Spywarefri Forum | har haft besøg af en trojan

1 af 2

har haft besøg af en trojan

[ Ignorer ] op
11.08.2012 15:58:18 Antal indlæg: 336	Hej Spywarefri ! det er heldigvis snart længe siden sidst. jeg har som sagt haft besøg af en trojan, men har fået fjernet den med Spysweper nu har jeg så skannet efter jeres vejledning,og sender snart hvad der ligger swf mappen. med venlig hilsen otto
[ Ignorer ] [ # 1 ] op
11.08.2012 16:36:02 Antal indlæg: 336	Hej Spywarefri ! DEt er snart længe siden, men som sagt har jeg haft besøg af en trojan, som jeg har fjernet med spysweper, jeg har fulgt jeres vejledning og her kommer scanningerne. Eset log ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-02-08 04:58:31 # local_time=2011-02-08 05:58:31 (+0100, Rom, normaltid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 44868605 44868605 0 0 # compatibility_mode=8192 67108863 100 0 1830349 1830349 0 0 # scanned=44359 # found=1 # cleaned=1 # scan_time=1228 C:\System Volume Information\_restore{A726EB58-4910-4535-971D-BFC441CC2866}\RP674\A0091302.exe Win32/RegistryBooster program (slettet - i karantæne) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-02-17 10:55:12 # local_time=2011-02-17 11:55:12 (+0100, Rom, normaltid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 45624311 45624311 0 0 # compatibility_mode=8192 67108863 100 0 2586055 2586055 0 0 # scanned=45518 # found=0 # cleaned=0 # scan_time=1324 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-02-24 10:56:37 # local_time=2011-02-24 11:56:37 (+0100, Rom, normaltid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 46229094 46229094 0 0 # compatibility_mode=8192 67108863 100 0 3190838 3190838 0 0 # scanned=46257 # found=0 # cleaned=0 # scan_time=1426 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-03-21 12:37:21 # local_time=2011-03-21 01:37:21 (+0100, Rom, normaltid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 48395007 48395007 0 0 # compatibility_mode=8192 67108863 100 0 5356751 5356751 0 0 # scanned=49750 # found=0 # cleaned=0 # scan_time=1557 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-03-28 10:01:29 # local_time=2011-03-28 12:01:29 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 48990323 48990323 0 0 # compatibility_mode=8192 67108863 100 0 5952067 5952067 0 0 # scanned=56687 # found=3 # cleaned=3 # scan_time=1689 C:\Programmer\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC program (renset ved sletning - i karantæne) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A726EB58-4910-4535-971D-BFC441CC2866}\RP722\A0095833.exe Win32/SpeedUpMyPC program (slettet - i karantæne) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A726EB58-4910-4535-971D-BFC441CC2866}\RP724\A0095919.exe Win32/SpeedUpMyPC program (renset ved sletning - i karantæne) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-04-26 09:29:32 # local_time=2011-04-26 11:29:32 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 51493967 51493967 0 0 # compatibility_mode=8192 67108863 100 0 8455711 8455711 0 0 # scanned=54440 # found=0 # cleaned=0 # scan_time=1728 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-10 11:09:40 # local_time=2011-05-10 01:09:40 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 52709407 52709407 0 0 # compatibility_mode=8192 67108863 100 0 9671151 9671151 0 0 # scanned=60535 # found=0 # cleaned=0 # scan_time=1896 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-24 10:21:29 # local_time=2011-05-24 12:21:29 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 53915745 53915745 0 0 # compatibility_mode=8192 67108863 100 0 10877489 10877489 0 0 # scanned=52293 # found=0 # cleaned=0 # scan_time=2267 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-10 02:17:08 # local_time=2011-06-10 04:17:08 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 55398583 55398583 0 0 # compatibility_mode=8192 67108863 100 0 12360327 12360327 0 0 # scanned=57167 # found=0 # cleaned=0 # scan_time=2368 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-13 11:22:55 # local_time=2011-06-13 01:22:55 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 55647540 55647540 0 0 # compatibility_mode=8192 67108863 100 0 12609284 12609284 0 0 # scanned=53862 # found=0 # cleaned=0 # scan_time=2157 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-28 11:03:37 # local_time=2011-06-28 01:03:37 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 56942405 56942405 0 0 # compatibility_mode=8192 67108863 100 0 13904149 13904149 0 0 # scanned=54995 # found=0 # cleaned=0 # scan_time=2135 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-16 10:50:27 # local_time=2011-07-16 12:50:27 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 58496741 58496741 0 0 # compatibility_mode=8192 67108863 100 0 15458485 15458485 0 0 # scanned=57157 # found=0 # cleaned=0 # scan_time=2209 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-05 10:13:03 # local_time=2011-09-05 12:13:03 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 62900177 62900177 0 0 # compatibility_mode=8192 67108863 100 0 19861921 19861921 0 0 # scanned=80302 # found=3 # cleaned=3 # scan_time=2929 C:\Documents and Settings\Otto\Lokale indstillinger\temp\ICReinstall\cnet_burnaware_free_exe.exe en variant af Win32/InstallCore.C program (renset ved sletning - i karantæne) 00000000000000000000000000000000 C C:\RECYCLER\S-1-5-21-527237240-484763869-725345543-1004\Dc54.exe en variant af Win32/InstallCore.C program (renset ved sletning - i karantæne) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A726EB58-4910-4535-971D-BFC441CC2866}\RP883\A0121493.exe en variant af Win32/InstallCore.C program (renset ved sletning - i karantæne) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-24 10:01:06 # local_time=2011-09-24 12:01:06 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 64541299 64541299 0 0 # compatibility_mode=8192 67108863 100 0 21503043 21503043 0 0 # scanned=82157 # found=0 # cleaned=0 # scan_time=2690 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-20 09:20:27 # local_time=2011-10-20 11:20:27 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 66785282 66785282 0 0 # compatibility_mode=8192 67108863 100 0 23747026 23747026 0 0 # scanned=63629 # found=2 # cleaned=2 # scan_time=2667 C:\System Volume Information\_restore{A726EB58-4910-4535-971D-BFC441CC2866}\RP923\A0130611.rbf en variant af Win32/SlowPCfighter program (renset ved sletning - i karantæne) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A726EB58-4910-4535-971D-BFC441CC2866}\RP923\A0130646.exe en variant af Win32/SlowPCfighter program (renset ved sletning - i karantæne) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-24 10:22:22 # local_time=2011-10-24 12:22:22 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 67134582 67134582 0 0 # compatibility_mode=8192 67108863 100 0 24096326 24096326 0 0 # scanned=64569 # found=0 # cleaned=0 # scan_time=2682 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-21 10:21:32 # local_time=2011-11-21 11:21:32 (+0100, Rom, normaltid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 69553492 69553492 0 0 # compatibility_mode=8192 67108863 100 0 26515236 26515236 0 0 # scanned=67525 # found=4 # cleaned=4 # scan_time=2921 C:\Documents and Settings\Otto\Lokale indstillinger\temp\ICReinstall\cnet_disk-defrag-setup_exe.exe en variant af Win32/InstallCore.D program (renset ved sletning - i karantæne) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A726EB58-4910-4535-971D-BFC441CC2866}\RP947\A0132641.rbf en variant af Win32/SlowPCfighter program (renset ved sletning - i karantæne) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A726EB58-4910-4535-971D-BFC441CC2866}\RP948\A0132660.exe en variant af Win32/SlowPCfighter program (slettet - i karantæne) 00000000000000000000000000000000 C C:\System Volume Information\_restore{A726EB58-4910-4535-971D-BFC441CC2866}\RP956\A0133963.exe en variant af Win32/InstallCore.D program (renset ved sletning - i karantæne) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-04-03 02:18:33 # local_time=2012-04-03 04:18:33 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 81145535 81145535 0 0 # compatibility_mode=8192 67108863 100 0 38107279 38107279 0 0 # scanned=74960 # found=0 # cleaned=0 # scan_time=2701 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-16 12:48:23 # local_time=2012-05-16 02:48:23 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 84854788 84854788 0 0 # compatibility_mode=8192 67108863 100 0 41816532 41816532 0 0 # scanned=86247 # found=0 # cleaned=0 # scan_time=3238 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-30 02:06:50 # local_time=2012-05-30 04:06:50 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 86069564 86069564 0 0 # compatibility_mode=8192 67108863 100 0 43031308 43031308 0 0 # scanned=70596 # found=1 # cleaned=1 # scan_time=2768 C:\System Volume Information\_restore{A726EB58-4910-4535-971D-BFC441CC2866}\RP1153\A0158335.exe en variant af Win32/Kryptik.AGEL trojansk hest (renset ved sletning - i karantæne) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-18 10:39:53 # local_time=2012-06-18 12:39:53 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 87698558 87698558 0 0 # compatibility_mode=8192 67108863 100 0 44660302 44660302 0 0 # scanned=90767 # found=0 # cleaned=0 # scan_time=2958 ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-02 08:06:41 # local_time=2012-07-02 10:06:41 (+0100, Rom, sommertid) # country=“Denmark” # lang=1030 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 88899283 88899283 0 0 # compatibility_mode=8192 67108863 100 0 45861027 45861027 0 0 # scanned=82491 # found=0 # cleaned=0 # scan_time=2641 ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=99b521486f98e64bb91d8a0bc72c9fc4 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-08-11 11:58:17 # local_time=2012-08-11 01:58:17 (+0100, Rom, sommertid) # country=“Denmark” # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=256 16777215 100 0 92365174 92365174 0 0 # compatibility_mode=8192 67108863 100 0 49326918 49326918 0 0 # scanned=96612 # found=2 # cleaned=0 # scan_time=6646 C:\Documents and Settings\All Users\Application Data\MYPCTuneUp\MYPCTuneUp\InstallCache\{AD5F99AD-8B1D-413D-9071-0644F2D66FB0}\MYPCTuneUp.msi a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I C:\Documents and Settings\Otto\Lokale indstillinger\Application Data\Sun\Java\Deployment\cache\6.0\48\4b9a58f0-44a37455 a variant of Java/Exploit.Agent.NBL trojan (unable to clean) 00000000000000000000000000000000 I antimalware byte log Malwarebytes Anti-Malware 1.62.0.1300 http://www.malwarebytes.org Database version: v2012.08.11.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Otto :: OTTO-C78BE9C4A7 [administrator] 11-08-2012 11:07:59 mbam-log-2012-08-11 (11-07-59).txt Skanningstype: Fuldstændig skanning Skanningsmuligheder valgt: Hukommelse \| Opstart \| Registreringsdatabasen \| Filsystem \| Heuristics/Ekstra \| Heuristics/Shuriken \| PUP \| PUM Skanningsmuligheder som er deaktiverede: P2P Objekter skannet: 312766 Tid gået: 44 minut(ter), 4 sekund(er) Hukommelses Processorer Inficeret: 0 (Ingen skadelige objekter blev fundet) Hukommelses Moduler Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabasenøgler Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabaseværdier Inficeret: 0 (Ingen skadelige objekter blev fundet) Registreringsdatabasedata Objekter Inficeret: 0 (Ingen skadelige objekter blev fundet) Inficerede Mapper: 0 (Ingen skadelige objekter blev fundet) Inficerede Filer: 2 C:\System Volume Information\_restore{A726EB58-4910-4535-971D-BFC441CC2866}\RP1232\A0201696.exe (Trojan.LameShield) -> Sat i karantæne og slettet succesfuldt. C:\System Volume Information\_restore{A726EB58-4910-4535-971D-BFC441CC2866}\RP1232\A0201706.exe (Trojan.LameShield) -> Sat i karantæne og slettet succesfuldt. (færdig) superantispaware log SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/11/2012 at 03:24 PM Application Version : 5.5.1012 Core Rules Database Version : 9044 Trace Rules Database Version: 6856 Scan type : Complete Scan Total Scan Time : 01:05:55 Operating System Information Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600) Administrator Memory items scanned : 506 Memory threats detected : 0 Registry items scanned : 35229 Registry threats detected : 0 File items scanned : 57766 File threats detected : 54 Adware.Tracking Cookie extremesex4all.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NWLB52DJ ] hotbizarresex.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NWLB52DJ ] eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] track.adform.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .adform.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .adform.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] track.adform.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .adform.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] server.adformdsp.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] server.adformdsp.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .adformdsp.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .adformdsp.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] extremesex4all.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] extremesex4all.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] zoosextubevideo.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .zoosextubevideo.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .zoosextubevideo.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .zoosextubevideo.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .yadro.ru [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] animalporntv.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] animalporntv.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .animalporntv.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .animalporntv.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .animalporntv.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] animalporntv.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] animalporntv.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .animalporntv.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] zoosextv.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] zoosextv.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] zoosextv.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] zoosextv.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .zoosextv.com [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] .zoosex.tv [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] zoosex.tv [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] zoosex.tv [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] ubt.berlingskemedia.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] eas8.emediate.eu [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] ubt.berlingskemedia.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] ubt.berlingskemedia.net [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] adserver3.openadex.dk [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] adserver3.openadex.dk [ C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\COOKIES.SQLITE ] dimma.adservinginternational.com [ C:\DOCUMENTS AND SETTINGS\OTTO\LOKALE INDSTILLINGER\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\OTTO\LOKALE INDSTILLINGER\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OTTO\LOKALE INDSTILLINGER\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\OTTO\LOKALE INDSTILLINGER\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .dimma.adservinginternational.com [ C:\DOCUMENTS AND SETTINGS\OTTO\LOKALE INDSTILLINGER\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] og så de to dds logs . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1 Run by Otto at 16:01:17 on 2012-08-11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1023.200 [GMT 2:00] . AV: Webroot SecureAnywhere Enabled/Updated {D486329C-1488-4CEB-9CC8-D662B732D904} FW: Sunbelt Personal Firewall Enabled . ============== Running Processes =============== . C:\Programmer\Webroot\WRSA.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Programmer\Sunbelt Software\Personal Firewall\SbPFLnch.exe C:\Programmer\Fighters\SPAMfighter\sfus.exe C:\Programmer\Sunbelt Software\Personal Firewall\SbPFSvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Programmer\Fighters\FighterSuiteService.exe C:\Programmer\Webroot\WRSA.exe C:\WINDOWS\Explorer.EXE C:\Programmer\VIA\VIAudioi\HDADeck\HDeck.exe C:\Programmer\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\Programmer\Fighters\SPAMfighter\sfagent.exe C:\Programmer\Fighters\Tray\FightersTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmer\Fælles filer\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Messenger\msmsgs.exe C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe C:\Programmer\Fælles filer\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programmer\HP\Digital Imaging\bin\hpqbam08.exe C:\Programmer\HP\Digital Imaging\bin\hpqgpc01.exe C:\Programmer\SUPERAntiSpyware\SASCORE.EXE C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\sol.exe C:\Programmer\Mozilla Firefox\firefox.exe C:\Programmer\Secunia\PSI\PSIA.exe C:\Programmer\Secunia\PSI\PSI_TRAY.exe C:\Programmer\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ni.dk uDefault_Search_URL = hxxp://www.google.com/ie BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\programmer\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programmer\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\oracle\javafx 2.1 runtime\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\programmer\hp\digital imaging\smart web printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\programmer\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] “c:\programmer\messenger\msmsgs.exe” /background uRun: [SUPERAntiSpyware] c:\programmer\superantispyware\SUPERAntiSpyware.exe mRun: [HDAudDeck] “c:\programmer\via\viaudioi\hdadeck\HDeck.exe” 1 mRun: [hpqSRMon] “c:\programmer\hp\digital imaging\bin\hpqSRMon.exe” mRun: [Adobe Reader Speed Launcher] “c:\programmer\adobe\reader 10.0\reader\Reader_sl.exe” mRun: [Adobe ARM] “c:\programmer\fælles filer\adobe\arm\1.0\AdobeARM.exe” mRun: [sfagent] “c:\programmer\fighters\spamfighter\sfagent.exe” mRun: [CommonToolkitTray] “c:\programmer\fighters\tray\FightersTray.exe” mRun: [WRSVC] “c:\programmer\webroot\WRSA.exe” -ul mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [nwiz] c:\programmer\nvidia corporation\nview\nwiz.exe /installquiet mRun: [APSDaemon] “c:\programmer\fælles filer\apple\apple application support\APSDaemon.exe” mRun: [SunJavaUpdateSched] “c:\programmer\fælles filer\java\java update\jusched.exe” dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\hpdigi~1.lnk - c:\programmer\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\micros~1.lnk - c:\programmer\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\photof~1.lnk - c:\programmer\fælles filer\panasonic\photofunstudio autostart\AutoStartupService.exe StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\secuni~1.lnk - c:\programmer\secunia\psi\psi_tray.exe uPolicies-explorer: NoViewOnDrive = 0 (0x0) uPolicies-explorer: DisableLocalMachineRun = 0 (0x0) uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0) uPolicies-explorer: DisableCurrentUserRun = 0 (0x0) uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0) uPolicies-explorer: NoFile = 0 (0x0) uPolicies-explorer: HideClock = 0 (0x0) uPolicies-explorer: NoDevMgrUpdate = 0 (0x0) uPolicies-explorer: NoDFSTab = 0 (0x0) uPolicies-explorer: NoWindowsUpdate = 0 (0x0) uPolicies-explorer: NoEncryptOnMove = 0 (0x0) uPolicies-explorer: NoResolveTrack = 0 (0x0) uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0) uPolicies-system: NoDispAppearancePage = 0 (0x0) uPolicies-system: NoDispSettingsPage = 0 (0x0) mPolicies-explorer: NoViewOnDrive = 0 (0x0) mPolicies-explorer: DisableLocalMachineRun = 0 (0x0) mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0) mPolicies-explorer: DisableCurrentUserRun = 0 (0x0) mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0) mPolicies-explorer: NoFile = 0 (0x0) mPolicies-explorer: HideClock = 0 (0x0) mPolicies-explorer: NoDevMgrUpdate = 0 (0x0) mPolicies-explorer: NoDFSTab = 0 (0x0) mPolicies-explorer: NoWindowsUpdate = 0 (0x0) mPolicies-explorer: NoEncryptOnMove = 0 (0x0) mPolicies-explorer: NoResolveTrack = 0 (0x0) mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0) mPolicies-system: NoDispAppearancePage = 0 (0x0) mPolicies-system: NoDispSettingsPage = 0 (0x0) dPolicies-explorer: NoViewOnDrive = 0 (0x0) dPolicies-explorer: DisableLocalMachineRun = 0 (0x0) dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0) dPolicies-explorer: DisableCurrentUserRun = 0 (0x0) dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0) dPolicies-explorer: NoFile = 0 (0x0) dPolicies-explorer: HideClock = 0 (0x0) dPolicies-explorer: NoDevMgrUpdate = 0 (0x0) dPolicies-explorer: NoDFSTab = 0 (0x0) dPolicies-explorer: NoWindowsUpdate = 0 (0x0) dPolicies-explorer: NoEncryptOnMove = 0 (0x0) dPolicies-explorer: NoResolveTrack = 0 (0x0) dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0) dPolicies-system: NoDispAppearancePage = 0 (0x0) dPolicies-system: NoDispSettingsPage = 0 (0x0) IE: Add to Google Photos Screensa&ver; - c:\windows\system32\GPhotos.scr/200 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\programmer\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344691940546 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 94.126.0.21 94.126.0.20 TCP: Interfaces\{2369DA87-4D92-4B59-8E99-E37CDE9320D3} : DhcpNameServer = 94.126.0.21 94.126.0.20 Notify: !SASWinLogon - c:\programmer\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programmer\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\otto\application data\mozilla\firefox\profiles\gykbvx47.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.ni.dk/ FF - prefs.js: network.proxy.type - 4 FF - plugin: c:\programmer\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\programmer\google\picasa3\npPicasa3.dll FF - plugin: c:\programmer\java\jre7\bin\new_plugin\npjp2.dll FF - plugin: c:\programmer\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\programmer\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\programmer\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll . ============= SERVICES / DRIVERS =============== . R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-1-18 28552] R0 WRkrn;WRkrn;c:\windows\system32\drivers\WRkrn.sys [2012-2-16 111632] R1 SASDIFSV;SASDIFSV;c:\programmer\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\programmer\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-9-7 270888] R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600] R2 !SASCORE;SAS Core Service;c:\programmer\superantispyware\SASCore.exe [2011-8-12 116608] R2 SbPF.Launcher;SbPF.Launcher;c:\programmer\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528] R2 Secunia PSI Agent;Secunia PSI Agent;c:\programmer\secunia\psi\psia.exe—start-service—> c:\programmer\secunia\psi\PSIA.exe—start-service [?] R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\programmer\fighters\spamfighter\sfus.exe [2012-2-2 215688] R2 SPF4;Sunbelt Personal Firewall 4;c:\programmer\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288] R2 Suite Service;Suite Service;c:\programmer\fighters\FighterSuiteService.exe [2012-1-23 1324680] R2 WRSVC;WRSVC;c:\programmer\webroot\WRSA.exe [2012-2-16 688360] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-9-7 65576] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-12-22 238080] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmer\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] . =============== File Associations =============== . JSEFile=”%SystemRoot%\\System32\\WScript.exe” “%1” %* . =============== Created Last 30 ================ . 2012-08-11 14:01:17 ———— d—h—w- c:\documents and settings\otto\Printere 2012-08-11 13:38:42 ———— d——-w- c:\documents and settings\otto\lokale indstillinger\application data\Secunia PSI 2012-08-11 12:16:29 ———— d——-w- c:\documents and settings\otto\application data\SUPERAntiSpyware.com 2012-08-11 08:34:28 ———— d——-w- c:\documents and settings\all users\application data\036DFF9800095B9E632D786C7B07D329 2012-08-04 14:34:29 ———— d——-w- c:\programmer\Oracle 2012-08-04 14:34:21 143872 ——a-w- c:\windows\system32javacpl.cpl 2012-08-04 14:23:43 ———— d——-w- c:\windows\system32\wbem\repository\FS 2012-08-04 14:23:43 ———— d——-w- c:\windows\system32\wbem\Repository 2012-07-29 11:52:45 ———— d——-w- c:\documents and settings\otto\lokale indstillinger\application data\AVG Secure Search 2012-07-29 11:50:37 ———— d——-w- c:\documents and settings\all users\application data\AVG Secure Search 2012-07-29 11:49:16 ———— d——-w- c:\documents and settings\otto\application data\AVG Secure Search 2012-07-29 11:45:10 ———— d——-w- c:\programmer\fælles filer\AVG Secure Search 2012-07-29 11:44:59 ———— d——-w- c:\programmer\AVG Secure Search 2012-07-29 11:41:28 ———— d——-w- c:\documents and settings\all users\application data\Common Files 2012-07-28 11:05:26 ———— d——-w- c:\programmer\Oracle(3) . ==================== Find3M ==================== . 2012-08-04 14:32:47 148664 ——a-w- c:\windows\system32\WRusr.dll 2012-08-04 14:32:47 111632 ——a-w- c:\windows\system32\drivers\WRkrn.sys 2012-08-03 09:19:41 1074636 ——a-w- c:\windows\system32\nvdrsdb0.bin 2012-08-03 09:19:41 1 ——a-w- c:\windows\system32\nvdrssel.bin 2012-08-03 09:19:36 1074636 ——a-w- c:\windows\system32\nvdrsdb1.bin 2012-07-05 20:07:08 143872 ——a-w- c:\windows\system32\javacpl.cpl 2012-07-05 20:06:30 772544 ——a-w- c:\windows\system32\npdeployJava1.dll 2012-07-05 20:06:20 687544 ——a-w- c:\windows\system32\deployJava1.dll 2012-06-13 13:55:18 1866112 ——a-w- c:\windows\system32\win32k.sys 2012-06-05 15:49:31 1372672 ———w- c:\windows\system32\msxml6.dll 2012-06-05 15:49:31 1172480 ——a-w- c:\windows\system32\msxml3.dll 2012-06-05 15:49:31 1172480 ——a-w- c:\windows\system32\msxml3(2)(2).dll 2012-06-04 15:35:26 222448 ——a-w- c:\windows\system32\muweb.dll 2012-06-04 04:32:33 152576 ——a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19:38 219160 ——a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19:38 15384 ——a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19:24 18456 ——a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19:18 23064 ——a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19:18 15896 ——a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19:02 17648 ——a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18:58 275696 ——a-w- c:\windows\system32\mucltui.dll 2012-05-31 13:22:00 602112 ——a-w- c:\windows\system32\crypt32.dll 2012-05-24 21:18:40 4472832 ——a-w- c:\windows\system32\GPhotos.scr 2012-05-16 15:09:47 916992 ——a-w- c:\windows\system32\wininet.dll . ============= FINISH: 16:03:05,17 =============== og næste .. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 22-12-2008 15:57:40 System Uptime: 11-08-2012 14:10:07 (2 hours ago) . Motherboard: ECS \| \| G31T-M7 Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz \| CPU 1 \| 1995/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 149 GiB total, 103,441 GiB free. D: is CDROM () E: is FIXED (NTFS) - 298 GiB total, 284,232 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1138: 13-05-2012 10:39:12 - Systemkontrolpunkt RP1139: 14-05-2012 10:45:21 - Systemkontrolpunkt RP1140: 15-05-2012 19:34:33 - Systemkontrolpunkt RP1141: 16-05-2012 20:02:58 - Systemkontrolpunkt RP1142: 17-05-2012 21:20:07 - Systemkontrolpunkt RP1143: 18-05-2012 20:50:29 - Removed Java(TM) 7 Update 3 RP1144: 18-05-2012 20:50:39 - Installed Java(TM) 7 Update 4 RP1145: 19-05-2012 23:21:19 - Systemkontrolpunkt RP1146: 21-05-2012 15:36:03 - Systemkontrolpunkt RP1147: 22-05-2012 18:55:09 - Systemkontrolpunkt RP1148: 23-05-2012 01:33:06 - Software Distribution Service 3.0 RP1149: 24-05-2012 14:25:30 - Systemkontrolpunkt RP1150: 25-05-2012 18:02:02 - Systemkontrolpunkt RP1151: 26-05-2012 22:25:42 - Systemkontrolpunkt RP1152: 28-05-2012 00:58:57 - Systemkontrolpunkt RP1153: 29-05-2012 09:50:59 - Systemkontrolpunkt RP1154: 30-05-2012 10:14:19 - Systemkontrolpunkt RP1155: 31-05-2012 10:19:36 - Systemkontrolpunkt RP1156: 01-06-2012 10:46:21 - Systemkontrolpunkt RP1157: 02-06-2012 11:22:56 - Systemkontrolpunkt RP1158: 03-06-2012 11:49:36 - Systemkontrolpunkt RP1159: 04-06-2012 12:29:02 - Systemkontrolpunkt RP1160: 05-06-2012 00:49:11 - Software Distribution Service 3.0 RP1161: 06-06-2012 10:19:22 - Systemkontrolpunkt RP1162: 07-06-2012 12:16:09 - Systemkontrolpunkt RP1163: 08-06-2012 13:18:30 - Systemkontrolpunkt RP1164: 09-06-2012 14:47:24 - Systemkontrolpunkt RP1165: 10-06-2012 15:16:44 - Systemkontrolpunkt RP1166: 11-06-2012 09:06:02 - Installerede QuickTime RP1167: 11-06-2012 11:40:57 - Fjernede QuickTime RP1168: 12-06-2012 12:30:18 - Systemkontrolpunkt RP1169: 13-06-2012 14:29:20 - Systemkontrolpunkt RP1170: 14-06-2012 01:14:29 - Software Distribution Service 3.0 RP1171: 15-06-2012 01:24:50 - Systemkontrolpunkt RP1172: 16-06-2012 10:03:02 - Systemkontrolpunkt RP1173: 17-06-2012 11:49:32 - Systemkontrolpunkt RP1174: 18-06-2012 13:04:48 - Systemkontrolpunkt RP1175: 19-06-2012 13:39:52 - Systemkontrolpunkt RP1176: 20-06-2012 15:06:42 - Systemkontrolpunkt RP1177: 21-06-2012 15:50:23 - Systemkontrolpunkt RP1178: 22-06-2012 15:08:30 - Installed Java(TM) 7 Update 5 RP1179: 22-06-2012 15:09:02 - Removed JavaFX 2.0.3 RP1180: 22-06-2012 15:09:10 - Installed JavaFX 2.1.1 RP1181: 23-06-2012 16:18:50 - Systemkontrolpunkt RP1182: 24-06-2012 17:14:54 - Systemkontrolpunkt RP1183: 26-06-2012 11:27:24 - Systemkontrolpunkt RP1184: 27-06-2012 11:52:45 - Systemkontrolpunkt RP1185: 28-06-2012 12:31:00 - Systemkontrolpunkt RP1186: 29-06-2012 16:34:52 - Systemkontrolpunkt RP1187: 30-06-2012 16:43:56 - Systemkontrolpunkt RP1188: 01-07-2012 18:05:53 - Systemkontrolpunkt RP1189: 02-07-2012 18:55:45 - Systemkontrolpunkt RP1190: 03-07-2012 21:17:13 - Systemkontrolpunkt RP1191: 04-07-2012 21:27:14 - Systemkontrolpunkt RP1192: 06-07-2012 09:59:43 - Systemkontrolpunkt RP1193: 07-07-2012 13:12:02 - Systemkontrolpunkt RP1194: 08-07-2012 14:09:16 - Systemkontrolpunkt RP1195: 09-07-2012 15:22:54 - Systemkontrolpunkt RP1196: 10-07-2012 17:27:38 - Systemkontrolpunkt RP1197: 11-07-2012 18:09:43 - Systemkontrolpunkt RP1198: 12-07-2012 00:45:43 - Software Distribution Service 3.0 RP1199: 13-07-2012 10:45:33 - Systemkontrolpunkt RP1200: 14-07-2012 11:36:57 - Systemkontrolpunkt RP1201: 15-07-2012 12:19:18 - Systemkontrolpunkt RP1202: 18-07-2012 21:41:37 - Systemkontrolpunkt RP1203: 19-07-2012 22:10:10 - Systemkontrolpunkt RP1204: 20-07-2012 22:13:44 - Systemkontrolpunkt RP1205: 21-07-2012 22:47:57 - Systemkontrolpunkt RP1206: 22-07-2012 23:10:19 - Systemkontrolpunkt RP1207: 23-07-2012 23:23:40 - Systemkontrolpunkt RP1208: 25-07-2012 10:04:58 - Systemkontrolpunkt RP1209: 26-07-2012 12:52:31 - Systemkontrolpunkt RP1210: 27-07-2012 15:38:59 - Systemkontrolpunkt RP1211: 28-07-2012 12:36:12 - Gendan handling RP1212: 28-07-2012 13:04:33 - Installed Java(TM) 7 Update 5 RP1213: 28-07-2012 13:05:14 - Removed JavaFX 2.0.3 RP1214: 28-07-2012 13:05:23 - Installed JavaFX 2.1.1 RP1215: 29-07-2012 01:37:44 - Software Distribution Service 3.0 RP1216: 29-07-2012 14:46:23 - Gendan handling RP1217: 30-07-2012 15:03:59 - Systemkontrolpunkt RP1218: 31-07-2012 16:44:23 - Systemkontrolpunkt RP1219: 01-08-2012 16:51:03 - Systemkontrolpunkt RP1220: 02-08-2012 18:20:15 - Systemkontrolpunkt RP1221: 03-08-2012 19:10:10 - Systemkontrolpunkt RP1222: 04-08-2012 13:05:57 - Gendan handling RP1223: 04-08-2012 14:55:57 - Gendan handling RP1224: 04-08-2012 14:56:46 - Gendan handling RP1225: 04-08-2012 16:33:43 - Installed Java(TM) 7 Update 5 RP1226: 04-08-2012 16:34:17 - Removed JavaFX 2.0.3 RP1227: 04-08-2012 16:34:27 - Installed JavaFX 2.1.1 RP1228: 04-08-2012 16:47:11 - Software Distribution Service 3.0 RP1229: 05-08-2012 17:10:54 - Systemkontrolpunkt RP1230: 06-08-2012 18:36:04 - Systemkontrolpunkt RP1231: 09-08-2012 22:04:46 - Systemkontrolpunkt RP1232: 10-08-2012 22:58:34 - Systemkontrolpunkt . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer Acubix PicoBackup Outlook Express Edition 2.1 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.1 Adobe Reader X (10.1.3) - Dansk AIO_Scan Apple Application Support Apple Software Update Auslogics BoostSpeed Auslogics Disk Defrag BufferChm BurnAware Free 3.5 C5200 C5200_Help Cards_Calendar_OrderGift_DoMorePlugout CCleaner Copy CustomerResearchQFolder Destination Component DeviceDiscovery DeviceManagementQFolder DocProc DocProcQFolder Emilsoft FireBackup ESET Online Scanner v3 eSupportQFolder EVEREST Home Edition v2.20 Fax FileHippo.com Update Checker Foxit Reader 5.1 Garmin USB Drivers Garmin WebUpdater Google Earth Plug-in Google Update Helper GPBaseService GPBaseService2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB976002-v5) Hotfix til Windows XP (KB2570791) Hotfix til Windows XP (KB2633952) HP Customer Participation Program 10.0 HP Imaging Device Functions 10.0 HP Photosmart Essential 3.5 HP Smart Web Printing 4.60 HP Solution Center 13.0 HP Update HPPhotoSmartDiscLabel_PaperLabel HPPhotoSmartDiscLabel_PrintOnDisc HPPhotoSmartDiscLabelContent1 hpphotosmartdisclabelplugin HPPhotosmartEssential HPPhotoSmartPhotobookWebPack1 HPProductAssistant HPSSupply Java Auto Updater Java(TM) 6 Update 26 Java(TM) 7 Update 5 JavaFX 2.1.1 jv16 PowerTools 2009 Malwarebytes Anti-Malware version 1.61.0.1400 MarketingReg MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DAN Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DAN Microsoft .NET Framework 3.5 Language Pack SP1 - dan Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 SR-1 - cd 2 Microsoft Office 2000 SR-1 Professional Microsoft Silverlight Microsoft SQL Server Compact 3.5 SP1 English Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 14.0.1 (x86 da) Mozilla Maintenance Service MSVCSetup MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 and SOAP Toolkit 3.0 NVIDIA Grafikdriver 296.10 NVIDIA Install Application NVIDIA Kontrolpanel 296.10 NVIDIA NView 136.18 NVIDIA nView Desktop Manager NVIDIA PhysX NVIDIA WDM Drivers OCR Software by I.R.I.S. 10.0 Opdatering til Windows Internet Explorer 7 (KB976749) Opdatering til Windows Internet Explorer 7 (KB980182) Opdatering til Windows Internet Explorer 8 (KB2598845) Opdatering til Windows XP (KB2541763) Opdatering til Windows XP (KB2607712) Opdatering til Windows XP (KB2616676) Opdatering til Windows XP (KB2641690) Opdatering til Windows XP (KB2718704) Panda ActiveScan 2.0 PanoStandAlone PHOTOfunSTUDIO 5.1 HD Edition Picasa 3 Platform PS_AIO_02_ProductContext PS_AIO_02_Software PS_AIO_02_Software_Min PSSWCORE RegSupreme Pro Samsung_MonSetup Scan Secunia PSI (3.0.0.3001) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Shop for HP Supplies Sikkerhedsopdatering til Microsoft Windows (KB2564958) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB2183461) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB2360131) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB2416400) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB2482017) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB2497640) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB2530548) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB2544521) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB2559049) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB2586448) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB2618444) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB938127-v2) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB956390) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB961260) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB963027) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB969897) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB972260) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB974455) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB976325) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB978207) Sikkerhedsopdatering til Windows Internet Explorer 7 (KB982381) Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2510531) Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2544521) Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2618444) Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2647516) Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2675157) Sikkerhedsopdatering til Windows Internet Explorer 8 (KB2699988) Sikkerhedsopdatering til Windows Internet Explorer 8 (KB982381) Sikkerhedsopdatering til Windows XP (KB2412687) Sikkerhedsopdatering til Windows XP (KB2476490) Sikkerhedsopdatering til Windows XP (KB2485663) Sikkerhedsopdatering til Windows XP (KB2503658) Sikkerhedsopdatering til Windows XP (KB2503665) Sikkerhedsopdatering til Windows XP (KB2506212) Sikkerhedsopdatering til Windows XP (KB2506223) Sikkerhedsopdatering til Windows XP (KB2507618) Sikkerhedsopdatering til Windows XP (KB2507938) Sikkerhedsopdatering til Windows XP (KB2508272) Sikkerhedsopdatering til Windows XP (KB2508429) Sikkerhedsopdatering til Windows XP (KB2509553) Sikkerhedsopdatering til Windows XP (KB2510581) Sikkerhedsopdatering til Windows XP (KB2511455) Sikkerhedsopdatering til Windows XP (KB2524375) Sikkerhedsopdatering til Windows XP (KB2535512) Sikkerhedsopdatering til Windows XP (KB2536276-v2) Sikkerhedsopdatering til Windows XP (KB2536276) Sikkerhedsopdatering til Windows XP (KB2544893-v2) Sikkerhedsopdatering til Windows XP (KB2544893) Sikkerhedsopdatering til Windows XP (KB2555917) Sikkerhedsopdatering til Windows XP (KB2562937) Sikkerhedsopdatering til Windows XP (KB2566454) Sikkerhedsopdatering til Windows XP (KB2567053) Sikkerhedsopdatering til Windows XP (KB2567680) Sikkerhedsopdatering til Windows XP (KB2570222) Sikkerhedsopdatering til Windows XP (KB2570947) Sikkerhedsopdatering til Windows XP (KB2584146) Sikkerhedsopdatering til Windows XP (KB2585542) Sikkerhedsopdatering til Windows XP (KB2592799) Sikkerhedsopdatering til Windows XP (KB2598479) Sikkerhedsopdatering til Windows XP (KB2603381) Sikkerhedsopdatering til Windows XP (KB2618451) Sikkerhedsopdatering til Windows XP (KB2619339) Sikkerhedsopdatering til Windows XP (KB2620712) Sikkerhedsopdatering til Windows XP (KB2621440) Sikkerhedsopdatering til Windows XP (KB2624667) Sikkerhedsopdatering til Windows XP (KB2631813) Sikkerhedsopdatering til Windows XP (KB2633171) Sikkerhedsopdatering til Windows XP (KB2639417) Sikkerhedsopdatering til Windows XP (KB2641653) Sikkerhedsopdatering til Windows XP (KB2646524) Sikkerhedsopdatering til Windows XP (KB2647518) Sikkerhedsopdatering til Windows XP (KB2653956) Sikkerhedsopdatering til Windows XP (KB2655992) Sikkerhedsopdatering til Windows XP (KB2659262) Sikkerhedsopdatering til Windows XP (KB2660465) Sikkerhedsopdatering til Windows XP (KB2661637) Sikkerhedsopdatering til Windows XP (KB2676562) Sikkerhedsopdatering til Windows XP (KB2685939) Sikkerhedsopdatering til Windows XP (KB2686509) Sikkerhedsopdatering til Windows XP (KB2691442) Sikkerhedsopdatering til Windows XP (KB2695962) Sikkerhedsopdatering til Windows XP (KB2698365) Sikkerhedsopdatering til Windows XP (KB2707511) Sikkerhedsopdatering til Windows XP (KB2709162) Sikkerhedsopdatering til Windows XP (KB2718523) Sikkerhedsopdatering til Windows XP (KB2719985) SIW version 2008-12-16 SmartWebPrinting SolutionCenter SPAMfighter Spelling Dictionaries Support For Adobe Reader 9 Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk Status Sunbelt Personal Firewall SUPERAntiSpyware System Requirements Lab Toolbox TrayApp Uninstall Startup Inspector UnloadSupport Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VIA Platform Device Manager VideoToolkit01 WebFldrs XP WebReg Webroot SecureAnywhere Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinPatrol XML Paper Specification Shared Components Language Pack 1.0 XnView 1.98 . ==== End Of File =========================== det skulle være det hele mvh otto
[ Ignorer ] [ # 2 ] f-arn TeamSpywarefri
11.08.2012 19:47:04 Administrator Team Spywarefri Antal indlæg: 7045	Hej op - 11.08.2012 15:58:18 jeg har som sagt haft besøg af en trojan, men har fået fjernet den med Spysweper Hvad fandt Spy Sweeper, og hvor fandt den det Hvad oplever du af problemer Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 3 ] op
11.08.2012 21:32:53 Antal indlæg: 336	Hej f-arn TeamSpywarefri c:\documents and settings\otto\lokale indstillinger\temp\e3a4d99269f66aab.exe HKU\S-1-5-21-527237240-484763869-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum\DisplayIcon HKU\S-1-5-21-527237240-484763869-725345543-1004\Software\Microsoft\Installer\Products\036DFFE000095BE6632D78B47B07D371\(Default) HKU\S-1-5-21-527237240-484763869-725345543-1004\Software\Microsoft\Windows\CurrentVersion\runonce\036DFF9800095B9E632D786C7B07D329 c:\documents and settings\all users\application data\036dff9800095b9e632d786c7b07d329\036dff9800095b9e632d786c7b07d329.exe det er hvad den fandt, plus enn trojan som vistnok hed Win32/Kryptik.AGEL trojansk hest men lige nu kører computeren som den skal. mvh otto
[ Ignorer ] [ # 4 ] f-arn TeamSpywarefri
11.08.2012 22:25:03 Administrator Team Spywarefri Antal indlæg: 7045	Tak for info Download OTL af OldTimer og gem den på dit skrivebord. Start OTL Øverst sætter du flueben i “Scan All Users” I boksen “Custom Scans/Fixes” kopierer du det fremhævede ind. netsvcs %SYSTEMDRIVE%\.exe /md5start services. explorer.exe winlogon.exe Userinit.exe svchost.exe /md5stop %systemroot%\. /rp /s %systemroot%\. /mp /s CREATERESTOREPOINT Luk alle åbne vinduer og klik på “Quick Scan” og lad programmet køre. Det vil give to logfiler på skrivebordet, OTL.txt og Extras.txt. Så kopier følgende ind i dit næste indlæg (i rækkefølge): Indholdet af OTL.txt Indholdet af Extras.txt Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg. Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 5 ] op
12.08.2012 10:45:06 Antal indlæg: 336	f-arn TeamSpywarefri ! her er så logs fra OTL OTL logfile created on: 12-08-2012 10:26:14 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Otto\Skrivebord Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 1023,17 Mb Total Physical Memory \| 616,42 Mb Available Physical Memory \| 60,25% Memory free 2,40 Gb Paging File \| 2,11 Gb Available in Paging File \| 87,83% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Programmer Drive C: \| 149,04 Gb Total Space \| 103,72 Gb Free Space \| 69,59% Space Free \| Partition Type: NTFS Drive E: \| 298,09 Gb Total Space \| 284,23 Gb Free Space \| 95,35% Space Free \| Partition Type: NTFS Computer Name: OTTO-C78BE9C4A7 \| User Name: Otto \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Quick Scan Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-08-12 10:22:08 \| 000,596,992 \|——\| M] (OldTimer Tools)—C:\Documents and Settings\Otto\Skrivebord\OTL.exe PRC - [2012-08-04 16:32:46 \| 000,688,360 \|——\| M] (Webroot)—C:\Programmer\Webroot\WRSA.exe PRC - [2012-07-25 10:46:44 \| 001,326,176 \|——\| M] (Secunia)—C:\Programmer\Secunia\PSI\psia.exe PRC - [2012-07-25 10:46:42 \| 000,572,000 \|——\| M] (Secunia)—C:\Programmer\Secunia\PSI\psi_tray.exe PRC - [2012-07-05 22:07:00 \| 000,161,704 \|——\| M] (Oracle Corporation)—C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe PRC - [2012-02-02 17:07:22 \| 000,215,688 \|——\| M] (SPAMfighter ApS)—C:\Programmer\Fighters\SPAMfighter\sfus.exe PRC - [2012-02-02 17:07:18 \| 001,197,704 \|——\| M] (SPAMfighter ApS)—C:\Programmer\Fighters\SPAMfighter\sfagent.exe PRC - [2012-02-02 15:08:46 \| 001,453,704 \|——\| M] (SPAMfighter ApS)—C:\Programmer\Fighters\Tray\FightersTray.exe PRC - [2012-01-23 14:40:12 \| 001,324,680 \|——\| M] (SPAMfighter ApS)—C:\Programmer\Fighters\FighterSuiteService.exe PRC - [2012-01-17 12:07:54 \| 000,252,296 \|——\| M] (Sun Microsystems, Inc.)—C:\Programmer\Fælles filer\Java\Java Update\jusched.exe PRC - [2010-03-15 10:58:30 \| 000,172,544 \|——\| M] (Panasonic Corporation)—C:\Programmer\Fælles filer\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe PRC - [2008-10-31 07:24:28 \| 001,365,288 \|——\| M] (Sunbelt Software, Inc.)—C:\Programmer\Sunbelt Software\Personal Firewall\SbPFSvc.exe PRC - [2008-10-31 07:24:28 \| 000,095,528 \|——\| M] (Sunbelt Software, Inc.)—C:\Programmer\Sunbelt Software\Personal Firewall\SbPFLnch.exe PRC - [2008-10-31 07:24:26 \| 001,705,256 \|——\| M] (Sunbelt Software, Inc.)—C:\Programmer\Sunbelt Software\Personal Firewall\SbPFCl.exe PRC - [2008-04-14 18:05:49 \| 001,034,752 \|——\| M] (Microsoft Corporation)—C:\WINDOWS\explorer.exe PRC - [2007-06-15 12:57:42 \| 000,145,504 \|——\| M] (B.H.A Corporation)—C:\WINDOWS\system32\bgsvcgen.exe ========== Modules (No Company Name) ========== MOD - [2012-06-14 09:22:15 \| 012,433,920 \|——\| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012-06-14 09:22:03 \| 001,592,320 \|——\| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012-06-14 01:22:04 \| 002,933,248 \|——\| M] ()—C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012-06-14 01:21:59 \| 000,261,632 \|——\| M] ()—C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2012-05-09 10:28:50 \| 000,689,664 \|——\| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\32feb3b093d886259caeeeae957f8f8b\System.Data.SqlServerCe.ni.dll MOD - [2012-05-09 10:28:13 \| 000,627,712 \|——\| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll MOD - [2012-05-09 10:28:12 \| 000,627,200 \|——\| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll MOD - [2012-05-09 10:28:05 \| 000,971,264 \|——\| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012-05-09 09:41:50 \| 005,450,752 \|——\| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012-05-09 01:21:19 \| 006,616,576 \|——\| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll MOD - [2012-05-09 01:20:18 \| 007,953,408 \|——\| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012-05-09 01:20:07 \| 011,492,352 \|——\| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012-03-28 21:27:53 \| 002,020,416 \|——\| M] ()—C:\Programmer\Fighters\SPAMfighter\sfse.dll MOD - [2012-02-02 17:07:44 \| 000,549,512 \|——\| M] ()—C:\Programmer\Fighters\SPAMfighter\sfsg.dll MOD - [2009-03-25 13:23:56 \| 000,299,008 \|——\| M] ()—C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll MOD - [2007-01-22 11:22:28 \| 000,470,016 \|——\| M] ()—C:\Programmer\Sunbelt Software\Personal Firewall\PocoXML.dll MOD - [2007-01-22 11:22:14 \| 000,859,648 \|——\| M] ()—C:\Programmer\Sunbelt Software\Personal Firewall\PocoFoundation.dll MOD - [2007-01-22 11:22:12 \| 000,018,432 \|——\| M] ()—C:\Programmer\Sunbelt Software\Personal Firewall\PocoExt.dll MOD - [2006-02-14 15:36:10 \| 000,155,648 \|——\| M] ()—C:\Programmer\Sunbelt Software\Personal Firewall\ssleay32.dll MOD - [2006-02-14 15:35:54 \| 000,827,392 \|——\| M] ()—C:\Programmer\Sunbelt Software\Personal Firewall\libeay32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand \| Stopped]—%SystemRoot%\System32\appmgmts.dll—(AppMgmt) SRV - [2012-08-05 12:37:37 \| 000,113,120 \|——\| M] (Mozilla Foundation) [On_Demand \| Stopped]—C:\Programmer\Mozilla Maintenance Service\maintenanceservice.exe—(MozillaMaintenance) SRV - [2012-08-04 16:32:46 \| 000,688,360 \|——\| M] (Webroot) [Auto \| Running]—C:\Programmer\Webroot\WRSA.exe—(WRSVC) SRV - [2012-07-25 10:46:44 \| 001,326,176 \|——\| M] (Secunia) [Auto \| Running]—C:\Programmer\Secunia\PSI\psia.exe—(Secunia PSI Agent) SRV - [2012-07-05 22:07:00 \| 000,161,704 \|——\| M] (Oracle Corporation) [Auto \| Running]—C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe—(JavaQuickStarterService) SRV - [2012-02-02 17:07:22 \| 000,215,688 \|——\| M] (SPAMfighter ApS) [Auto \| Running]—C:\Programmer\Fighters\SPAMfighter\sfus.exe—(SPAMfighter Update Service) SRV - [2012-01-23 14:40:12 \| 001,324,680 \|——\| M] (SPAMfighter ApS) [Auto \| Running]—C:\Programmer\Fighters\FighterSuiteService.exe—(Suite Service) SRV - [2008-10-31 07:24:28 \| 001,365,288 \|——\| M] (Sunbelt Software, Inc.) [Auto \| Running]—C:\Programmer\Sunbelt Software\Personal Firewall\SbPFSvc.exe—(SPF4) SRV - [2008-10-31 07:24:28 \| 000,095,528 \|——\| M] (Sunbelt Software, Inc.) [Auto \| Running]—C:\Programmer\Sunbelt Software\Personal Firewall\SbPFLnch.exe—(SbPF.Launcher) SRV - [2007-06-15 12:57:42 \| 000,145,504 \|——\| M] (B.H.A Corporation) [Auto \| Running]—C:\WINDOWS\system32\bgsvcgen.exe—(bgsvcgen) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel \| On_Demand \| Stopped]——(WDICA) DRV - File not found [Kernel \| On_Demand \| Stopped]——(PDRFRAME) DRV - File not found [Kernel \| On_Demand \| Stopped]——(PDRELI) DRV - File not found [Kernel \| On_Demand \| Stopped]——(PDFRAME) DRV - File not found [Kernel \| On_Demand \| Stopped]——(PDCOMP) DRV - File not found [Kernel \| System \| Stopped]——(PCIDump) DRV - File not found [Kernel \| System \| Stopped]——(lbrtfdc) DRV - File not found [Kernel \| System \| Stopped]——(i2omgmt) DRV - File not found [Kernel \| System \| Stopped]——(Changer) DRV - [2012-08-04 16:32:47 \| 000,111,632 \|——\| M] (Webroot) [Kernel \| Boot \| Running]—C:\WINDOWS\system32\drivers\WRkrn.sys—(WRkrn) DRV - [2010-09-01 10:30:58 \| 000,015,544 \|——\| M] (Secunia) [File_System \| On_Demand \| Stopped]—C:\WINDOWS\system32\drivers\psi_mf.sys—(PSI) DRV - [2009-06-30 11:37:16 \| 000,028,552 \|——\| M] (Panda Security, S.L.) [File_System \| Boot \| Running]—C:\WINDOWS\system32\drivers\pavboot.sys—(pavboot) DRV - [2008-10-31 07:09:06 \| 000,270,888 \| R—- \| M] (Sunbelt Software, Inc.) [Kernel \| System \| Running]—C:\WINDOWS\system32\drivers\SbFw.sys—(SbFw) DRV - [2008-06-21 04:54:54 \| 000,066,600 \| R—- \| M] (Sunbelt Software, Inc.) [Kernel \| System \| Running]—C:\WINDOWS\system32\drivers\sbhips.sys—(sbhips) DRV - [2008-06-21 04:54:54 \| 000,065,576 \|——\| M] (Sunbelt Software, Inc.) [Kernel \| On_Demand \| Running]—C:\WINDOWS\system32\drivers\SbFwIm.sys—(SBFWIMCL) DRV - [2008-05-08 22:23:22 \| 000,238,080 \| R—- \| M] (VIA Technologies, Inc.) [Kernel \| On_Demand \| Running]—C:\WINDOWS\system32\drivers\viahduaa.sys—(VIAHdAudAddService) DRV - [2008-04-17 18:16:00 \| 000,030,720 \| R—- \| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Running]—C:\WINDOWS\system32\drivers\l251x86.sys—(AtcL002) DRV - [2008-02-14 15:12:00 \| 001,389,056 \| R—- \| M] (Creative Technology Ltd.) [Kernel \| On_Demand \| Running]—C:\WINDOWS\system32\drivers\monfilt.sys—(monfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src;={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src;={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src;={referrer:source?} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ni.dk IE - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-527237240-484763869-725345543-1004\..\SearchScopes,DefaultScope = {FEB9EAB5-E8EA-4BEA-9913-290B63508852} IE - HKU\S-1-5-21-527237240-484763869-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-527237240-484763869-725345543-1004\..\SearchScopes\{45255D36-A24A-4F1D-BD3B-E805462CD9E0}: “URL” = http://search.lycos.com/setup.php?src=ie&query;={searchTerms} IE - HKU\S-1-5-21-527237240-484763869-725345543-1004\..\SearchScopes\{555912F4-C4E2-4803-AB37-08D595AA3E21}: “URL” = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a IE - HKU\S-1-5-21-527237240-484763869-725345543-1004\..\SearchScopes\{A5F9145C-BA7E-472F-AEE1-6E74B7C24EA3}: “URL” = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir IE - HKU\S-1-5-21-527237240-484763869-725345543-1004\..\SearchScopes\{FEB9EAB5-E8EA-4BEA-9913-290B63508852}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie;={inputEncoding}&oe;={outputEncoding}&startIndex;={startIndex?}&startPage;={startPage} IE - HKU\S-1-5-21-527237240-484763869-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: “Ask.com” FF - prefs.js..browser.search.defaultenginename: “AVG Secure Search” FF - prefs.js..browser.search.order.1: “Ask.com” FF - prefs.js..browser.search.selectedEngine: “AVG Secure Search” FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: “http://www.ni.dk/” FF - prefs.js..extensions.enabledItems: .:1.0 FF - prefs.js..extensions.enabledItems: {736048c1-a1ec-4a70-b12b-1e399e79024e}:2.1.7 FF - prefs.js..extensions.enabledItems: .:0.6.723 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programmer\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programmer\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Programmer\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmer\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programmer\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-09 20:32:48 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2012-08-05 12:37:38 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins [2012-08-04 14:43:45 \| 000,000,000 \|—-D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programmer\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-09 20:32:48 \| 000,000,000 \|—-D \| M] [2011-03-22 21:56:07 \| 000,000,000 \|—-D \| M] (No name found)—C:\Documents and Settings\Otto\Application Data\Mozilla\Extensions [2012-08-04 16:20:53 \| 000,000,000 \|—-D \| M] (No name found)—C:\Documents and Settings\Otto\Application Data\Mozilla\Firefox\Profiles\gykbvx47.default\extensions [2010-04-27 20:22:44 \| 000,000,000 \|—-D \| M] (Microsoft .NET Framework Assistant)—C:\Documents and Settings\Otto\Application Data\Mozilla\Firefox\Profiles\gykbvx47.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-02-02 14:36:45 \| 000,000,000 \|—-D \| M] (“Trustpilot Guard”)—C:\Documents and Settings\Otto\Application Data\Mozilla\Firefox\Profiles\gykbvx47.default\extensions\{736048c1-a1ec-4a70-b12b-1e399e79024e} [2012-03-24 12:23:56 \| 000,000,000 \|—-D \| M] (IE Tab)—C:\Documents and Settings\Otto\Application Data\Mozilla\Firefox\Profiles\gykbvx47.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2012-08-04 16:20:54 \| 000,000,000 \|—-D \| M] (Bitdefender QuickScan)—C:\Documents and Settings\Otto\Application Data\Mozilla\Firefox\Profiles\gykbvx47.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010-03-23 11:30:05 \| 000,000,000 \|—-D \| M] (“BitDefender QuickScanner”)—C:\Documents and Settings\Otto\Application Data\Mozilla\Firefox\Profiles\gykbvx47.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(2) [2012-02-16 17:51:22 \| 000,000,000 \|—-D \| M] (Bitdefender QuickScan)—C:\Documents and Settings\Otto\Application Data\Mozilla\Firefox\Profiles\gykbvx47.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}(3) [2010-07-28 17:40:57 \| 000,000,000 \|—-D \| M] (FireFound)—C:\Documents and Settings\Otto\Application Data\Mozilla\Firefox\Profiles\gykbvx47.default\extensions\firefound@efinke(2).com [2012-02-16 18:00:44 \| 000,000,000 \|—-D \| M] (No name found)—C:\Programmer\Mozilla Firefox\extensions [2011-07-16 10:51:08 \| 000,067,428 \|——\| M] () (No name found)—C:\DOCUMENTS AND SETTINGS\OTTO\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GYKBVX47.DEFAULT\EXTENSIONS\TRACKMENOT@MRL.NYU.EDU.XPI [2012-08-05 12:37:37 \| 000,136,672 \|——\| M] (Mozilla Foundation)—C:\Programmer\mozilla firefox\components\browsercomps.dll [2010-06-25 15:35:50 \| 000,075,208 \|——\| M] (Foxit Software Company)—C:\Programmer\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012-08-05 12:37:34 \| 000,001,525 \|——\| M] ()—C:\Programmer\mozilla firefox\searchplugins\amazon-co-uk.xml [2012-07-29 13:42:38 \| 000,003,752 \|——\| M] ()—C:\Programmer\mozilla firefox\searchplugins\avg-secure-search.xml [2012-08-05 12:37:34 \| 000,002,252 \|——\| M] ()—C:\Programmer\mozilla firefox\searchplugins\bing.xml [2012-08-05 12:37:34 \| 000,001,178 \|——\| M] ()—C:\Programmer\mozilla firefox\searchplugins\wikipedia-da.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie;={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl;={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programmer\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programmer\Google\Chrome\Application\17.0.963.46\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programmer\Google\Chrome\Application\17.0.963.46\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmer\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Programmer\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Programmer\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmer\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmer\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmer\Windows Media Player\npdsplay.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programmer\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Programmer\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Programmer\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Programmer\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programmer\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Programmer\Panda Security\ActiveScan 2.0\npwrapper.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Documents and Settings\Otto\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-s\u00F8gning = C:\Documents and Settings\Otto\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Gmail = C:\Documents and Settings\Otto\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012-02-09 09:33:44 \| 000,000,027 \|——\| M]) - C:\WINDOWS\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programmer\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Programmer\Fælles filer\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CommonToolkitTray] C:\Programmer\Fighters\Tray\FightersTray.exe (SPAMfighter ApS) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programmer\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [sfagent] C:\Programmer\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmer\Fælles filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WRSVC] C:\Programmer\Webroot\WRSA.exe (Webroot) O4 - Startup: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\PHOTOfunSTUDIO 5.1 HD Edition.lnk = C:\Programmer\Fælles filer\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) O4 - Startup: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Secunia PSI Tray.lnk = C:\Programmer\Secunia\PSI\psi_tray.exe (Secunia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver; - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344691940546 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.126.0.21 94.126.0.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2369DA87-4D92-4B59-8E99-E37CDE9320D3}: DhcpNameServer = 94.126.0.21 94.126.0.20 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Min aktuelle startside) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-12-22 16:56:14 \| 000,000,000 \|——\| M] () - C:\AUTOEXEC.BAT—[ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open]—“%1” % O35 - HKLM\..exefile [open]—“%1” %* O35 - HKU\S-1-5-19..exefile [open]—“%1” %* O35 - HKU\S-1-5-20..exefile [open]—“%1” %* O35 - HKU\S-1-5-21-527237240-484763869-725345543-1004..exefile [open]—“%1” %* O37 - HKLM\...com [@ = comfile]—“%1” %* O37 - HKLM\...exe [@ = exefile]—“%1” %* O37 - HKU\.DEFAULT\...exe [@ = exefile]—“%1” %* O37 - HKU\S-1-5-18\...exe [@ = exefile]—“%1” %* O37 - HKU\S-1-5-19\...exe [@ = exefile]—“%1” %* O37 - HKU\S-1-5-20\...exe [@ = exefile]—“%1” %* O37 - HKU\S-1-5-21-527237240-484763869-725345543-1004\...exe [@ = exefile]—“%1” %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012-08-12 10:22:08 \| 000,596,992 \|——\| C] (OldTimer Tools)—C:\Documents and Settings\Otto\Skrivebord\OTL.exe [2012-08-11 16:01:17 \| 000,000,000 \| -H-D \| C]—C:\Documents and Settings\Otto\Printere [2012-08-11 15:38:42 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\Otto\Lokale indstillinger\Application Data\Secunia PSI [2012-08-11 11:57:27 \| 000,000,000 \| RH-D \| C]—C:\Documents and Settings\Otto\Recent [2012-08-11 11:56:01 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\Otto\Skrivebord\SWF [2012-08-11 10:34:28 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\All Users\Application Data\036DFF9800095B9E632D786C7B07D329 [2012-08-10 12:27:55 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\Otto\Dokumenter\20120810 [2012-08-04 16:34:29 \| 000,000,000 \|—-D \| C]—C:\Programmer\Oracle [2012-07-29 13:52:45 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\Otto\Lokale indstillinger\Application Data\AVG Secure Search [2012-07-29 13:50:37 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\All Users\Application Data\AVG Secure Search [2012-07-29 13:49:16 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\Otto\Application Data\AVG Secure Search [2012-07-29 13:45:10 \| 000,000,000 \|—-D \| C]—C:\Programmer\Fælles filer\AVG Secure Search [2012-07-29 13:44:59 \| 000,000,000 \|—-D \| C]—C:\Programmer\AVG Secure Search [2012-07-29 13:41:28 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\All Users\Application Data\Common Files [2012-07-28 13:05:26 \| 000,000,000 \|—-D \| C]—C:\Programmer\Oracle(3) [3 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-08-12 10:32:00 \| 000,000,414 \| -H—\| M] ()—C:\WINDOWS\tasks\User_Feed_Synchronization-{546A936A-57DD-4930-88B4-54613D6DE3ED}.job [2012-08-12 10:24:00 \| 000,000,830 \|——\| M] ()—C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-08-12 10:22:08 \| 000,596,992 \|——\| M] (OldTimer Tools)—C:\Documents and Settings\Otto\Skrivebord\OTL.exe [2012-08-12 10:12:00 \| 000,000,910 \|——\| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-08-12 08:58:00 \| 000,000,906 \|——\| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-08-12 08:57:16 \| 000,450,256 \|——\| M] ()—C:\WINDOWS\System32\perfh006.dat [2012-08-12 08:57:16 \| 000,435,266 \|——\| M] ()—C:\WINDOWS\System32\perfh009.dat [2012-08-12 08:57:16 \| 000,080,024 \|——\| M] ()—C:\WINDOWS\System32\perfc006.dat [2012-08-12 08:57:16 \| 000,069,256 \|——\| M] ()—C:\WINDOWS\System32\perfc009.dat [2012-08-12 08:53:06 \| 000,002,048 \|—S- \| M] ()—C:\WINDOWS\bootstat.dat [2012-08-11 15:40:05 \| 000,000,732 \|——\| M] ()—C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Secunia PSI Tray.lnk [2012-08-11 15:34:16 \| 000,013,692 \|——\| M] ()—C:\WINDOWS\System32\wpa.dbl [2012-08-11 11:58:47 \| 000,002,902 \|——\| M] ()—C:\Documents and Settings\Otto\Dokumenter\cc_20120811_115843.reg [2012-08-11 11:58:31 \| 000,024,192 \|——\| M] ()—C:\Documents and Settings\Otto\Dokumenter\cc_20120811_115826.reg [2012-08-05 19:13:00 \| 000,000,376 \|——\| M] ()—C:\WINDOWS\tasks\UPCC-AutoCheckUpdate7Days.job [2012-08-04 20:33:36 \| 000,239,944 \|——\| M] ()—C:\WINDOWS\System32\FNTCACHE.DAT [2012-08-04 16:32:47 \| 000,148,664 \|——\| M] (Webroot)—C:\WINDOWS\System32\WRusr.dll [2012-08-04 16:32:47 \| 000,111,632 \|——\| M] (Webroot)—C:\WINDOWS\System32\drivers\WRkrn.sys [2012-08-03 11:19:41 \| 001,074,636 \|——\| M] ()—C:\WINDOWS\System32\nvdrsdb0.bin [2012-08-03 11:19:41 \| 000,000,001 \|——\| M] ()—C:\WINDOWS\System32\nvdrssel.bin [2012-08-03 11:19:36 \| 001,074,636 \|——\| M] ()—C:\WINDOWS\System32\nvdrsdb1.bin [2012-07-21 16:56:56 \| 000,002,331 \|——\| M] ()—C:\Documents and Settings\Otto\Skrivebord\License.xbin [2012-07-21 16:55:11 \| 000,026,668 \|——\| M] ()—C:\Documents and Settings\Otto\Dokumenter\cc_20120721_165507.reg [3 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] ========== Files Created - No Company Name ========== [2012-08-11 15:38:28 \| 000,000,732 \|——\| C] ()—C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Secunia PSI Tray.lnk [2012-08-11 15:38:28 \| 000,000,695 \|——\| C] ()—C:\Documents and Settings\All Users\Menuen Start\Programmer\Secunia PSI.lnk [2012-08-11 11:58:45 \| 000,002,902 \|——\| C] ()—C:\Documents and Settings\Otto\Dokumenter\cc_20120811_115843.reg [2012-08-11 11:58:29 \| 000,024,192 \|——\| C] ()—C:\Documents and Settings\Otto\Dokumenter\cc_20120811_115826.reg [2012-08-03 11:18:53 \| 000,010,264 \|——\| C] ()—C:\WINDOWS\System32\nvinfo.pb [2012-07-21 16:55:09 \| 000,026,668 \|——\| C] ()—C:\Documents and Settings\Otto\Dokumenter\cc_20120721_165507.reg [2012-05-30 15:19:11 \| 000,195,542 \|——\| C] ()—C:\Documents and Settings\Otto\Lokale indstillinger\Application Data\census.cache [2012-05-30 15:19:04 \| 000,174,809 \|——\| C] ()—C:\Documents and Settings\Otto\Lokale indstillinger\Application Data\ars.cache [2012-02-16 21:57:33 \| 000,003,072 \|——\| C] ()—C:\WINDOWS\System32\iacenc.dll [2011-09-02 16:52:33 \| 000,000,251 \|——\| C] ()—C:\Documents and Settings\Otto\Application Data\burnaware.ini [2011-07-31 20:13:18 \| 000,184,512 \|——\| C] ()—C:\WINDOWS\hpoins21.dat.temp [2011-07-31 20:13:18 \| 000,007,262 \|——\| C] ()—C:\WINDOWS\hpomdl21.dat.temp [2011-07-31 18:10:40 \| 000,003,100 \|——\| C] ()—C:\WINDOWS\System32\ASOROSet.bin [2011-06-01 18:06:09 \| 002,784,050 \|——\| C] ()—C:\WINDOWS\System32\nvdata.data [2011-02-23 15:49:20 \| 000,000,022 \| -HS- \| C] ()—C:\Documents and Settings\Otto\Application Data\Sys2662.Config.Repository.bin [2011-01-18 18:34:45 \| 000,000,036 \|——\| C] ()—C:\Documents and Settings\Otto\Lokale indstillinger\Application Data\housecall.guid.cache [2010-11-12 16:01:41 \| 001,074,636 \|——\| C] ()—C:\WINDOWS\System32\nvdrsdb0.bin [2010-11-12 16:01:35 \| 001,074,636 \|——\| C] ()—C:\WINDOWS\System32\nvdrsdb1.bin [2009-06-18 11:02:14 \| 000,000,000 \|——\| C] ()—C:\Documents and Settings\Otto\temp.dat [2008-12-22 19:18:19 \| 000,000,133 \|——\| C] ()—C:\Documents and Settings\Otto\Lokale indstillinger\Application Data\fusioncache.dat ========== LOP Check ========== [2012-08-11 11:00:30 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\036DFF9800095B9E632D786C7B07D329 [2012-08-04 15:34:57 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\AVG Secure Search [2012-05-24 18:02:25 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\boost_interprocess [2012-07-29 13:41:28 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\Common Files [2009-01-19 11:42:27 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\DriverScanner [2008-12-23 11:48:52 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\e-Safekey [2011-01-18 14:35:41 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\F-Secure [2012-02-09 09:36:57 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\Fighters [2012-02-10 17:28:26 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\InstallMate [2011-10-31 21:55:42 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\MYPCTuneUp [2010-07-23 20:54:12 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\Panasonic [2010-11-17 10:48:39 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\ReviverSoft [2009-01-31 16:39:48 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\SBT [2012-07-21 17:11:44 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\TEMP [2012-08-11 11:01:36 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\WRData [2009-01-21 21:23:19 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F} [2012-02-09 09:37:13 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\LocalService\Application Data\Fighters [2011-01-08 21:40:52 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\LocalService\Application Data\Foxit Software [2009-02-24 15:17:06 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\Acubix PicoBackup [2012-07-27 16:55:26 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\Acubix PicoBackup Outlook Express Edition [2011-03-24 16:18:48 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\Auslogics [2012-07-29 13:49:16 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\AVG Secure Search [2009-01-20 21:54:20 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\com.codeode [2011-06-10 13:50:33 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\f-secure [2012-02-09 09:37:06 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\Fighters [2012-03-04 00:35:28 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\Foxit Software [2011-02-23 15:57:04 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\OfficeUpdate12 [2012-02-21 22:27:14 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\Oracle [2011-08-02 13:25:24 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\PCCleaner [2012-08-02 21:08:49 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\QuickScan [2010-05-16 21:10:08 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\SystemRequirementsLab [2011-06-22 09:46:52 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\Uniblue [2011-06-22 13:02:41 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\WinPatrol [2009-05-27 12:39:51 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\wsInspector [2011-08-07 12:26:00 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Otto\Application Data\XnView [2011-08-02 10:19:22 \| 000,000,334 \|——\| M] ()—C:\WINDOWS\Tasks\Driver Robot.job [2012-08-12 10:24:00 \| 000,031,906 \|——\| M] ()—C:\WINDOWS\Tasks\SCHEDLGU.TXT [2012-08-05 19:13:00 \| 000,000,376 \|——\| M] ()—C:\WINDOWS\Tasks\UPCC-AutoCheckUpdate7Days.job [2012-08-12 10:32:00 \| 000,000,414 \| -H—\| M] ()—C:\WINDOWS\Tasks\User_Feed_Synchronization-{546A936A-57DD-4930-88B4-54613D6DE3ED}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2008-04-14 18:05:49 \| 001,034,752 \|——\| M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D—C:\WINDOWS\ERDNT\cache\explorer.exe [2008-04-14 18:05:49 \| 001,034,752 \|——\| M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D—C:\WINDOWS\explorer.exe [2008-04-14 18:05:49 \| 001,034,752 \|——\| M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D—C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2008-04-14 18:05:49 \| 001,034,752 \|——\| M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D—C:\WINDOWS\system32\dllcache\cache\explorer.exe [2008-04-14 18:05:49 \| 001,034,752 \|——\| M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D—C:\WINDOWS\system32\dllcache\explorer.exe [2004-08-27 14:00:00 \| 001,033,216 \|——\| M] (Microsoft Corporation) MD5=DA77B9561CC9AC54584C86CAB36EBF25—C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: SERVICES > [2004-08-27 14:00:00 \| 000,007,121 \|——\| M] () MD5=1E69A758C46292C470ADA77FC147029C—C:\WINDOWS\system32\drivers\etc\services < MD5 for: SERVICES.ASFX > [2012-04-04 07:54:02 \| 000,002,560 \|——\| M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D—C:\Programmer\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx < MD5 for: SERVICES.ASFX23 > [2011-06-06 13:55:34 \| 000,000,599 \| R—- \| M] () MD5=8CEF86FF4BBA687F844CDD2FBC9E2901—C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA70301B744AA0100000010\10.1.0\services.asfx23 < MD5 for: SERVICES.CFG > [2012-04-04 07:53:54 \| 000,585,987 \|——\| M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779—C:\Programmer\Adobe\Reader 10.0\Reader\Services\Services.cfg [2011-06-06 13:55:30 \| 000,584,045 \| R—- \| M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E—C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA70301B744AA0100000010\10.1.0\services.cfg < MD5 for: SERVICES.EXE > [2009-02-09 13:25:40 \| 000,110,592 \|——\| M] (Microsoft Corporation) MD5=32F091E3425759B126760F44B5E931C9—C:\WINDOWS\ERDNT\cache\services.exe [2009-02-09 13:25:40 \| 000,110,592 \|——\| M] (Microsoft Corporation) MD5=32F091E3425759B126760F44B5E931C9—C:\WINDOWS\system32\dllcache\cache\services.exe [2009-02-09 13:25:40 \| 000,110,592 \|——\| M] (Microsoft Corporation) MD5=32F091E3425759B126760F44B5E931C9—C:\WINDOWS\system32\dllcache\services.exe [2009-02-09 13:25:40 \| 000,110,592 \|——\| M] (Microsoft Corporation) MD5=32F091E3425759B126760F44B5E931C9—C:\WINDOWS\system32\services.exe [2004-08-27 14:00:00 \| 000,108,032 \|——\| M] (Microsoft Corporation) MD5=55BBE54A196B1A9F99EC2E01F4AC1215—C:\WINDOWS\$NtServicePackUninstall$\services.exe [2008-04-14 18:06:01 \| 000,108,544 \|——\| M] (Microsoft Corporation) MD5=AB2B6ABF3FCDA803FF0E2251F9A5274E—C:\WINDOWS\ServicePackFiles\i386\services.exe [2009-02-09 13:18:41 \| 000,110,592 \|——\| M] (Microsoft Corporation) MD5=F8BCC407FCB4CDBF17163FAE3C820D80—C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe < MD5 for: SERVICES.HTML > [2008-04-16 18:29:04 \| 000,004,166 \|——\| M] () MD5=DB0CABD236311DDEB186C9B8A13F39A6—C:\Programmer\BillP Studios\WinPatrol\services.html < MD5 for: SERVICES.MSC > [2004-08-27 14:00:00 \| 000,033,075 \|——\| M] () MD5=CF09D7C1F7BC198C080C2603AFF7EAAE—C:\WINDOWS\system32\services.msc < MD5 for: SVCHOST.EXE > [2012-04-04 15:56:38 \| 000,199,240 \|——\| M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D—C:\Programmer\Malwarebytes’ Anti-Malware\Chameleon\svchost.exe [2004-08-27 14:00:00 \| 000,014,336 \|——\| M] (Microsoft Corporation) MD5=46FE2ED518FDFBFD289F014A3078575C—C:\WINDOWS\$NtServicePackUninstall$\svchost.exe [2008-04-14 18:06:03 \| 000,014,336 \|——\| M] (Microsoft Corporation) MD5=555F8F4CB284FE94059DCACF6074F9EC—C:\WINDOWS\ERDNT\cache\svchost.exe [2008-04-14 18:06:03 \| 000,014,336 \|——\| M] (Microsoft Corporation) MD5=555F8F4CB284FE94059DCACF6074F9EC—C:\WINDOWS\ServicePackFiles\i386\svchost.exe [2008-04-14 18:06:03 \| 000,014,336 \|——\| M] (M
[ Ignorer ] [ # 6 ] op
12.08.2012 11:03:22 Antal indlæg: 336	der mangler noget resten kommer her < MD5 for: USERINIT.EXE > [2004-08-27 14:00:00 \| 000,024,576 \|——\| M] (Microsoft Corporation) MD5=3A03D6433E4E5FD3430DD3431FC6AC54—C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008-04-14 18:06:05 \| 000,026,112 \|——\| M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772—C:\WINDOWS\ERDNT\cache\userinit.exe [2008-04-14 18:06:05 \| 000,026,112 \|——\| M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772—C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008-04-14 18:06:05 \| 000,026,112 \|——\| M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772—C:\WINDOWS\system32\dllcache\cache\userinit.exe [2008-04-14 18:06:05 \| 000,026,112 \|——\| M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772—C:\WINDOWS\system32\dllcache\userinit.exe [2008-04-14 18:06:05 \| 000,026,112 \|——\| M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772—C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012-04-04 15:56:38 \| 000,199,240 \|——\| M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D—C:\Programmer\Malwarebytes’ Anti-Malware\Chameleon\winlogon.exe [2004-08-27 14:00:00 \| 000,502,272 \|——\| M] (Microsoft Corporation) MD5=713AD65B9FF9CEE0A43181B442D846EB—C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008-04-14 18:06:06 \| 000,507,904 \|——\| M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B—C:\WINDOWS\ERDNT\cache\winlogon.exe [2008-04-14 18:06:06 \| 000,507,904 \|——\| M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B—C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008-04-14 18:06:06 \| 000,507,904 \|——\| M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B—C:\WINDOWS\system32\dllcache\cache\winlogon.exe [2008-04-14 18:06:06 \| 000,507,904 \|——\| M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B—C:\WINDOWS\system32\dllcache\winlogon.exe [2008-04-14 18:06:06 \| 000,507,904 \|——\| M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B—C:\WINDOWS\system32\winlogon.exe < %systemroot%\. /rp /s > < %systemroot%\. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report >
[ Ignorer ] [ # 7 ] op
12.08.2012 11:08:21 Antal indlæg: 336	og så extras.txt OTL Extras logfile created on: 12-08-2012 10:26:14 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Otto\Skrivebord Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 1023,17 Mb Total Physical Memory \| 616,42 Mb Available Physical Memory \| 60,25% Memory free 2,40 Gb Paging File \| 2,11 Gb Available in Paging File \| 87,83% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Programmer Drive C: \| 149,04 Gb Total Space \| 103,72 Gb Free Space \| 69,59% Space Free \| Partition Type: NTFS Drive E: \| 298,09 Gb Total Space \| 284,23 Gb Free Space \| 95,35% Space Free \| Partition Type: NTFS Computer Name: OTTO-C78BE9C4A7 \| User Name: Otto \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Quick Scan Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile]—rundll32.exe shell32.dll,Control_RunDLL “%1”,%* .html [@ = ChromeHTML]—Reg Error: Key error. File not found .url [@ = internetshortcut]—rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-19\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-20\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-527237240-484763869-725345543-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML]—C:\Programmer\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open]—“%1” %* cmdfile [open]—“%1” %* comfile [open]—“%1” %* cplfile [cplopen]—rundll32.exe shell32.dll,Control_RunDLL “%1”,%* exefile [open]—“%1” %* htmlfile [edit]—Reg Error: Key error. http [open]—“C:\Programmer\Google\Chrome\Application\chrome.exe”—“%1” https [open]—“C:\Programmer\Google\Chrome\Application\chrome.exe”—“%1” InternetShortcut [open]—rundll32.exe shdocvw.dll,OpenURL %l piffile [open]—“%1” %* regfile [merge]—Reg Error: Key error. scrfile [config]—“%1” scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open]—“%1” /S txtfile [edit]—Reg Error: Key error. Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Gennemse med XnView]—“C:\Programmer\XnView\xnview.exe” “%1” (XnView, http://www.xnview.com) Folder [open]—%SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore]—%SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] “FirstRunDisabled” = 1 “AntiVirusDisableNotify” = 0 “FirewallDisableNotify” = 0 “FirewallOverride” = 0 “AntivirusOverride” = 0 “UacDisableNotify” = 0 “AntiSpywareDisableNotify” = 0 “AutoUpdateDisableNotify” = 0 “InternetSettingsDisableNotify” = 0 “UpdatesDisableNotify” = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] “DisableMonitoring” = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] “DisableMonitoring” = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] “DisableMonitoring” = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] “AntiVirusDisableNotify” = 0 “FirewallDisableNotify” = 0 “FirewallOverride” = 0 “AntivirusOverride” = 0 “UacDisableNotify” = 0 “AntiSpywareDisableNotify” = 0 “AutoUpdateDisableNotify” = 0 “InternetSettingsDisableNotify” = 0 “UpdatesDisableNotify” = 0 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] “DisableSR” = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] “Start” = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] “Start” = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] “EnableFirewall” = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] “EnableFirewall” = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] “C:\Programmer\HP\Digital Imaging\bin\hpofxm08.exe” = C:\Programmer\HP\Digital Imaging\bin\hpofxm08.exe::Enabled:hpofxm08.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hposfx08.exe” = C:\Programmer\HP\Digital Imaging\bin\hposfx08.exe::Enabled:hposfx08.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hposid01.exe” = C:\Programmer\HP\Digital Imaging\bin\hposid01.exe::Enabled:hposid01.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpqcopy2.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqcopy2.exe::Enabled:hpqcopy2.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpzwiz01.exe” = C:\Programmer\HP\Digital Imaging\bin\hpzwiz01.exe::Enabled:hpzwiz01.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpoews01.exe” = C:\Programmer\HP\Digital Imaging\bin\hpoews01.exe::Enabled:hpoews01.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpiscnapp.exe” = C:\Programmer\HP\Digital Imaging\bin\hpiscnapp.exe::Enabled:hpiscnapp.exe—(Hewlett-Packard) “C:\Programmer\HP\Digital Imaging\bin\hpofxs08.exe” = C:\Programmer\HP\Digital Imaging\bin\hpofxs08.exe::Enabled:hpofxs08.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpqfxt08.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqfxt08.exe::Enabled:hpqfxt08.exe—(TODO: <Company name>) “C:\Programmer\HP\Digital Imaging\bin\hpqgplgtupl.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqgplgtupl.exe::Enabled:hpqgplgtupl.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpqusgm.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqusgm.exe::Enabled:hpqusgm.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpqusgh.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqusgh.exe::Enabled:hpqusgh.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\HP Software Update\hpwucli.exe” = C:\Programmer\HP\HP Software Update\hpwucli.exe::Enabled:hpwucli.exe—(Hewlett-Packard) “C:\Programmer\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe” = C:\Programmer\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe::Enabled:smartwebprintexe.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpqpse.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqpse.exe::Enabled:hpqpse.exe—(Hewlett-Packard Development Co. L.P.) “C:\Programmer\HP\Digital Imaging\bin\hpqsudi.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqsudi.exe::Enabled:hpqsudi.exe—(Hewlett-Packard Development Co. L.P.) “C:\Programmer\HP\Digital Imaging\bin\hpqpsapp.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqpsapp.exe::Enabled:hpqpsapp.exe—(Hewlett-Packard Development Co. L.P.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] “C:\Programmer\HP\Digital Imaging\bin\hpofxm08.exe” = C:\Programmer\HP\Digital Imaging\bin\hpofxm08.exe::Enabled:hpofxm08.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hposfx08.exe” = C:\Programmer\HP\Digital Imaging\bin\hposfx08.exe::Enabled:hposfx08.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hposid01.exe” = C:\Programmer\HP\Digital Imaging\bin\hposid01.exe::Enabled:hposid01.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpqcopy2.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqcopy2.exe::Enabled:hpqcopy2.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpzwiz01.exe” = C:\Programmer\HP\Digital Imaging\bin\hpzwiz01.exe::Enabled:hpzwiz01.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpoews01.exe” = C:\Programmer\HP\Digital Imaging\bin\hpoews01.exe::Enabled:hpoews01.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpiscnapp.exe” = C:\Programmer\HP\Digital Imaging\bin\hpiscnapp.exe::Enabled:hpiscnapp.exe—(Hewlett-Packard) “C:\Programmer\HP\Digital Imaging\bin\hpofxs08.exe” = C:\Programmer\HP\Digital Imaging\bin\hpofxs08.exe::Enabled:hpofxs08.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpqfxt08.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqfxt08.exe::Enabled:hpqfxt08.exe—(TODO: <Company name>) “C:\Programmer\HP\Digital Imaging\bin\hpqgplgtupl.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqgplgtupl.exe::Enabled:hpqgplgtupl.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpqusgm.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqusgm.exe::Enabled:hpqusgm.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpqusgh.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqusgh.exe::Enabled:hpqusgh.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\HP Software Update\hpwucli.exe” = C:\Programmer\HP\HP Software Update\hpwucli.exe::Enabled:hpwucli.exe—(Hewlett-Packard) “C:\Programmer\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe” = C:\Programmer\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe::Enabled:smartwebprintexe.exe—(Hewlett-Packard Co.) “C:\Programmer\HP\Digital Imaging\bin\hpqpse.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqpse.exe::Enabled:hpqpse.exe—(Hewlett-Packard Development Co. L.P.) “C:\Programmer\HP\Digital Imaging\bin\hpqsudi.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqsudi.exe::Enabled:hpqsudi.exe—(Hewlett-Packard Development Co. L.P.) “C:\Programmer\HP\Digital Imaging\bin\hpqpsapp.exe” = C:\Programmer\HP\Digital Imaging\bin\hpqpsapp.exe::Enabled:hpqpsapp.exe—(Hewlett-Packard Development Co. L.P.) “C:\Programmer\Fælles filer\Apple\Apple Application Support\WebKit2WebProcess.exe” = C:\Programmer\Fælles filer\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit—(Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “{00010406-78E1-11D2-B60F-006097C998E7}” = Microsoft Office 2000 SR-1 Professional “{00040406-78E1-11D2-B60F-006097C998E7}” = Microsoft Office 2000 SR-1 - cd 2 “{007811BF-E310-4285-BFC6-55DB29B3EDDE}” = WinPatrol “{014A3EE0-6C7F-47D9-BF3C-7027DD445E51}” = SPAMfighter “{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}” = Status “{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}” = 32 Bit HP CIO Components Installer “{0F7C2E47-089E-4d23-B9F7-39BE00100776}” = Toolbox “{1111706F-666A-4037-7777-211328764D10}” = JavaFX 2.1.1 “{12A76360-388E-4B27-ABEB-D5FC5378DD2A}” = HPPhotoSmartPhotobookWebPack1 “{18669FF9-C8FE-407a-9F70-E674896B1DB4}” = GPBaseService “{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 “{20D4A895-748C-4D88-871C-FDB1695B0169}” = Platform “{26A24AE4-039D-4CA4-87B4-2F83216026FF}” = Java(TM) 6 Update 26 “{26A24AE4-039D-4CA4-87B4-2F83217004FF}” = Java(TM) 7 Update 5 “{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}” = Google Earth Plug-in “{32343DB6-9A52-40C9-87E4-5E7C79791C87}” = MSXML 4.0 SP2 and SOAP Toolkit 3.0 “{34BFB099-07B2-4E95-A673-7362D60866A2}” = PSSWCORE “{350C9406-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP “{366FFC89-C800-4366-B903-B9C4314109A5}” = Garmin WebUpdater “{3700194C-C5DD-439A-BE06-A66960CA4C70}” = MSVCSetup “{47985AEA-2CA2-3344-851E-BA4DC9101C68}” = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DAN “{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater “{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}” = SolutionCenter “{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}” = Cards_Calendar_OrderGift_DoMorePlugout “{63FF21C9-A810-464F-B60A-3111747B1A6D}” = GPBaseService2 “{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}” = Garmin USB Drivers “{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}” = eSupportQFolder “{679EC478-3FF9-4987-B2FF-C2C2B27532A2}” = DocProc “{681B698F-C997-42C3-B184-B489C6CA24C9}” = HPPhotoSmartDiscLabelContent1 “{687FEF8A-8597-40b4-832C-297EA3F35817}” = BufferChm “{6B437F94-056F-4791-AF2C-0D10E2706AF0}” = PanoStandAlone “{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}” = CustomerResearchQFolder “{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable “{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1” = Auslogics BoostSpeed “{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}” = Apple Software Update “{80533B67-C407-485D-8B5D-63BB8ED9D878}” = Scan “{82B1150E-9B37-49FC-83EB-D52197D900D0}” = Sunbelt Personal Firewall “{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable “{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}” = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 “{87E2B986-07E8-477a-93DC-AF0B6758B192}” = DocProcQFolder “{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight “{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}” = UnloadSupport “{8EA79DBF-D637-448A-89D6-410A087A4493}” = Samsung_MonSetup “{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}” = SmartWebPrinting “{959282E3-55A9-49D8-B885-D27CF8A2FD82}” = PHOTOfunSTUDIO 5.1 HD Edition “{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 “{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}” = TrayApp “{A07840FC-CE63-4CB8-8030-EF4B9805925A}” = HPPhotoSmartDiscLabel_PaperLabel “{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}” = Microsoft .NET Framework 3.0 Service Pack 2 “{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper “{AB5D51AE-EBC3-438D-872C-705C7C2084B0}” = DeviceManagementQFolder “{AB67580-257C-45FF-B8F4-C8C30682091A}_is1” = SIW version 2008-12-16 “{AC76BA86-7AD7-1030-7B44-AA1000000001}” = Adobe Reader X (10.1.3) - Dansk “{AC76BA86-7AD7-1033-7B44-A94000000001}” = Adobe Reader 9.4.1 “{AC76BA86-7AD7-5464-3428-900000000004}” = Spelling Dictionaries Support For Adobe Reader 9 “{ADFB9653-F44C-460C-BF58-189CC552DFFE}” = hpphotosmartdisclabelplugin “{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}” = AIO_Scan “{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}” = HP Update “{B023185F-F1EF-4F97-B0BD-AE6D802226D1}” = NVIDIA WDM Drivers “{B1102A25-3AA3-446B-AA0F-A699B07A02FD}” = Garmin USB Drivers “{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel” = NVIDIA Kontrolpanel 296.10 “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver” = NVIDIA Grafikdriver 296.10 “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView” = NVIDIA NView 136.18 “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer” = NVIDIA Install Application “{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}” = HPPhotoSmartDiscLabel_PrintOnDisc “{B69349AE-2D41-3708-8BA4-4DC22645CA04}” = Microsoft .NET Framework 3.5 Language Pack SP1 - dan “{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}” = HPSSupply “{b9be267c-e096-4cce-a4fd-f24eec004938}” = PS_AIO_02_ProductContext “{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}” = Microsoft .NET Framework 2.0 Service Pack 2 “{C43326F5-F135-4551-8270-7F7ABA0462E1}” = HPProductAssistant “{c4549405-195f-4450-8865-6be9dc5ad136}” = PS_AIO_02_Software_Min “{C708333C-B1B9-43be-B797-49FEC7A8D15B}” = C5200 “{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1 “{CCB9B81A-167F-4832-B305-D2A0430840B3}” = WebReg “{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}” = PS_AIO_02_Software “{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}” = Microsoft .NET Framework 3.5 SP1 “{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}” = C5200_Help “{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}” = MarketResearch “{D79113E7-274C-470B-BD46-01B10219DF6A}” = HPPhotosmartEssential “{D99A8E3A-AE5A-4692-8B19-6F16D454E240}” = Destination Component “{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}” = NVIDIA PhysX “{DD920AB6-2DB9-48B7-8052-0A4F0C4277BC}” = MarketingReg “{DE114695-AE58-4B66-8E0F-2505188602FB}_is1” = Uninstall Startup Inspector “{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1” = Auslogics Disk Defrag “{DFCB15E0-969C-3E74-8654-F5978478E876}” = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DAN “{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}” = VideoToolkit01 “{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}” = Microsoft SQL Server Compact 3.5 SP1 English “{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}” = Apple Application Support “{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}” = Fax “{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}” = DeviceDiscovery “{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}” = Copy “{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 “49CF605F02C7954F4E139D18828DE298CD59217C” = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) “ActiveScan 2.0” = Panda ActiveScan 2.0 “Acubix PicoBackup Outlook Express Edition_is1” = Acubix PicoBackup Outlook Express Edition 2.1 “Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX “Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin “BurnAware Free_is1” = BurnAware Free 3.5 “CCleaner” = CCleaner “Emilsoft FireBackup” = Emilsoft FireBackup “ESET Online Scanner” = ESET Online Scanner v3 “EVEREST Home Edition_is1” = EVEREST Home Edition v2.20 “filehippo.com” = FileHippo.com Update Checker “Foxit Reader_is1” = Foxit Reader 5.1 “HP Imaging Device Functions” = HP Imaging Device Functions 10.0 “HP Photosmart Essential” = HP Photosmart Essential 3.5 “HP Smart Web Printing” = HP Smart Web Printing 4.60 “HP Solution Center & Imaging Support Tools” = HP Solution Center 13.0 “HPExtendedCapabilities” = HP Customer Participation Program 10.0 “HPOCR” = OCR Software by I.R.I.S. 10.0 “IDNMitigationAPIs” = Microsoft Internationalized Domain Names Mitigation APIs “ie8” = Windows Internet Explorer 8 “InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}” = VIA Platform Device Manager “jv16 PowerTools 2009_is1” = jv16 PowerTools 2009 “Malwarebytes’ Anti-Malware_is1” = Malwarebytes Anti-Malware version 1.61.0.1400 “Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1 “Microsoft .NET Framework 3.5 Language Pack SP1 - dan” = Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk “Microsoft .NET Framework 3.5 SP1” = Microsoft .NET Framework 3.5 SP1 “Mozilla Firefox 14.0.1 (x86 da)” = Mozilla Firefox 14.0.1 (x86 da) “MozillaMaintenanceService” = Mozilla Maintenance Service “MSCompPackV1” = Microsoft Compression Client Pack 1.0 for Windows XP “NLSDownlevelMapping” = Microsoft National Language Support Downlevel APIs “NVIDIA nView Desktop Manager” = NVIDIA nView Desktop Manager “Picasa 3” = Picasa 3 “RegSupreme Pro_is1” = RegSupreme Pro “Secunia PSI” = Secunia PSI (3.0.0.3001) “Shop for HP Supplies” = Shop for HP Supplies “SPAMfighter” = SPAMfighter “SystemRequirementsLab” = System Requirements Lab “Windows Media Format Runtime” = Windows Media Format 11 runtime “Windows Media Player” = Windows Media Player 11 “Windows XP Service Pack” = Windows XP Service Pack 3 “WMFDist11” = Windows Media Format 11 runtime “wmp11” = Windows Media Player 11 “WRUNINST” = Webroot SecureAnywhere “Wudf01000” = Microsoft User-Mode Driver Framework Feature Pack 1.0 “XnView_is1” = XnView 1.98 “XPSEPSCLP” = XML Paper Specification Shared Components Language Pack 1.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11-08-2012 05:12:33 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1002 Description = Stoppet program iexplore.exe, version 8.0.6001.18702, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 11-08-2012 05:12:35 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1002 Description = Stoppet program iexplore.exe, version 8.0.6001.18702, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 11-08-2012 05:12:50 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1001 Description = Fejl-bucket 1180947459. Error - 11-08-2012 05:12:57 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1001 Description = Fejl-bucket 1180947459. Error - 11-08-2012 05:44:03 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1002 Description = Stoppet program Picasa3.exe, version 3.9.136.4, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 11-08-2012 05:44:13 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1001 Description = Fejl-bucket -1288638183. Error - 11-08-2012 09:39:14 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1002 Description = Stoppet program psi.exe, version 3.0.0.3001, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 11-08-2012 09:39:19 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1001 Description = Fejl-bucket -1210316307. Error - 11-08-2012 09:40:39 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1002 Description = Stoppet program psi.exe, version 3.0.0.3001, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 11-08-2012 09:40:48 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1001 Description = Fejl-bucket -1210316307. [ Application Events ] Error - 11-08-2012 05:12:33 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1002 Description = Stoppet program iexplore.exe, version 8.0.6001.18702, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 11-08-2012 05:12:35 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1002 Description = Stoppet program iexplore.exe, version 8.0.6001.18702, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 11-08-2012 05:12:50 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1001 Description = Fejl-bucket 1180947459. Error - 11-08-2012 05:12:57 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1001 Description = Fejl-bucket 1180947459. Error - 11-08-2012 05:44:03 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1002 Description = Stoppet program Picasa3.exe, version 3.9.136.4, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 11-08-2012 05:44:13 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1001 Description = Fejl-bucket -1288638183. Error - 11-08-2012 09:39:14 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1002 Description = Stoppet program psi.exe, version 3.0.0.3001, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 11-08-2012 09:39:19 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1001 Description = Fejl-bucket -1210316307. Error - 11-08-2012 09:40:39 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1002 Description = Stoppet program psi.exe, version 3.0.0.3001, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 11-08-2012 09:40:48 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Application Hang \| ID = 1001 Description = Fejl-bucket -1210316307. [ System Events ] Error - 11-08-2012 04:57:58 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Service Control Manager \| ID = 7034 Description = Tjenesten Windows Installer afsluttede uventet. Dette er sket 1 gang(e). Error - 11-08-2012 04:57:58 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Service Control Manager \| ID = 7034 Description = Tjenesten COM-tjenesten IMAPI cd-skrivning afsluttede uventet. Dette er sket 1 gang(e). Error - 11-08-2012 05:05:30 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Dhcp \| ID = 1002 Description = Rettigheden til IP-adressen 94.126.7.213 for netværkskortet med netværksadressen 00219774DBC5 blev nægtet af DHCP-serveren 0.0.0.0 (DHCP-serveren sendte en DHCPNACK-meddelelse). Error - 11-08-2012 05:05:43 \| Computer Name = OTTO-C78BE9C4A7 \| Source = sr \| ID = 1 Description = Systemgendannelsesfilteret stødte på en uventet fejl ‘0xC0000001’ under behandling af filen ‘’ på drev ‘HarddiskVolume2’. Overvågning af drevet er stoppet. Error - 11-08-2012 05:07:00 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Service Control Manager \| ID = 7022 Description = Tjenesten HP-tjeneste til registrering af CUE-enheder hang ved start. Error - 11-08-2012 05:07:00 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Service Control Manager \| ID = 7026 Description = Følgende boot-start- eller system-start-driver kunne ikke indlæses: SASKUTIL Error - 11-08-2012 08:12:20 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Service Control Manager \| ID = 7022 Description = Tjenesten HP-tjeneste til registrering af CUE-enheder hang ved start. Error - 11-08-2012 08:12:20 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Service Control Manager \| ID = 7026 Description = Følgende boot-start- eller system-start-driver kunne ikke indlæses: SASKUTIL Error - 12-08-2012 02:53:13 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Dhcp \| ID = 1001 Description = Computeren fik ikke tildelt en adresse fra netværket (af DHCP-serveren) til netværkskortet med netværksadressen 00219774DBC5. Der opstod følgende fejl: #. Computeren vil fortsat forsøge at få tildelt en adresse fra netværksadresseserveren (DHCP). Error - 12-08-2012 02:54:36 \| Computer Name = OTTO-C78BE9C4A7 \| Source = Service Control Manager \| ID = 7022 Description = Tjenesten HP-tjeneste til registrering af CUE-enheder hang ved start. < End of report >
[ Ignorer ] [ # 8 ] f-arn TeamSpywarefri
12.08.2012 14:13:39 Administrator Team Spywarefri Antal indlæg: 7045	Hent og installer ERUNT: http://www.derfisch.de/lars/erunt-setup.exe Start den og lad den lave en Backup af Registreringsdatabasen. Du skal ikke la’ den starte Automatisk ——— Deaktiver dine Sikkerheds programmer, mens “Fixet” kører. Start OTL Kopier nedenstånde med fed skrift ind i feltet “Custom Scans/Fixes” :processes killallprocesses :OTL DRV - [2009-06-30 11:37:16 \| 000,028,552 \|——\| M] (Panda Security, S.L.) [File_System \| Boot \| Running]—C:\WINDOWS\system32\drivers\pavboot.sys—(pavboot) IE - HKU\S-1-5-21-527237240-484763869-725345543-1004\..\SearchScopes\{A5F9145C-BA7E-472F-AEE1-6E74B7C24EA3}: “URL” = http://www.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir FF - prefs.js..browser.search.defaultengine: “Ask.com” FF - prefs.js..browser.search.order.1: “Ask.com” [3 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] @Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 :files ipconfig /flushdns /c :Commands [CREATERESTOREPOINT] [emptytemp] [Reboot] Luk alle andre åbne vinduer og klik på “Run Fix” Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd. Ellers ligger den her: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 9 ] op
12.08.2012 15:40:01 Antal indlæg: 336	f-arn TeamSpywarefri her er loggen fra OTL All processes killed ========== PROCESSES ========== ========== OTL ========== Error: No service named Panda Security, S.L.) [File_System \| Boot \| Running]—C:\WINDOWS\system32\drivers\pavboot.sys—(pavboot was found to stop! Service\Driver key Panda Security, S.L.) [File_System \| Boot \| Running]—C:\WINDOWS\system32\drivers\pavboot.sys—(pavboot not found. Registry key HKEY_USERS\S-1-5-21-527237240-484763869-725345543-1004\Software\Microsoft\Internet Explorer\SearchScopes\{A5F9145C-BA7E-472F-AEE1-6E74B7C24EA3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5F9145C-BA7E-472F-AEE1-6E74B7C24EA3}\ not found. Prefs.js: “Ask.com” removed from browser.search.defaultengine Prefs.js: “Ask.com” removed from browser.search.order.1 C:\WINDOWS\System32\SET3E1.tmp deleted successfully. C:\WINDOWS\System32\SET3E3.tmp deleted successfully. C:\WINDOWS\System32\SET3F1.tmp deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B deleted successfully. ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP-konfiguration DNS Resolver Cache blev tømt. C:\Documents and Settings\Otto\Skrivebord\cmd.bat deleted successfully. C:\Documents and Settings\Otto\Skrivebord\cmd.txt deleted successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 821358 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Otto ->Temp folder emptied: 22796182 bytes ->Temporary Internet Files folder emptied: 1951653 bytes ->Java cache emptied: 1478822 bytes ->FireFox cache emptied: 1181277794 bytes ->Google Chrome cache emptied: 7830591 bytes ->Flash cache emptied: 5502 bytes User: UpdatusUser ->Temporary Internet Files folder emptied: 32768 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 32060 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.160,00 mb OTL by OldTimer - Version 3.2.57.0 log created on 08122012_152655 Files\Folders moved on Reboot… PendingFileRenameOperations files… Registry entries deleted on Reboot…
[ Ignorer ] [ # 10 ] f-arn TeamSpywarefri
12.08.2012 18:16:48 Administrator Team Spywarefri Antal indlæg: 7045	Den gjorde ikke helt som jeg ville. ——— Deaktiver dine Sikkerheds programmer, mens “Fixet” kører. Start OTL Kopier nedenstånde med fed skrift ind i feltet “Custom Scans/Fixes” :processes killallprocesses :Services pavboot :files C:\WINDOWS\system32\drivers\pavboot.sys :Commands [CREATERESTOREPOINT] [emptytemp] [Reboot] Luk alle andre åbne vinduer og klik på “Run Fix” Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd. Ellers ligger den her: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log Hvordan kører PCen Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 11 ] op
12.08.2012 18:43:18 Antal indlæg: 336	Hej! f-arn TeamSpywarefri computeren kører upåklageligt mvh Otto her er så en ny OTL log All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== Error: Unable to stop service pavboot! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pavboot deleted successfully. ========== FILES ========== C:\WINDOWS\system32\drivers\pavboot.sys moved successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Otto ->Temp folder emptied: 54734 bytes ->Temporary Internet Files folder emptied: 33269 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 95711537 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 733 bytes User: UpdatusUser ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 7712 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 91,00 mb OTL by OldTimer - Version 3.2.57.0 log created on 08122012_182949 Files\Folders moved on Reboot… PendingFileRenameOperations files… Registry entries deleted on Reboot…
[ Ignorer ] [ # 12 ] f-arn TeamSpywarefri
12.08.2012 19:00:09 Administrator Team Spywarefri Antal indlæg: 7045	Du bruger forældet software, så vil du godt læse dette, skrevet af Perhaps Emeritus. Hent Security Check af screen317 Start den og følg instruktionerne. Kopier loggen herind. Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 13 ] op
12.08.2012 20:52:44 Antal indlæg: 336	Hej! f-arn TeamSpywarefri Results of screen317’s Security Check version 0.99.43 Windows XP Service Pack 3 x86 Internet Explorer 8 *``````````````Antivirus/Firewall Check:``````````````* ESET Online Scanner v3 Sunbelt Personal Firewall *`````````Anti-malware/Other Utilities Check:`````````* WinPatrol Secunia PSI (3.0.0.3001) RegSupreme Pro Malwarebytes Anti-Malware version 1.61.0.1400 CCleaner JavaFX 2.1.1 Java(TM) 6 Update 26 Java(TM) 7 Update 5 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 10.3.181.34 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (14.0.1) *````````Process Check: objlist.exe by Laurent````````* WinPatrol winpatrol.exe is disabled! Sunbelt Software Personal Firewall SbPFLnch.exe Sunbelt Software Personal Firewall SbPFSvc.exe Sunbelt Software Personal Firewall SbPFCl.exe *`````````````````System Health check`````````````````* Total Fragmentation on Drive C:: *````````````````````End of Log``````````````````````* Jeg vil lige gøre opmærksom på at den ikke fandt “WEBROOT SECURE anywhere” som er mit antivirus og malware beskyttelses program mvh Otto
[ Ignorer ] [ # 14 ] f-arn TeamSpywarefri
12.08.2012 21:56:27 Administrator Team Spywarefri Antal indlæg: 7045	I Kontrolpanelet skal du afinstallere Java(TM) 6 Update 26 . Hent en ny her. http://www.java.com/en/download/index.jsp (husk at fraklikke Toolbars og andet skrammel) Du skal også afinstallere Adobe Reader 9 Hent en ny her. http://get.adobe.com/reader/ (husk at fraklikke Toolbars og andet skrammel) Afinstaller alt Adobe Flash Player. Hent en ny her. http://get.adobe.com/flashplayer/ (husk at fraklikke Toolbars og andet skrammel) Du bør også afinstallere WinPatrol ——— Start OTL og klik på CleanUp Det vil fjerne OTL, og andre værktøjer vi har brugt. Hvis der efterlades noget, må du slette det manuelt. —- Vil du godt melde tilbage når det er gjort, så vi kan lukke tråden ordentligt. Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 15 ] op
13.08.2012 11:00:55 Antal indlæg: 336	Hej! f-arn TeamSpywarefri Så er alt afinstaleret og nye opdateret installeret, og mange tak for hjælpen med at få renset pcen, hvad skulle vi almindelige mennesker gøre, hvis der ikke fandtes sådanne nogen som jer til at hjælpe os. med venlig hilsen Otto

1 af 2

Næste