C3-A6A3-F1BCAF91220E} [2012-07-24 06:00:42 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{241CEB50-0F8B-4AD8-817A-33FD12B187FE} [2012-07-23 15:23:24 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{8D9E914E-E4D2-40D8-87E3-6D89815C4912} [2012-07-23 15:23:13 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{92DEB7D3-F0DB-4FD2-80BE-51AC92E1E5ED} [2012-07-23 09:46:18 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{F5DB46C4-25FD-4D08-B491-0033090C97C1} [2012-07-22 20:16:10 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{09613BB5-6135-4CCA-9BC9-94F90EC90422} [2012-07-22 20:15:59 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{8C036DD1-FFEF-4F00-A046-EE5286A7B396} [2012-07-22 02:42:10 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{203A693C-B6FE-4366-A9AC-A1917E16856F} [2012-07-22 02:41:58 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{C20F7450-0D22-4371-8BA9-8CA6EBE14BCD} [2012-07-21 07:44:15 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{05B6834B-AD17-49E1-9D5E-759A59648DED} [2012-07-21 07:44:01 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{544A21EF-4562-4FFA-97EA-90EC60190094} [2012-07-20 20:04:17 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{9645B883-D3CA-4F93-B71F-44AE43A5909A} [2012-07-20 08:09:08 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{8EEF74C3-FDB8-4C92-B406-AB8DBC8A05F1} [2012-07-20 08:08:57 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{9EEAE9EE-FA65-4997-B6A3-BFD51CAA9B0E} [2012-07-19 09:50:08 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{FBF6526C-DE18-4D63-AB79-4F701EA9F6E9} [2012-07-19 09:49:56 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{69B84729-6476-4E21-906C-68A2B8BE8B44} [2012-07-18 23:03:04 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\Documents\20120718 [2012-07-18 21:07:00 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{7647A441-1B5B-407A-9F11-95173EB5647E} [2012-07-18 21:06:47 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{577269AD-9D38-4E7D-AB6B-14308FFBCFC6} [2012-07-18 17:30:51 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{ADB6A11F-075B-4255-BE94-23EB964D1C9A} [2012-07-17 11:26:47 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{FB472CE6-0A8E-4A4C-82D0-F0D0DD36518E} [2012-07-17 11:26:36 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{010C318C-0495-4F7E-8117-CD352715715D} [2012-07-16 22:17:22 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{80BCB421-F5AF-4849-8C89-1ED99B739628} [2012-07-16 22:17:11 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{A3894B16-C615-4D92-9951-B34F61F7078C} [2012-07-16 19:14:17 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{8969EC1B-6FF8-4019-B5C7-8A6BD74011DE} [2012-07-16 19:14:05 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{DC4BCFE6-723B-4D32-94DA-DC210CBB3D10} [2012-07-15 23:05:11 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{833CC238-1F7F-4D14-A782-9D5C4A6B0D73} [2012-07-15 23:05:01 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{985A5B11-26D8-462B-9A7C-7EB3770965CA} [2012-07-15 23:04:50 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{99ABAC66-2CB8-4F1F-8D4A-EB12B51C26DA} [2012-07-15 20:20:48 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{2E8277BB-DB92-4C34-A464-1AC69342A4A3} [2012-07-15 19:55:28 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{E9F2E924-2FEF-4A33-93DF-88DDD5D0B260} [2012-07-15 19:55:15 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{CC0CD3E9-7428-4AF6-AEDC-4C7DE2958D90} [2012-07-14 23:28:00 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{5495B8D7-FD7E-4D82-A2AE-BBDAF1A54AE3} [2012-07-14 23:27:46 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{AD5FDAF0-2922-4879-A306-26AD1344C4C9} [2012-07-14 23:27:35 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{3AB7538D-B640-4CD2-9E1C-0349C870DD41} [2012-07-14 20:16:33 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{3988F0E7-A12A-4A02-809A-5D404E68B9F1} [2012-07-14 07:55:53 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{7D1CCC69-98C9-459A-AF84-88F90E78E5FF} [2012-07-14 07:55:42 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{DB52FAEE-8C70-4448-8C59-C344C6827697} [2012-07-13 11:05:53 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{E7A7B5AF-1FA8-4DF4-923A-DEF669279178} [2012-07-13 11:05:42 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{3A720DD1-9F76-48E8-9D90-ECAA119E33A6} [2012-07-12 21:56:06 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{FAC1ABC2-BE6E-4989-9BF7-BF2B1FB6DF7F} [2012-07-12 21:55:54 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{CB6E43C6-A01B-44CA-9F0C-E6E7CAE1E270} [2012-07-12 13:58:55 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{EA45C23E-8331-4742-B36B-D4F3AFD2BB3A} [2012-07-12 12:10:25 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{C6D6DB07-061C-45B8-9DB1-C0441101492D} [2012-07-12 09:21:34 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{37F0621A-0026-48BB-9AE9-4979738A472C} [2012-07-11 20:15:09 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{8A98EEBB-CB5C-492B-8E78-BAEF85B51914} [2012-07-11 20:14:56 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{7393724D-08F0-473B-9CC0-01943430312C} [2012-07-11 13:12:36 \| 000,000,000 \|—-D \| C]—C:\Program Files\Mount&Blade; Warband [2012-07-10 00:50:55 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{01BAD8FE-CAF5-4BF4-9BEC-3B3EAAF29626} [2012-07-10 00:50:45 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{38D69F9D-D4EE-462F-B28D-4EA0A86FC566} [2012-07-09 11:51:35 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{E2CA7F74-EC3F-4534-A022-4076B15A9F5C} [2012-07-09 11:51:24 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{6518DC2E-E18C-4B03-A94F-117C3F7FFEE4} [2012-07-08 22:51:09 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{093F310E-483F-4C24-AC19-C315BE54EA19} [2012-07-08 22:50:58 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{3CFA093C-8D70-42A5-8FC3-7D8E3BC0E25A} [2012-07-08 19:44:43 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{C9246EE0-BE8E-4FA8-A792-16C0B3FA83C4} [2012-07-08 09:03:10 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{7EB5136E-8CB5-49B9-82C3-90015CC17D84} [2012-07-08 09:02:58 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{41951187-571C-40E8-9CAE-A09FF5DC585C} [2012-07-08 08:55:50 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{0D6FE203-5253-4000-8A50-9F60E74FEE8A} [2012-07-07 20:41:45 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{E023A02F-1488-4400-8A4C-EB1D197CC9A6} [2012-07-07 20:41:34 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{BA3BEBD7-CB3F-441A-942E-53995FCBAC97} [2012-07-06 20:29:33 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{3B26CA32-CE7F-4BCD-8E8C-A106C0C42D52} [2012-07-06 20:29:23 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{0F265FAA-B99B-4844-99C7-8B58197A8113} [2012-07-06 14:08:11 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\Documents\20120706 [2012-07-06 14:07:32 \| 000,000,000 \|—-D \| C]—C:\PFS8.1 PE_TMP [2012-07-06 11:28:28 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Panasonic [2012-07-06 11:15:13 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\Panasonic [2012-07-06 11:14:24 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Roaming\InstallShield [2012-07-06 11:06:05 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic [2012-07-06 11:04:48 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Common Files\Panasonic [2012-07-06 11:04:29 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Panasonic [2012-07-06 11:04:05 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft Synchronization Services [2012-07-06 11:04:05 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft SQL Server Compact Edition [2012-07-06 11:03:52 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Microsoft Synchronization Services [2012-07-06 08:03:45 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{5B4BDF6C-EB54-4EA1-A070-BA3BBC064FD8} [2012-07-06 08:03:34 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{A3D5DC09-9E77-4CC4-B135-65F6AC631FAD} [2012-07-05 12:50:51 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{50108E39-4E99-45B7-A5F6-6B9BA17521C2} [2012-07-05 12:50:40 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{EA8EFAFF-2970-4C03-81BE-82DC88C0851B} [2012-07-04 22:02:48 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{337F8827-270D-4DFC-8A76-78ACDF67FE6B} [2012-07-04 22:02:37 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{8EA6E181-EA39-421A-B0E6-336465ED8DC7} [2012-07-04 19:48:42 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{24270B77-DC74-4630-8A41-F21F9C1BD6B4} [2012-07-03 19:46:45 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{1E58C724-2C55-48A5-872F-F27F9705D182} [2012-07-03 19:46:34 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{43509E9B-7731-412F-B570-60B0FC904F1E} [2012-07-03 07:43:20 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{9635B5D9-DD50-4698-A81F-891E18C80A16} [2012-07-03 07:43:07 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{0E5F82CF-2983-4CBB-8126-DF4828633755} [2012-07-02 18:45:05 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{66DF8AC5-5192-4CA8-B582-D5F5F85A54AC} [2012-07-02 18:44:53 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{359D1BAA-4C8A-4F4B-9D79-1CF4CA94B113} [2012-07-01 20:22:13 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{40EA1881-71A8-48D1-AC9D-2405F57DD21E} [2012-07-01 20:22:01 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{B94A18F9-D3A0-441A-BA03-7D1B4926FDE0} [2012-06-30 13:57:31 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{EB1C653F-A4A1-4D5C-AA1B-50EA642230E3} [2012-06-30 08:00:16 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{CCB05F31-9FC6-4E49-A6A4-6BEA3975ABFB} [2012-06-29 19:53:51 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{7E567270-7BE3-443B-AAEB-2501137D55CA} [2012-06-29 19:53:40 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{F64550EC-265F-4906-A66D-90EDB3014F0D} [2012-06-29 10:53:31 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{95A00BB0-E124-4A80-9745-6759DB241A7E} [2012-06-28 22:46:07 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{344F7794-8436-4BCF-8E68-38B9C1E600B4} [2012-06-28 22:45:55 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{4CA55775-A30A-4626-9BED-30422FE27006} [2012-06-28 06:51:36 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{987D83C5-F085-40EC-975F-287EB00781BF} [2012-06-28 06:51:24 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{6337C069-CF7E-483F-961B-81260F8B0A31} [2012-06-27 20:17:23 \| 000,000,000 \|—-D \| C]—C:\Users\Claus\AppData\Local\{948F683D-02EF-410C-B63D-ADF26C91ECC0} [1 C:\Windows\SysNative\.tmp files -> C:\Windows\SysNative\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-07-26 22:40:00 \| 000,000,930 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-07-26 22:26:00 \| 000,000,830 \|——\| M] ()—C:\Windows\tasks\Adobe Flash Player Updater.job [2012-07-26 21:57:29 \| 000,596,480 \|——\| M] (OldTimer Tools)—C:\Users\Claus\Desktop\OTL.exe [2012-07-26 20:40:00 \| 000,000,926 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-07-26 18:57:32 \| 000,014,240 \| -H—\| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-26 18:57:31 \| 000,014,240 \| -H—\| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-26 18:44:03 \| 000,067,584 \|—S- \| M] ()—C:\Windows\bootstat.dat [2012-07-26 18:43:48 \| 2146,930,687 \| -HS- \| M] ()—C:\hiberfil.sys [2012-07-26 14:38:40 \| 000,000,027 \|——\| M] ()—C:\Windows\SysNative\drivers\etc\hosts [2012-07-26 14:38:19 \| 000,000,506 \|——\| M] ()—C:\Windows\tasks\SystemToolsDailyTest.job [2012-07-26 10:41:11 \| 001,373,978 \|——\| M] ()—C:\Windows\SysNative\PerfStringBackup.INI [2012-07-26 10:41:11 \| 000,652,390 \|——\| M] ()—C:\Windows\SysNative\perfh009.dat [2012-07-26 10:41:11 \| 000,507,452 \|——\| M] ()—C:\Windows\SysNative\perfh006.dat [2012-07-26 10:41:11 \| 000,121,064 \|——\| M] ()—C:\Windows\SysNative\perfc009.dat [2012-07-26 10:41:11 \| 000,097,456 \|——\| M] ()—C:\Windows\SysNative\perfc006.dat [2012-07-26 08:08:49 \| 000,001,111 \|——\| M] ()—C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-07-19 11:58:51 \| 000,011,776 \|——\| M] ()—C:\Users\Claus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-12 09:13:20 \| 000,354,416 \|——\| M] ()—C:\Windows\SysNative\FNTCACHE.DAT [2012-07-06 11:17:28 \| 000,001,162 \|——\| M] ()—C:\Users\Claus\Desktop\TZ30_TZ31 Betjeningsvejledninger.lnk [2012-07-06 11:15:46 \| 000,001,914 \|——\| M] ()—C:\Users\Public\Desktop\LUMIX Map Tool.lnk [2012-07-06 11:14:17 \| 000,002,478 \|——\| M] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.1 PE.lnk [2012-07-06 11:06:06 \| 000,002,208 \|——\| M] ()—C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.1 PE.lnk [2012-07-05 17:43:40 \| 000,000,564 \|——\| M] ()—C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012-07-03 13:46:44 \| 000,024,904 \|——\| M] (Malwarebytes Corporation)—C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\SysNative\.tmp files -> C:\Windows\SysNative\.tmp -> ] ========== Files Created - No Company Name ========== [2012-07-26 14:12:26 \| 000,256,000 \|——\| C] ()—C:\Windows\PEV.exe [2012-07-26 14:12:26 \| 000,208,896 \|——\| C] ()—C:\Windows\MBR.exe [2012-07-26 14:12:26 \| 000,098,816 \|——\| C] ()—C:\Windows\sed.exe [2012-07-26 14:12:26 \| 000,080,412 \|——\| C] ()—C:\Windows\grep.exe [2012-07-26 14:12:26 \| 000,068,096 \|——\| C] ()—C:\Windows\zip.exe [2012-07-26 08:08:49 \| 000,001,111 \|——\| C] ()—C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-07-06 11:17:28 \| 000,001,162 \|——\| C] ()—C:\Users\Claus\Desktop\TZ30_TZ31 Betjeningsvejledninger.lnk [2012-07-06 11:16:48 \| 000,000,188 \|——\| C] ()—C:\Users\Public\Desktop\Download video editor LoiLoScope.url [2012-07-06 11:15:46 \| 000,001,914 \|——\| C] ()—C:\Users\Public\Desktop\LUMIX Map Tool.lnk [2012-07-06 11:14:27 \| 000,111,932 \|——\| C] ()—C:\Windows\SysWow64\EPPICPrinterDB.dat [2012-07-06 11:14:27 \| 000,031,053 \|——\| C] ()—C:\Windows\SysWow64\EPPICPattern131.dat [2012-07-06 11:14:27 \| 000,027,417 \|——\| C] ()—C:\Windows\SysWow64\EPPICPattern121.dat [2012-07-06 11:14:27 \| 000,026,154 \|——\| C] ()—C:\Windows\SysWow64\EPPICPattern1.dat [2012-07-06 11:14:27 \| 000,024,903 \|——\| C] ()—C:\Windows\SysWow64\EPPICPattern3.dat [2012-07-06 11:14:27 \| 000,021,390 \|——\| C] ()—C:\Windows\SysWow64\EPPICPattern5.dat [2012-07-06 11:14:27 \| 000,020,148 \|——\| C] ()—C:\Windows\SysWow64\EPPICPattern2.dat [2012-07-06 11:14:27 \| 000,011,811 \|——\| C] ()—C:\Windows\SysWow64\EPPICPattern4.dat [2012-07-06 11:14:27 \| 000,004,943 \|——\| C] ()—C:\Windows\SysWow64\EPPICPattern6.dat [2012-07-06 11:14:27 \| 000,001,146 \|——\| C] ()—C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012-07-06 11:14:27 \| 000,001,139 \|——\| C] ()—C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012-07-06 11:14:27 \| 000,001,139 \|——\| C] ()—C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012-07-06 11:14:27 \| 000,001,136 \|——\| C] ()—C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012-07-06 11:14:27 \| 000,001,129 \|——\| C] ()—C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012-07-06 11:14:27 \| 000,001,129 \|——\| C] ()—C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012-07-06 11:14:27 \| 000,001,120 \|——\| C] ()—C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012-07-06 11:14:27 \| 000,001,107 \|——\| C] ()—C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012-07-06 11:14:27 \| 000,001,104 \|——\| C] ()—C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012-07-06 11:14:27 \| 000,000,097 \|——\| C] ()—C:\Windows\SysWow64\PICSDK.ini [2012-07-06 11:14:26 \| 000,013,732 \|——\| C] ()—C:\Windows\SysWow64\EPPICLocal_EN.cfg [2012-07-06 11:14:26 \| 000,006,442 \|——\| C] ()—C:\Windows\SysWow64\EPPICLocal_IT.cfg [2012-07-06 11:14:26 \| 000,006,347 \|——\| C] ()—C:\Windows\SysWow64\EPPICLocal_PT.cfg [2012-07-06 11:14:26 \| 000,006,347 \|——\| C] ()—C:\Windows\SysWow64\EPPICLocal_BP.cfg [2012-07-06 11:14:26 \| 000,006,335 \|——\| C] ()—C:\Windows\SysWow64\EPPICLocal_GE.cfg [2012-07-06 11:14:26 \| 000,006,195 \|——\| C] ()—C:\Windows\SysWow64\EPPICLocal_FR.cfg [2012-07-06 11:14:26 \| 000,006,195 \|——\| C] ()—C:\Windows\SysWow64\EPPICLocal_CF.cfg [2012-07-06 11:14:26 \| 000,006,122 \|——\| C] ()—C:\Windows\SysWow64\EPPICLocal_DU.cfg [2012-07-06 11:14:26 \| 000,006,103 \|——\| C] ()—C:\Windows\SysWow64\EPPICLocal_ES.cfg [2012-07-06 11:14:26 \| 000,005,817 \|——\| C] ()—C:\Windows\SysWow64\EPPICLocal_KO.cfg [2012-07-06 11:14:26 \| 000,005,436 \|——\| C] ()—C:\Windows\SysWow64\EPPICLocal_SC.cfg [2012-07-06 11:14:26 \| 000,002,889 \|——\| C] ()—C:\Windows\SysWow64\EPPICLocal_RU.cfg [2012-07-06 11:14:26 \| 000,002,426 \|——\| C] ()—C:\Windows\SysWow64\EPPICLocal_TC.cfg [2012-07-06 11:14:17 \| 000,002,478 \|——\| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.1 PE.lnk [2012-07-06 11:06:06 \| 000,002,208 \|——\| C] ()—C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.1 PE.lnk [2011-12-19 12:55:28 \| 000,130,280 \| -H—\| C] ()—C:\Windows\SysWow64\mlfcache.dat [2011-04-07 22:27:28 \| 000,123,392 \|——\| C] ()—C:\Windows\SysWow64\UnCasino5.exe [2011-03-29 10:23:10 \| 000,000,000 \|——\| C] ()—C:\Users\Claus\temp.dat [2011-03-10 23:26:26 \| 000,011,776 \|——\| C] ()—C:\Users\Claus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-03-10 15:53:15 \| 001,351,888 \|——\| C] ()—C:\Windows\SysWow64\PerfStringBackup.INI [2011-03-06 07:03:18 \| 000,001,035 \|——\| C] ()—C:\Windows\SysWow64\atipblag.dat [2011-03-05 22:51:16 \| 000,001,264 \|——\| C] ()—C:\Windows\THXCfg_SP_APOIM.ini [2011-03-05 22:51:16 \| 000,001,247 \|——\| C] ()—C:\Windows\THXCfg_HP_APOIM.ini [2011-03-05 22:51:16 \| 000,001,247 \|——\| C] ()—C:\Windows\THXCfg_APOIM.ini [2011-03-05 22:51:15 \| 000,177,664 \|——\| C] ()—C:\Windows\SysWow64\APOMngr.DLL [2011-03-05 22:51:15 \| 000,073,728 \|——\| C] ()—C:\Windows\SysWow64\CmdRtr.DLL [2011-03-05 22:35:08 \| 000,000,000 \|——\| C] ()—C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011-03-10 19:40:05 \| 000,000,000 \|—-D \| M]—C:\Users\Claus\AppData\Roaming\Aid4Mail2 [2011-03-10 17:40:14 \| 000,000,000 \|—-D \| M]—C:\Users\Claus\AppData\Roaming\Mount&Blade; Warband [2011-12-02 23:55:41 \| 000,000,000 \|—-D \| M]—C:\Users\Claus\AppData\Roaming\Octoshape [2011-06-29 20:23:40 \| 000,000,000 \|—-D \| M]—C:\Users\Claus\AppData\Roaming\OpenCandy [2011-03-10 22:38:51 \| 000,000,000 \|—-D \| M]—C:\Users\Claus\AppData\Roaming\OpenOffice.org [2011-03-10 18:06:18 \| 000,000,000 \|—-D \| M]—C:\Users\Claus\AppData\Roaming\PCDr [2012-07-26 13:51:32 \| 000,000,000 \|—-D \| M]—C:\Users\Claus\AppData\Roaming\SoftGrid Client [2012-06-11 22:54:54 \| 000,000,000 \|—-D \| M]—C:\Users\Claus\AppData\Roaming\Spotify [2011-06-03 15:18:34 \| 000,000,000 \|—-D \| M]—C:\Users\Claus\AppData\Roaming\Subversion [2011-03-10 15:55:25 \| 000,000,000 \|—-D \| M]—C:\Users\Claus\AppData\Roaming\TP [2011-03-18 21:27:51 \| 000,000,000 \|—-D \| M]—C:\Users\Claus\AppData\Roaming\Windows Live Writer [2012-07-05 17:43:40 \| 000,000,564 \|——\| M] ()—C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2012-07-26 07:30:20 \| 000,032,550 \|——\| M] ()—C:\Windows\Tasks\SCHEDLGU.TXT [2012-07-26 14:38:19 \| 000,000,506 \|——\| M] ()—C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report >
[ Ignorer ] [ # 11 ] clr
26.07.2012 23:36:46 Antal indlæg: 16	Her er extras filen: OTL Extras logfile created on: 26-07-2012 21:59:40 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Claus\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 8,00 Gb Total Physical Memory \| 6,08 Gb Available Physical Memory \| 76,00% Memory free 16,00 Gb Paging File \| 13,53 Gb Available in Paging File \| 84,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 1384,88 Gb Total Space \| 829,17 Gb Free Space \| 59,87% Space Free \| Partition Type: NTFS Computer Name: CLAUS-PC \| User Name: Claus \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Quick Scan \| Include 64bit Scans Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut]—C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile]—C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open]—“%1” %* cmdfile [open]—“%1” %* comfile [open]—“%1” %* exefile [open]—“%1” %* helpfile [open]—Reg Error: Key error. htmlfile [edit]—Reg Error: Key error. htmlfile [print]—rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML “%1” (Microsoft Corporation) inffile [install]—%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open]—“C:\Windows\System32\rundll32.exe” “C:\Windows\System32\ieframe.dll”,OpenURL %l (Microsoft Corporation) InternetShortcut [print]—“C:\Windows\System32\rundll32.exe” “C:\Windows\System32\mshtml.dll”,PrintHTML “%1” (Microsoft Corporation) piffile [open]—“%1” %* regfile [merge]—Reg Error: Key error. scrfile [config]—“%1” scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open]—“%1” /S txtfile [edit]—Reg Error: Key error. Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd]—cmd.exe /s /k pushd “%V” (Microsoft Corporation) Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark]—“C:\Program Files (x86)\Winamp\winamp.exe” /BOOKMARK “%1” (Nullsoft, Inc.) Directory [Winamp.Enqueue]—“C:\Program Files (x86)\Winamp\winamp.exe” /ADD “%1” (Nullsoft, Inc.) Directory [Winamp.Play]—“C:\Program Files (x86)\Winamp\winamp.exe” “%1” (Nullsoft, Inc.) Folder [open]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore]—Reg Error: Value error. Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open]—“%1” %* cmdfile [open]—“%1” %* comfile [open]—“%1” %* cplfile [cplopen]—%SystemRoot%\System32\control.exe “%1”,%* (Microsoft Corporation) exefile [open]—“%1” %* helpfile [open]—Reg Error: Key error. htmlfile [edit]—Reg Error: Key error. piffile [open]—“%1” %* regfile [merge]—Reg Error: Key error. scrfile [config]—“%1” scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open]—“%1” /S txtfile [edit]—Reg Error: Key error. Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd]—cmd.exe /s /k pushd “%V” (Microsoft Corporation) Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark]—“C:\Program Files (x86)\Winamp\winamp.exe” /BOOKMARK “%1” (Nullsoft, Inc.) Directory [Winamp.Enqueue]—“C:\Program Files (x86)\Winamp\winamp.exe” /ADD “%1” (Nullsoft, Inc.) Directory [Winamp.Play]—“C:\Program Files (x86)\Winamp\winamp.exe” “%1” (Nullsoft, Inc.) Folder [open]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore]—Reg Error: Value error. Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] “cval” = 1 “FirewallDisableNotify” = 0 “AntiVirusDisableNotify” = 0 “UpdatesDisableNotify” = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] “VistaSp1” = 28 4D B2 76 41 04 CA 01 [binary data] “AntiVirusOverride” = 0 “AntiSpywareOverride” = 0 “FirewallOverride” = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] “FirewallDisableNotify” = 0 “AntiVirusDisableNotify” = 0 “UpdatesDisableNotify” = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] “DisableSR” = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] “DisableNotifications” = 0 “EnableFirewall” = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] “DisableNotifications” = 0 “EnableFirewall” = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] “DisableNotifications” = 0 “EnableFirewall” = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] “{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}” = rport=445 \| protocol=6 \| dir=out \| app=system \| “{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}” = lport=138 \| protocol=17 \| dir=in \| app=system \| “{08E024BB-596A-4DFF-A430-159062EB67CE}” = lport=10243 \| protocol=6 \| dir=in \| app=system \| “{199B73BC-BFA7-46DF-8DF1-37B808E1BAEA}” = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| “{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}” = lport=2177 \| protocol=6 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| “{25B9D31D-64EC-44F5-900B-17177C3E5D3C}” = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| “{295EF879-34FC-4A05-A484-51AA1443280E}” = lport=445 \| protocol=6 \| dir=in \| app=system \| “{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}” = rport=2177 \| protocol=6 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| “{4084E937-EAAA-47EE-9520-7BE7CE434C09}” = lport=rpc \| protocol=6 \| dir=in \| svc=spooler \| app=%systemroot%\system32\spoolsv.exe \| “{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}” = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| name=@firewallapi.dll,-28539 \| “{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}” = lport=139 \| protocol=6 \| dir=in \| app=system \| “{5D36BC70-07E9-45F7-9DFE-5A3AFD6B139B}” = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| “{6364B77A-8796-4078-B3CC-5963A3E70B4F}” = rport=139 \| protocol=6 \| dir=out \| app=system \| “{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}” = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| “{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}” = rport=138 \| protocol=17 \| dir=out \| app=system \| “{86444BB3-291D-4D31-A046-BB4AA3243C28}” = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| “{AF8150A9-8B4A-4262-900E-D368942052B3}” = lport=2869 \| protocol=6 \| dir=in \| app=system \| “{BE10AB93-C4A6-464B-BE93-069E778BFF99}” = rport=10243 \| protocol=6 \| dir=out \| app=system \| “{C232D951-55E7-4D04-9346-F88A07FC0B22}” = lport=137 \| protocol=17 \| dir=in \| app=system \| “{C428A183-FD79-40B5-990D-895328F43AC8}” = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| “{CF0676E6-E2EC-438A-9741-7029DEBD00CE}” = rport=2177 \| protocol=17 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| “{F534D21D-02A4-4E48-A237-A3745ED5E6D3}” = rport=137 \| protocol=17 \| dir=out \| app=system \| “{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}” = lport=2177 \| protocol=17 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] “{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}” = protocol=58 \| dir=in \| name=@firewallapi.dll,-28545 \| “{02A4D600-582A-4C14-ADFE-C125CF0CB18F}” = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmpnetwk.exe \| “{1473D86F-6F04-46A3-9153-CD04272511DC}” = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| “{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}” = protocol=1 \| dir=in \| name=@firewallapi.dll,-28543 \| “{56E808A1-BFD0-4B79-B567-B9FA848D697F}” = protocol=1 \| dir=out \| name=@firewallapi.dll,-28544 \| “{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}” = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| “{62F27534-2769-4D2F-B42F-E96E62F64F44}” = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| “{6581AFB9-3B91-47B8-89B6-6E7C99065EA7}” = protocol=6 \| dir=in \| app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe \| “{65901CFC-D156-4C8F-90EA-C26D256CA195}” = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| “{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}” = protocol=6 \| dir=in \| app=%programfiles%\windows media player\wmpnetwk.exe \| “{8642AF85-31DC-4BB3-8E9D-1E478C224084}” = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| “{A5589677-56C4-46C1-A86B-1F0B5425786F}” = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| “{AB3FBA72-52C3-4476-9A38-230DBE05659B}” = protocol=17 \| dir=in \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| “{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}” = protocol=6 \| dir=out \| app=system \| “{CE504808-152F-4073-8BB9-0F8E7C4D30C6}” = protocol=17 \| dir=out \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| “{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}” = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| “{E8715BB0-E132-4617-B344-62E03BFE2C1C}” = protocol=58 \| dir=out \| name=@firewallapi.dll,-28546 \| “{E926E57D-011D-4F63-BCC5-FFCFDC28D091}” = protocol=6 \| dir=out \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| “{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}” = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmpnetwk.exe \| “{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}” = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmpnetwk.exe \| “{F877FD36-0229-4F88-A6EC-408A523E2416}” = protocol=17 \| dir=in \| app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe \| “TCP Query User{A84617D8-919F-4406-B438-5F33E471E4AE}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe” = protocol=6 \| dir=in \| app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe \| “UDP Query User{1CD6E516-662E-4155-BD1E-B442689F894B}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe” = protocol=17 \| dir=in \| app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe \| ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “{0090A87C-3E0E-43D4-AA71-A71B06563A4A}” = Dell Support Center “{027E5FAB-1476-4C59-AAB4-32EF28520399}” = Windows Live Language Selector “{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}” = Windows Live ID Sign-in Assistant “{1DD03A94-C815-46EF-A43A-B36694002A7C}” = TortoiseSVN 1.6.16.21511 (64 bit) “{26A24AE4-039D-4CA4-87B4-2F86416023FF}” = Java(TM) 6 Update 23 (64-bit) “{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}” = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 “{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}” = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 “{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}” = Roxio File Backup “{62B883AB-AC37-9127-56D0-2C3FC0AFC724}” = ccc-utility64 “{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}” = Apple Mobile Device Support “{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}” = Bonjour “{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}” = iTunes “{850B8072-2EA7-4EDC-B930-7FE569495E76}” = Windows Live Remote Client Resources “{8E34682C-8118-31F1-BC4C-98CD9675E1C2}” = Microsoft .NET Framework 4 Extended “{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}” = Dell Edoc Viewer “{90140000-006D-0406-1000-0000000FF1CE}” = Microsoft Office Klik og kør 2010 “{95120000-00B9-0409-1000-0000000FF1CE}” = Microsoft Application Error Reporting “{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}” = RBVirtualFolder64Inst “{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}” = Microsoft SQL Server Compact 3.5 SP2 x64 ENU “{DA54F80E-261C-41A2-A855-549A144F2F59}” = Windows Live MIME IFilter “{DF6D988A-EEA0-4277-AAB8-158E086E439B}” = Windows Live Remote Client “{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}” = Windows Live Remote Service “{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}” = Microsoft .NET Framework 4 Client Profile “{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}” = Windows Live Remote Service Resources “{F83E9BF0-B8D8-3D68-9E07-7505290C2202}” = Microsoft .NET Framework 4 Client Profile DAN Language Pack “Dell Support Center” = Dell Support Center “Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile “Microsoft .NET Framework 4 Client Profile DAN Language Pack” = Microsoft .NET Framework 4 Client Profile DAN sprogpakke “Microsoft .NET Framework 4 Extended” = Microsoft .NET Framework 4 Extended “WinRAR archiver” = WinRAR 4.00 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “{00884F14-05BD-4D8E-90E5-1ABF78948CA4}” = Windows Live Mesh “{010A785B-F920-4350-821B-6309909C20BB}” = THX TruStudio PC “{048298C9-A4D3-490B-9FF9-AB023A9238F3}” = Steam “{055EE59D-217B-43A7-ABFF-507B966405D8}” = ATI Catalyst Control Center “{097E59B5-CCAB-46B6-6A0B-EDF2CA595C84}” = CCC Help French “{0B0F231F-CE6A-483D-AA23-77B364F75917}” = Windows Live Installer “{0E64B098-8018-4256-BA23-C316A43AD9B0}” = QuickTime “{0ED7EE95-6A97-47AA-AD73-152C08A15B04}” = Dell DataSafe Local Backup “{10186F1A-6A14-43DF-A404-F0105D09BB07}” = Windows Live Mail “{122ADF8C-DDA1-480C-9936-C88F2825B265}” = Apple Application Support “{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}” = Mass Effect “{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 “{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}” = Junk Mail filter update “{1F77C418-2C90-459C-BD33-B56A4182B9FA}” = System Requirements Lab CYRI “{200FEC62-3C34-4D60-9CE8-EC372E01C08F}” = Windows Live SOXE Definitions “{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk” = Google Talk (remove only) “{25FAEDD1-3733-86F7-55F5-D7AEAF2D93B0}” = CCC Help Danish “{26A24AE4-039D-4CA4-87B4-2F83216022F0}” = Java(TM) 6 Update 22 “{26A24AE4-039D-4CA4-87B4-2F83216031FF}” = Java(TM) 6 Update 31 “{280DF415-F2C2-122F-CC52-AA7EAECF3E14}” = CCC Help Czech “{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}” = Google Earth Plug-in “{2D943F95-2C76-4951-9AEF-0977AF5DE11A}” = AMD Fusion Media Explorer “{3250260C-7A95-4632-893B-89657EB5545B}” = PhotoShowExpress “{32773B3E-45CA-5CA3-0A6A-E3FF592B3AD3}” = Catalyst Control Center Graphics Previews Vista “{3336F667-9049-4D46-98B6-4C743EEBC5B1}” = Windows Live Photo Gallery “{36CEA188-3DFA-6391-4774-C92D4B092407}” = Skins “{3A9FC03D-C685-4831-94CF-4EDFD3749497}” = Microsoft SQL Server Compact 3.5 SP2 ENU “{41068A8C-3F30-46B6-978A-EA692F28D1AF}” = Multimedia Card Reader “{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}” = Windows Live Photo Gallery “{46D936B9-DE22-983C-341C-968C3E122CF8}” = CCC Help Dutch “{480C0D1B-C42A-FD87-F404-A54D9B1C619C}” = CCC Help Hungarian “{481AB4A0-BB71-F2D9-E155-89F0D773FE9E}” = Catalyst Control Center Localization All “{48657AA5-5A07-4C3A-8ED8-8B7CA4A9707C}” = OpenOffice.org 3.3 “{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater “{4B744C85-DBB1-4038-B989-4721EB22C582}” = Windows Live Messenger “{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1” = Brytenwalda version 1.394 “{53447D64-FD9C-B3B9-25B3-47292EE10EBF}” = CCC Help Japanese “{56158912-D481-DE3A-298C-E13B24E3A87C}” = Catalyst Control Center Graphics Full New “{57220148-3B2B-412A-A2E0-82B9DF423696}” = Windows Live Mesh ActiveX-objekt til fjernforbindelser “{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}” = Roxio BackOnTrack “{5F58EF0F-3E92-49B9-A315-872C65F30F05}” = PHOTOfunSTUDIO 8.1 PE “{6262B40D-FAA5-5CCF-6DE3-9FAFB6C7DC89}” = Catalyst Control Center Graphics Previews Common “{64997420-9AFE-289E-1B7A-E2C59937D973}” = CCC Help Portuguese “{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}” = Roxio Express Labeler 3 “{682B3E4F-696A-42DE-A41C-4C07EA1678B4}” = Windows Live SOXE “{6BBC8D43-AA08-8FCD-EDA6-EED2342A4FF0}” = CCC Help Turkish “{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}” = Roxio Creator Starter “{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable “{72E5E3F5-5BE3-BA64-49A6-4FA26EF69721}” = Catalyst Control Center InstallProxy “{749FCBB7-D313-CCCA-E2CF-7850A019311F}” = CCC Help Finnish “{74CC9A1B-4A3D-AEEC-3ED6-71F7B42A5EFE}” = CCC Help Chinese Traditional “{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}” = Mass Effect 2 “{770657D0-A123-3C07-8E44-1C83EC895118}” = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 “{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}” = Roxio Burn “{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}” = Bing Bar “{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}” = Messenger Companion “{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}” = Apple Software Update “{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}” = Windows Live Messenger Companion Core “{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}” = Dell Getting Started Guide “{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}” = LUMIX Map Tool “{7EC66A95-AC2D-4127-940B-0445A526AB2F}” = Dell DataSafe Online “{820B6609-4C97-3A2B-B644-573B06A0F0CC}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 “{827D3E4A-0186-48B7-9801-7D1E9DD40C07}” = Windows Live Essentials “{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable “{83C292B7-38A5-440B-A731-07070E81A64F}” = Windows Live PIMT Platform “{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}” = AMD Fusion Utility for Desktops “{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight “{8B76B8E9-F773-4B75-A08C-120079EB765E}” = RAIDXpert “{8BBCF476-7566-9129-F7C0-619087484138}” = CCC Help Norwegian “{8C6D6116-B724-4810-8F2D-D047E6B7D68E}” = Mesh Runtime “{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}” = MSVCRT “{8FF50F43-7BB0-4BF4-C67F-F9BF254AC278}” = CCC Help Spanish “{90140011-0066-0406-0000-0000000FF1CE}” = Microsoft Office Starter 2010 - dansk “{92EA4134-10D1-418A-91E1-5A0453131A38}” = Windows Live Movie Maker “{95140000-0070-0000-0000-0000000FF1CE}” = Microsoft Office 2010 “{981029E0-7FC9-4CF3-AB39-6F133621921A}” = Skype Toolbars “{9A00EC4E-27E1-42C4-98DD-662F32AC8870}” = Sonic CinePlayer Decoder Pack “{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 “{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 “{9D56775A-93F3-44A3-8092-840E3826DE30}” = Windows Live Mail “{9DD96558-0E0C-8563-E00D-C970155C5503}” = CCC Help German “{A121EEDE-C68F-461D-91AA-D48BA226AF1C}” = Roxio Activation Module “{A58E067E-2C66-B40A-AF7A-4A82307E671C}” = CCC Help Thai “{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}” = Catalyst Control Center - Branding “{A726AE06-AAA3-43D1-87E3-70F510314F04}” = Windows Live Writer “{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper “{A963B964-749A-4313-B7A1-0B4AA51A622B}” = Dell MusicStage “{A9668246-FB70-4103-A1E3-66C9BC2EFB49}” = Dell DataSafe Local Backup - Support Software “{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}” = Windows Live Photo Common “{AC76BA86-7AD7-FFFF-7B44-AA0000000001}” = Adobe Reader X (10.1.3) MUI “{AD17B1DD-9342-F787-92EC-E93441042A23}” = CCC Help English “{AF1D271B-B122-1707-6707-9E29A96082D2}” = CCC Help Polish “{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}” = DirectX 9 Runtime “{BEE0F537-96FA-8F84-FB5E-570EE86F636A}” = Catalyst Control Center Core Implementation “{C1E448E5-6E43-4B89-9AC9-8E464A8B78A7}” = Dell Stage “{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}” = NVIDIA PhysX “{CDD450A5-9F2E-1D61-5FEB-DDD30E985D23}” = CCC Help Korean “{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}” = Windows Live UX Platform “{CF671BFE-6BA3-44E7-98C1-500D9C51D947}” = Windows Live Photo Gallery “{D0B44725-3666-492D-BEF6-587A14BD9BD9}” = MSVCRT_amd64 “{D103C4BA-F905-437A-8049-DB24763BBE36}” = Skype™ 4.1 “{D45240D3-B6B3-4FF9-B243-54ECE3E10066}” = Windows Live Communications Platform “{D5BAE960-8312-3EB3-A116-3F5926A1E7B7}” = Catalyst Control Center Graphics Full Existing “{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}” = Windows Live Movie Maker “{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}” = Dell VideoStage “{DECDCB7C-58CC-4865-91AF-627F9798FE48}” = Windows Live Mesh “{E09C4DB7-630C-4F06-A631-8EA7239923AF}” = D3DX10 “{E4335E82-17B3-460F-9E70-39D9BC269DB3}” = Dell PhotoStage “{E4382E64-1EB5-09D2-5D29-FEBB46A6F340}” = CCC Help Italian “{E5B21F11-6933-4E0B-A25C-7963E3C07D11}” = Windows Live Messenger “{E5DD4723-FE0B-436E-A815-DC23CF902A0B}” = Windows Live UX Platform Language Pack “{E8524B28-3BBB-4763-AC83-0E83FE31C350}” = Windows Live Writer “{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}” = Windows Live Writer Resources “{E9E8E4CC-8274-3831-7103-10B2AD73588C}” = CCC Help Russian “{EA100873-8DD1-4505-2D61-9666569B54B6}” = Catalyst Control Center Graphics Light “{EF56258E-0326-48C5-A86C-3BAC26FC15DF}” = Roxio Creator Starter “{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}” = Roxio Creator Starter “{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}” = The Witcher 2 “{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}” = Microsoft SQL Server 2005 Compact Edition [ENU] “{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}” = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 “{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver “{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}” = The Witcher “{F26A0379-5852-CA4C-0BF6-662AC274A3D8}” = CCC Help Swedish “{F8C87E78-B318-C156-F8B0-427F6D3FC443}” = CCC Help Greek “{FF527B68-2D1D-B15B-0FFC-8BF8487AD194}” = ccc-core-static “{AA43D433-3DE8-F2CA-1728-4BA962D9FAE4}” = CCC Help Chinese Standard “{AA68AAAE-41F0-40B5-8896-5947F5FD6889}” = AirPort “{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}” = Windows Live Writer “3ivx MPEG-4 5.0.2” = 3ivx MPEG-4 5.0.2 (remove only) “Adobe Flash Player ActiveX” = Adobe Flash Player 11 ActiveX “InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}” = Multimedia Card Reader “InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}” = LUMIX Map Tool “InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}” = RAIDXpert “InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}” = Dell VideoStage “InterCasinoV9EnglishUSD” = InterCasino “InterPoker” = InterPoker “LameACM” = Lame ACM MP3 Codec “Malwarebytes’ Anti-Malware_is1” = Malwarebytes Anti-Malware version 1.62.0.1300 “MSC” = McAfee SecurityCenter “Office14.Click2Run” = Microsoft Office Klik og kør 2010 “Picasa 3” = Picasa 3 “Steam App 48700” = Mount and Blade: Warband “Steam App 72850” = The Elder Scrolls V: Skyrim “Steam App 8930” = Sid Meier’s Civilization V “Winamp” = Winamp “WinLiveSuite” = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1503206898-520384191-2834299147-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “f031ef6ac137efc5” = Dell Driver Download Manager “Octoshape add-in for Adobe Flash Player” = Octoshape add-in for Adobe Flash Player “Octoshape Streaming Services” = Octoshape Streaming Services “Spotify” = Spotify “Winamp Detect” = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21-12-2011 15:40:54 \| Computer Name = Claus-Pc \| Source = Bonjour Service \| ID = 100 Description = ERROR: mDNSPlatformReadTCP - recv: 10053 Error - 21-12-2011 15:40:54 \| Computer Name = Claus-Pc \| Source = Bonjour Service \| ID = 100 Description = 632: ERROR: read_msg errno 0 (Handlingen er gennemført.) Error - 22-12-2011 08:34:47 \| Computer Name = Claus-Pc \| Source = Bonjour Service \| ID = 100 Description = ERROR: mDNSPlatformReadTCP - recv: 10053 Error - 22-12-2011 08:34:47 \| Computer Name = Claus-Pc \| Source = Bonjour Service \| ID = 100 Description = 632: ERROR: read_msg errno 0 (Handlingen er gennemført.) Error - 22-12-2011 10:12:43 \| Computer Name = Claus-Pc \| Source = Bonjour Service \| ID = 100 Description = ERROR: mDNSPlatformReadTCP - recv: 10053 Error - 22-12-2011 10:12:43 \| Computer Name = Claus-Pc \| Source = Bonjour Service \| ID = 100 Description = 468: ERROR: read_msg errno 0 (Handlingen er gennemført.) Error - 22-12-2011 15:56:49 \| Computer Name = Claus-Pc \| Source = Bonjour Service \| ID = 100 Description = ERROR: mDNSPlatformReadTCP - recv: 10053 Error - 22-12-2011 15:56:49 \| Computer Name = Claus-Pc \| Source = Bonjour Service \| ID = 100 Description = 632: ERROR: read_msg errno 0 (Handlingen er gennemført.) Error - 23-12-2011 03:26:02 \| Computer Name = Claus-Pc \| Source = Bonjour Service \| ID = 100 Description = ERROR: mDNSPlatformReadTCP - recv: 10053 Error - 23-12-2011 03:26:02 \| Computer Name = Claus-Pc \| Source = Bonjour Service \| ID = 100 Description = 632: ERROR: read_msg errno 0 (Handlingen er gennemført.) [ Dell Events ] Error - 06-09-2011 11:39:57 \| Computer Name = Claus-Pc \| Source = DataSafe \| ID = 17 Description = Processen blev afbrudt, før den blev gennemført. Error - 13-09-2011 06:00:06 \| Computer Name = Claus-Pc \| Source = DataSafe \| ID = 17 Description = Processen blev afbrudt, før den blev gennemført. Error - 13-09-2011 06:00:07 \| Computer Name = Claus-Pc \| Source = DataSafe \| ID = 17 Description = Processen blev afbrudt, før den blev gennemført. Error - 13-09-2011 12:26:06 \| Computer Name = Claus-Pc \| Source = DataSafe \| ID = 17 Description = Processen blev afbrudt, før den blev gennemført. Error - 13-09-2011 12:26:06 \| Computer Name = Claus-Pc \| Source = DataSafe \| ID = 17 Description = Processen blev afbrudt, før den blev gennemført. Error - 14-09-2011 02:54:43 \| Computer Name = Claus-Pc \| Source = DataSafe \| ID = 17 Description = Processen blev afbrudt, før den blev gennemført. Error - 14-09-2011 02:54:43 \| Computer Name = Claus-Pc \| Source = DataSafe \| ID = 17 Description = Processen blev afbrudt, før den blev gennemført. Error - 14-09-2011 13:30:58 \| Computer Name = Claus-Pc \| Source = DataSafe \| ID = 17 Description = Processen blev afbrudt, før den blev gennemført. Error - 14-09-2011 13:30:59 \| Computer Name = Claus-Pc \| Source = DataSafe \| ID = 17 Description = Processen blev afbrudt, før den blev gennemført. Error - 20-09-2011 15:40:26 \| Computer Name = Claus-Pc \| Source = DataSafe \| ID = 17 Description = Processen blev afbrudt, før den blev gennemført. [ System Events ] Error - 26-07-2012 08:01:55 \| Computer Name = Claus-Pc \| Source = Service Control Manager \| ID = 7003 Description = Tjenesten McAfee Personal Firewall Service afhænger af følgende tjeneste: MpsSvc. Tjenesten er muligvis ikke installeret. Error - 26-07-2012 08:09:55 \| Computer Name = Claus-Pc \| Source = Service Control Manager \| ID = 7003 Description = Tjenesten McAfee Personal Firewall Service afhænger af følgende tjeneste: MpsSvc. Tjenesten er muligvis ikke installeret. Error - 26-07-2012 08:09:59 \| Computer Name = Claus-Pc \| Source = Service Control Manager \| ID = 7003 Description = Tjenesten McAfee Personal Firewall Service afhænger af følgende tjeneste: MpsSvc. Tjenesten er muligvis ikke installeret. Error - 26-07-2012 08:09:59 \| Computer Name = Claus-Pc \| Source = Service Control Manager \| ID = 7003 Description = Tjenesten McAfee Personal Firewall Service afhænger af følgende tjeneste: MpsSvc. Tjenesten er muligvis ikke installeret. Error - 26-07-2012 08:24:44 \| Computer Name = Claus-Pc \| Source = Service Control Manager \| ID = 7030 Description = Tjenesten PEVSystemStart er markeret som en interaktiv tjeneste. Systemet er dog konfigureret til ikke at tillade interaktive tjenester. Denne tjeneste fungerer muligvis ikke korrekt. Error - 26-07-2012 08:28:49 \| Computer Name = Claus-Pc \| Source = Application Popup \| ID = 1060 Description = Indlæsning af \??\C:\ComboFix\catchme.sys er blevet blokeret på grund af inkompatibilitet med dette system. Kontakt softwareleverandøren for at få en kompatibel version af driveren. Error - 26-07-2012 08:36:04 \| Computer Name = Claus-Pc \| Source = Service Control Manager \| ID = 7030 Description = Tjenesten PEVSystemStart er markeret som en interaktiv tjeneste. Systemet er dog konfigureret til ikke at tillade interaktive tjenester. Denne tjeneste fungerer muligvis ikke korrekt. Error - 26-07-2012 08:36:15 \| Computer Name = Claus-Pc \| Source = Service Control Manager \| ID = 7030 Description = Tjenesten PEVSystemStart er markeret som en interaktiv tjeneste. Systemet er dog konfigureret til ikke at tillade interaktive tjenester. Denne tjeneste fungerer muligvis ikke korrekt. Error - 26-07-2012 08:39:43 \| Computer Name = Claus-Pc \| Source = Service Control Manager \| ID = 7023 Description = Tjenesten Windows Defender blev afbrudt med følgende fejl: %6 Error - 26-07-2012 12:54:01 \| Computer Name = Claus-Pc \| Source = Service Control Manager \| ID = 7022 Description = Tjenesten Windows Update hang ved start. < End of report >
[ Ignorer ] [ # 12 ] f-arn TeamSpywarefri
27.07.2012 10:56:26 Administrator Team Spywarefri Antal indlæg: 7045	Deaktiver dine Sikkerheds programmer, mens “Fixet” kører. Start OTL Vista og Windows 7 - højreklik på filen - Kør som Administrator. Kopier nedenstånde med fed skrift ind i feltet “Custom Scans/Fixes” :processes killallprocesses :OTL O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. [1 C:\Windows\SysNative\.tmp files -> C:\Windows\SysNative\.tmp -> ] :files c:\windows\system32\zz-services.tmp ipconfig /flushdns /c :Commands [CREATERESTOREPOINT] [emptytemp] [Reboot] Luk alle andre åbne vinduer og klik på “Run Fix” Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd. Ellers ligger den her: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log ——— Deaktiver dit antivirus-program, kør en online scanning med ESET Online Scanner: http://www.eset.com/home/products/online-scanner/ Du skal acceptere betingelserne for brug, og klik på Start. Efter ActiveX Control er indlæst, vil det tage et par minutter for scanneren at blive klar. Dernæst skal du sætte flueben i følgende felter: (kun dem) Den må ikke fjerne noget. <- Vigtigt Scan archives under advanced settings Scan for potentialy unwanted applications Scan for potentially unsafe applications Enable anti-stealth technology Klik på Start. Denne scanning kan tage et stykke tid, så vær tålmodig. En log vil åbne, når scanningen er færdig. (hvis ikke, skal du gå til C:\Programmer (86)\EsetOnlineScanner\ og åbne filen Log.txt). Kopier den herind i næste svar. PS Husk at køre Internet Explorer/Firefox som Admin Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 13 ] clr
28.07.2012 20:27:44 Antal indlæg: 16	Her er de næste resultater: All processes killed ========== PROCESSES ========== ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. C:\Windows\SysNative\zz-services.tmp deleted successfully. ========== FILES ========== File\Folder c:\windows\system32\zz-services.tmp not found. < ipconfig /flushdns /c > Windows IP-konfiguration DNS Resolver Cache blev t›mt. C:\ny\cmd.bat deleted successfully. C:\ny\cmd.txt deleted successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point [EMPTYTEMP] User: All Users User: Claus ->Temp folder emptied: 8256 bytes ->Temporary Internet Files folder emptied: 150351212 bytes ->Java cache emptied: 2930266 bytes ->Flash cache emptied: 1339903 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 66984 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67797 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 148,00 mb OTL by OldTimer - Version 3.2.54.1 log created on 07282012_102632 Files\Folders moved on Reboot… C:\Users\Claus\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\hsperfdata_CLAUS-PC$\3004 not found! PendingFileRenameOperations files… File C:\Users\Claus\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Windows\temp\hsperfdata_CLAUS-PC$\3004 not found! Registry entries deleted on Reboot…
[ Ignorer ] [ # 14 ] clr
28.07.2012 20:28:54 Antal indlæg: 16	Resultatet for scaningen: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=27b4b8a863897a47b875a7c10c996443 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-07-28 06:23:05 # local_time=2012-07-28 08:23:05 (+0100, Rom, sommertid) # country=“Denmark” # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5121 16777213 100 75 4281890 8690354 0 0 # compatibility_mode=5893 16776573 100 94 156413 95094708 0 0 # compatibility_mode=8192 67108863 100 0 176 176 0 0 # scanned=497788 # found=2 # cleaned=0 # scan_time=34926 C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (unable to clean) 00000000000000000000000000000000 I
[ Ignorer ] [ # 15 ] f-arn TeamSpywarefri
29.07.2012 10:28:26 Administrator Team Spywarefri Antal indlæg: 7045	Hvordan kører PCen Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !

1 af 2

Næste