Spywarefri Forum | Security shield :-(

1 af 2

Security shield :-(

[ Ignorer ] delfin29
16.08.2012 07:05:36 Antal indlæg: 15	øv, jeg har fået “fornøjelsen” af security shield :-( jeg har forsøgt at fjerne den, ved at følge anvisningerne fra et par tråde herinde, men min pc vil ikke samarbejde :-( jeg har prøvet at køre malwarebytes anti-mallware flere gange, men den fryser når den har kørt 35-45 min hver gang :-( jeg har prøvet combofix, den fandt nogle filer som det så ud til den slettede, den bad om genstart men da jeg genstartede min pc, kom security shield igen op og lavede “ballade” for at combofix kunne køre :-( jeg kan derfor ikke smide en log herinde :-( jeg er på fra en anden pc lige nu. nogen der ved hvad jeg kan gøre nu ?
[ Ignorer ] [ # 1 ] Magic Spyhunter
16.08.2012 08:36:07 Administrator Supporter Emeritus Antal indlæg: 32083	Hej og velkommen Du skal helst downloade fra en anden PC. ——— Til 32 bit Windows, hent Farbar Recovery Scan Tool og gem den på en USB nøgle. Til 64 bit Windows, hent Farbar Recovery Scan Tool x64 og gem den på en USB nøgle. Sæt USB nøglen i den inficerede PC. Start PCen op med “Advanced Boot Options” (Tryk F8 flere gange under opstart) Vælg “Repair Your Computer” Vælg sprog. Vælg Bruger konto. Så skal du vælge Kommando Prompt. Der skriver du notepad, og trykker <Enter> Vælg Fil menu -> Åbn og vælg “Computer”. Find drevbogstavet til din USB nøgle. Luk Notesblok. Ved Kommando prompten skriver du e:\frst.exe (64 bit Windows e:\frst64) Erstat e med det rigtige bogstav. Når Farbar Recovery Scan Tool er startet, klikker du på Scan. Den laver FRST.txt på USB nøglen. Kopier den herind i dit næste indlæg. Signatur Sund Computer fornuft
[ Ignorer ] [ # 2 ] delfin29
16.08.2012 08:53:44 Antal indlæg: 15	jeg prøver lige, har lige prøvet med superantispyware, men den fryser også fast ligesom malwarebytes. men prøver lige at gøre som du har skrevet
[ Ignorer ] [ # 3 ] delfin29
16.08.2012 08:54:46 Antal indlæg: 15	hov. hvordan kan jeg se om det er 32 eller 64 bit. det kan jeg da ik huske
[ Ignorer ] [ # 4 ] delfin29
16.08.2012 08:59:34 Antal indlæg: 15	tror skisme jeg har “snydt” spywaren første gang stoppede jeg scanning ( med superantispyware )efter 20 min, da den havde fundet 49 filer der var inficeret, så kørte jeg den igen og stoppede den så da den havde kørt 44 min, og slettede igen, det den havde fundet. nu har jeg kunne starte min pc op, uden problemer
[ Ignorer ] [ # 5 ] Magic Spyhunter
16.08.2012 09:33:45 Administrator Supporter Emeritus Antal indlæg: 32083	Det er godt, men jeg vil foreslå at vi lige tjekker den igennem for at se om der er mere skrammel. Download OTL af Oldtimer, gem den på dit skrivebord: http://oldtimer.geekstogo.com/OTL.exe Luk alle åbne vinduer. Klik på OTL ikonet (for Vista/win7, skal du højreklikke på ikonet og Kør som Administrator) for at starte programmet. Når vinduet vises, under Output i toppen skift til Minimal Output. Marker felterne ud for LOP check og Purity Check. • I Custom Scan boxen, kopierer du nedestående ind netsvcs drivers32 msconfig @ /md5stop %SYSTEMDRIVE%\. %SYSTEMDRIVE%\*. %CREATERESTOREPOINT Klik så på Quick Scan. • Det vil give to (2) logfiler på skrivebordet, en kaldet OTL.txt, den anden vil blive navngivet Extras.txt. Husk, hvor du har gemt disse 2 filer. Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg. Signatur Sund Computer fornuft
[ Ignorer ] [ # 6 ] delfin29
16.08.2012 09:37:17 Antal indlæg: 15	super, det gør jeg lige, når min pc er færdig med at scanne med mit normale virus program :-( der kan godt gå en time ca ( skal vidst ha mine videoer og billeder over på ekstern hardisk )
[ Ignorer ] [ # 7 ] Magic Spyhunter
16.08.2012 10:16:10 Administrator Supporter Emeritus Antal indlæg: 32083	Go´idé for så mister du ikke dem ved et evt. nedbrud Signatur Sund Computer fornuft
[ Ignorer ] [ # 8 ] delfin29
16.08.2012 10:18:33 Antal indlæg: 15	nå den frøs også med scanning med mit eget virus program :-( jeg får da kuller. nå men her kommer filerne
[ Ignorer ] [ # 9 ] delfin29
16.08.2012 10:18:53 Antal indlæg: 15	OTL logfile created on: 16-08-2012 09:55:53 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Heidi\Skrivebord Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 3,23 Gb Total Physical Memory \| 2,26 Gb Available Physical Memory \| 69,98% Memory free 5,07 Gb Paging File \| 3,78 Gb Available in Paging File \| 74,62% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Programmer Drive C: \| 232,88 Gb Total Space \| 66,69 Gb Free Space \| 28,64% Space Free \| Partition Type: NTFS Computer Name: KONTOR \| User Name: Heidi \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Quick Scan Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Heidi\Skrivebord\OTL.exe (OldTimer Tools) PRC - C:\Programmer\Malwarebytes’ Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programmer\Malwarebytes’ Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programmer\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Programmer\IncrediMail\bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Programmer\Web Assistant\ExtensionUpdaterService.exe () PRC - C:\WINDOWS\system32\javaw.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\system32\java.exe (Sun Microsystems, Inc.) PRC - C:\Programmer\Fælles filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programmer\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) PRC - C:\Programmer\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\Programmer\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programmer\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programmer\TrueLink\wrapper\bin\wrapper.exe (Tanuki Software, Ltd.) PRC - C:\Programmer\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe (Panda Security, S.L.) PRC - C:\Programmer\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe (Panda Security, S.L.) PRC - C:\Programmer\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Programmer\Essentials Codec Pack\WECPUpdate.exe (MediaCodec.Org) PRC - C:\Programmer\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe (Panda Security, S.L.) PRC - C:\Programmer\Panda Security\Panda Antivirus Pro 2012\psksvc.exe (Panda Security, S.L.) PRC - C:\Programmer\Panda Security\Panda Antivirus Pro 2012\pavjobs.exe (Panda Security, S.L.) PRC - C:\Programmer\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe (Panda Security, S.L.) PRC - C:\Programmer\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE (Panda Security, S.L.) PRC - C:\Programmer\Panda Security\Panda Antivirus Pro 2012\WebProxy.exe (Panda Security, S.L.) PRC - C:\Programmer\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe (Panda Security, S.L.) PRC - C:\Programmer\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programmer\Logitech\SetPoint\LBTWiz.exe (Logitech Inc.) PRC - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) PRC - C:\Programmer\Fælles filer\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programmer\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programmer\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programmer\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation) PRC - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) PRC - C:\Garmin\gStart.exe (GARMIN Corp.) PRC - C:\Programmer\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe (Panda Security S.L.) PRC - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programmer\Fælles filer\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.) PRC - C:\Programmer\SECommon\OPTACToolAutoDld.exe (Thadickatt House) PRC - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe (Nero AG) PRC - C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programmer\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programmer\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) PRC - C:\Programmer\TrueLink\wrapper_win32_3.1.1\bin\wrapper.exe () PRC - C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\PDFShell.DAN () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\54d61af44b1dedee6aea0d1bbc46b13a\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5d585d5428ce69abc28238ffa9f4d3a2\PresentationFramework.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\fe068ba4be8f6cb7d6a58bccff05c75e\PresentationCore.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\62f103f9e662d263ec2ecacc49d4525b\WindowsBase.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\4a668799513e369a54fdab8b3f74de92\System.Drawing.ni.dll () MOD - C:\Programmer\IncrediMail\bin\wlessfp1.dll () MOD - C:\Programmer\IncrediMail\bin\ImLookExU.dll () MOD - C:\Programmer\IncrediMail\bin\IMHttpComm.dll () MOD - C:\Programmer\IncrediMail\bin\ImComUtlU.dll () MOD - C:\Programmer\IncrediMail\bin\ImAppRU.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\9b6f1bcb2cf4e6ad429cd721b942f30f\System.Xaml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f44e12702dadeae606b8eaca609b1336\System.Xml.Linq.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\190e1740c9b998105a47ec31df0b6f11\PresentationFramework.Luna.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\efe46aa882d9ac31f7fbbdc004fc99d5\System.Security.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll () MOD - C:\Programmer\Web Assistant\ExtensionUpdaterService.exe () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\libThumbnail.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\libKeyFrame.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\DCMCDP.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\FolderCDP.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\MetadataFramework.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\ID3Driver.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\Autobackup.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\AutoChaptering.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\AudioExtractor.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\photoDriver.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\VideoExtractor.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\TextExtractor.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\VideoThumb.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\ImageExtractor.dll () MOD - C:\Programmer\IncrediMail\bin\PMC.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\us.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\tag.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\avformat-52.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\sqlite3.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\MoodExtractor.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\swscale-0.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\libexpat.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\avutil-50.dll () MOD - C:\Programmer\Samsung\AllShare\AllShareDMS\avcodec-52.dll () MOD - C:\Programmer\Fælles filer\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programmer\Logitech\SetPoint\khalwrapper.dll () MOD - C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () MOD - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AdistRes.DAN () MOD - C:\Programmer\Panda Security\Panda Antivirus Pro 2012\MiniCrypto.dll () MOD - C:\Programmer\Panda Security\Panda Antivirus Pro 2012\APIcr.dll () MOD - C:\Programmer\TrueLink\wrapper_win32_3.1.1\bin\wrapper.exe () MOD - C:\Programmer\TrueLink\wrapper_win32_3.1.1\lib\wrapper.dll () MOD - C:\Programmer\Panda Security\Panda Antivirus Pro 2012\LIBXML2.DLL () MOD - C:\WINDOWS\system32\BrMuSNMP.dll () MOD - C:\Programmer\ArcSoft\PhotoImpression 5\Share\PIHook.dll () ========== Win32 Services (SafeList) ========== SRV - (getPlusHelper)—C:\Programmer\NOS\bin\getPlus_Helper.dll File not found SRV - (AdobeFlashPlayerUpdateSvc)—C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate)—C:\Programmer\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService)—C:\Programmer\Malwarebytes’ Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Web Assistant Updater)—C:\Programmer\Web Assistant\ExtensionUpdaterService.exe () SRV - (!SASCORE)—C:\Programmer\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SRV - (SamsungAllShareV2.0)—C:\Programmer\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) SRV - (SimpleSlideShowServer)—C:\Programmer\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.) SRV - (TrueLink Client Service)—C:\Programmer\TrueLink\wrapper\bin\wrapper.exe (Tanuki Software, Ltd.) SRV - (TPSrv)—C:\Programmer\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe (Panda Security, S.L.) SRV - (PAVFNSVR)—C:\Programmer\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe (Panda Security, S.L.) SRV - (PskSvcRetail)—C:\Programmer\Panda Security\Panda Antivirus Pro 2012\psksvc.exe (Panda Security, S.L.) SRV - (PAVSRV)—C:\Programmer\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe (Panda Security, S.L.) SRV - (Panda Software Controller)—C:\Programmer\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe (Panda Security, S.L.) SRV - (LBTServ)—C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (OMSI download service)—C:\Programmer\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (TomTomHOMEService)—C:\Programmer\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Apple Mobile Device)—C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ServiceLayer)—C:\Programmer\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (PSIMSVC)—C:\Programmer\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe (Panda Security S.L.) SRV - (FLEXnet Licensing Service)—C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (PavPrSrv)—C:\Programmer\Fælles filer\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.) SRV - (NMIndexingService)—C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (IDriverT)—C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (Truelink service)—C:\Programmer\TrueLink\wrapper_win32_3.1.1\bin\wrapper.exe () SRV - (ose)—C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM)—C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (brmfrmps)—C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.) ========== Driver Services (SafeList) ========== DRV - (WDICA)— File not found DRV - (PDRFRAME)— File not found DRV - (PDRELI)— File not found DRV - (PDFRAME)— File not found DRV - (PDCOMP)— File not found DRV - (PCIDump)— File not found DRV - (PavTPK.sys)—C:\WINDOWS\system32\PavTPK.sys File not found DRV - (PavSRK.sys)—C:\WINDOWS\system32\PavSRK.sys File not found DRV - (lbrtfdc)— File not found DRV - (Changer)— File not found DRV - (catchme)—C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys File not found DRV - (AvFlt)—C:\WINDOWS\system32\drivers\av5flt.sys File not found DRV - (MBAMSwissArmy)—C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector)—C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (SASDIFSV)—C:\Programmer\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL)—C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (ShldDrv)—C:\WINDOWS\system32\drivers\ShlDrv51.sys (Panda Security, S.L.) DRV - (pavboot)—C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (OXUDIDRV)—C:\WINDOWS\system32\drivers\OXUDIDRV_x32.sys () DRV - (AmFSM)—C:\WINDOWS\system32\drivers\amm8651.sys (Panda Security, S.L.) DRV - (PavProc)—C:\WINDOWS\system32\drivers\PavProc.sys (Panda Security, S.L.) DRV - (OXSDIDRV_x32)—C:\WINDOWS\system32\drivers\OXSDIDRV_x32.sys () DRV - (LUsbFilt)—C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt)—C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt)—C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LHidEqd)—C:\WINDOWS\system32\drivers\LHidEqd.sys (Logitech, Inc.) DRV - (LEqdUsb)—C:\WINDOWS\system32\drivers\LEqdUsb.sys (Logitech, Inc.) DRV - (ggsemc)—C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt)—C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (pccsmcfd)—C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (seehcri)—C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (IntcAzAudAddService)—C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (aacsas)—C:\WINDOWS\system32\drivers\aacsas.sys (Adaptec, Inc.) DRV - (GT72NDISIPXP)—C:\WINDOWS\system32\drivers\Gt51Ip.sys (Option NV) DRV - (adp3132)—C:\WINDOWS\system32\drivers\adp3132.sys (Adaptec, Inc.) DRV - (GT72UBUS)—C:\WINDOWS\system32\drivers\gt72ubus.sys (Option N.V.) DRV - (TPM)—C:\WINDOWS\system32\drivers\tpm.sys (Winbond Electronics Corp.) DRV - (GTPTSER)—C:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.) DRV - (HECI)—C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (DFUBTUSB)—C:\WINDOWS\system32\drivers\frmupgr.sys (Broadcom Corporation.) DRV - (BTWUSB)—C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (btwhid)—C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.) DRV - (BTDriver)—C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (btwmodem)—C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) DRV - (BTKRNL)—C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btaudio)—C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (SNTNLUSB)—C:\WINDOWS\system32\drivers\SNTNLUSB.SYS (SafeNet, Inc.) DRV - (P0870Dev)—C:\WINDOWS\system32\drivers\P0870Dev.sys (Creative Technology Ltd.) DRV - (aac)—C:\WINDOWS\system32\drivers\aac.sys (Adaptec, Inc.) DRV - (aarsi3x)—C:\WINDOWS\system32\drivers\aarsi3x.sys (Adaptec, Inc.) DRV - (GR433S)—C:\WINDOWS\system32\drivers\GR433s.sys (Gemplus) DRV - (BrUsbScn)—C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.) DRV - (ASPI32)—C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src;={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nordea.dk/ IE - HKCU\..\SearchScopes,DefaultScope = {88FC6232-2A4C-42F5-9652-E75FC53FD35D} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{88FC6232-2A4C-42F5-9652-E75FC53FD35D}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie;={inputEncoding}&oe;={outputEncoding}&startIndex;={startIndex?}&startPage;={startPage}&rlz=1I7GZEF_da IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: “Search the web (Babylon)” FF - prefs.js..browser.search.defaulturl: “http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627” FF - prefs.js..browser.search.order.1: “Search the web (Babylon)” FF - prefs.js..browser.search.selectedEngine: “Search the web (Babylon)” FF - prefs.js..browser.startup.homepage: “https://www.turbestilling.dk/movia/scripts/cgiip.wsc/WService=webplanet/framevm.htm?userid=&kl;=” FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..extensions.enabledItems: .:1.0 FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.441 FF - prefs.js..keyword.URL: “http://search.babylon.com/?babsrc=adbartrp&AF=15627&q=” FF - prefs.js..network.proxy.http: “localhost” FF - prefs.js..network.proxy.http_port: 8008 FF - prefs.js..network.proxy.ssl: “localhost” FF - prefs.js..network.proxy.ssl_port: 8808 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programmer\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Programmer\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmer\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmer\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmer\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Programmer\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmer\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmer\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmer\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Programmer\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-07-28 10:33:09 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Programmer\Web Assistant\Firefox [2012-05-31 07:37:58 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2012-05-22 15:27:57 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins [2012-05-22 15:28:22 \| 000,000,000 \|—-D \| M] [2009-05-11 08:03:39 \| 000,000,000 \|—-D \| M] (No name found)—C:\Documents and Settings\Heidi\Application Data\Mozilla\Extensions [2008-06-24 14:35:52 \| 000,000,000 \|—-D \| M] (No name found)—C:\Documents and Settings\Heidi\Application Data\Mozilla\Extensions\home2@tomtom.com [2012-08-04 08:50:00 \| 000,000,000 \|—-D \| M] (No name found)—C:\Documents and Settings\Heidi\Application Data\Mozilla\Firefox\Profiles\1jru1wz2.default\extensions [2009-10-30 15:05:30 \| 000,000,000 \|—-D \| M] (Microsoft .NET Framework Assistant)—C:\Documents and Settings\Heidi\Application Data\Mozilla\Firefox\Profiles\1jru1wz2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-07-20 11:53:30 \| 000,000,000 \|—-D \| M] (NCH Toolbar)—C:\Documents and Settings\Heidi\Application Data\Mozilla\Firefox\Profiles\1jru1wz2.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} [2012-04-10 17:53:22 \| 000,000,000 \|—-D \| M] (No name found)—C:\Programmer\Mozilla Firefox\extensions [2010-06-23 07:19:28 \| 000,000,000 \|—-D \| M] (Java Console)—C:\Programmer\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-09-23 09:42:49 \| 000,000,000 \|—-D \| M] (Java Console)—C:\Programmer\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2012-04-10 17:53:22 \| 000,000,000 \|—-D \| M] (Java Console)—C:\Programmer\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012-04-10 17:53:10 \| 000,000,000 \|—-D \| M] (Java Quick Starter)—C:\PROGRAMMER\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012-05-31 07:37:58 \| 000,000,000 \|—-D \| M] (Web Assistant)—C:\PROGRAMMER\WEB ASSISTANT\FIREFOX [2012-04-10 17:53:09 \| 000,476,904 \|——\| M] (Sun Microsystems, Inc.)—C:\Programmer\mozilla firefox\plugins\npdeployJava1.dll [2009-11-03 04:03:56 \| 000,001,525 \|——\| M] ()—C:\Programmer\mozilla firefox\searchplugins\amazon-co-uk.xml [2010-11-02 08:18:35 \| 000,002,226 \|——\| M] ()—C:\Programmer\mozilla firefox\searchplugins\babylon.xml [2009-11-03 04:03:56 \| 000,001,178 \|——\| M] ()—C:\Programmer\mozilla firefox\searchplugins\wikipedia-da.xml [2009-11-03 04:03:56 \| 000,000,799 \|——\| M] ()—C:\Programmer\mozilla firefox\searchplugins\yahoo-dk.xml ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie;={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl;={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmer\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programmer\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programmer\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programmer\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programmer\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programmer\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programmer\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programmer\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programmer\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programmer\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmer\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmer\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmer\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Programmer\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programmer\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Media Go Detector (Enabled) = C:\Programmer\Sony\Media Go\npmediago.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programmer\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmer\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-s\u00F8gning = C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Babylon Translator = C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\ CHR - Extension: Web Assistant = C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\ CHR - Extension: TimelineRemove = C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.8.1_0\ CHR - Extension: Gmail = C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012-08-16 07:26:01 \| 000,000,027 \|——\| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmer\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (De Gule Sider) - {D4003A01-9B2C-4e24-9CD2-8D7DB1BDE096} - C:\WINDOWS\Downloaded Program Files\DGSToolbar.dll () O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmer\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (De Gule Sider) - {D4003A01-9B2C-4E24-9CD2-8D7DB1BDE096} - C:\WINDOWS\Downloaded Program Files\DGSToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmer\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AllShareAgent] C:\Programmer\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [APVXDWIN] C:\Programmer\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE (Panda Security, S.L.) O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4 - HKLM..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Programmer\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [gemstrmw] C:\WINDOWS\System32\gemstrmw.exe (Gemplus) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Programmer\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [Malwarebytes’ Anti-Malware] C:\Programmer\Malwarebytes’ Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Programmer\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [PD0870 STISvc] C:\WINDOWS\System32\P0870Pin.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [SCANINICIO] C:\Programmer\Panda Security\Panda Antivirus Pro 2012\Inicio.exe (Panda Security, S.L.) O4 - HKLM..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl04e\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [SetDefPrt2] C:\Programmer\Brother\Brmfl05c\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmer\Fælles filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.) O4 - HKCU..\Run: [IncrediMail] C:\Programmer\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Programmer\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Acrobat Hurtigstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1053-DF00-BA7E-000000000003}\_SC_Acrobat.exe () O4 - Startup: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\BTTray.lnk = C:\Programmer\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Google Calendar Sync.lnk = C:\Programmer\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) O4 - Startup: C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\Heidi\Menuen Start\Programmer\Start\OPTACToolAuto.lnk = C:\Programmer\SECommon\OPTACToolAutoDld.exe (Thadickatt House) O4 - Startup: C:\Documents and Settings\Heidi\Menuen Start\Programmer\Start\PMB Media Check Tool.lnk = C:\Programmer\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Konverter hyperlinkdestination til Adobe PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Konverter hyperlinkdestination til eksisterende PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Konverter markering til Adobe PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Konverter markering til eksisterende PDF-fil - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Konverter til Adobe PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Konverter valgte hyperlinks til Adobe PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Konverter valgte hyperlinks til eksisterende PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Send til &Bluetooth;-enhed… - C:\Programmer\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Tilføj til eksisterende PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Degulesider Toolbar - {B41E4A63-C2FD-4452-8BCA-D16FA5081080} - C:\WINDOWS\Downloaded Program Files\DGSToolbar.dll () O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites) O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: danid.dk ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: danid.dk ([]https in Trusted sites) O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} http://downol.dr.dk/download/netradio/Rawflow.cab (Rawflow ICD Client) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control) O16 - DPF: {4F2A3649-7A9F-4950-9C31-409FAC6FC7C8} https://danid.dk/csp/authenticode/csp.exe (IssueUtilCtrl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210857755750 (MUWebControl Class) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} https://activex.dataloen.dk/controls/dataloen3348.cab (Dataloen.ctlVirtuelDesktop) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4003A01-9B2C-4E24-9CD2-8D7DB1BDE096} http://www.degulesider.dk/tool/DGSCab.cab (De Gule Sider) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.162.153.164 194.239.134.83 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42F9A1FE-40C0-4333-9A11-065C3C00D680}: DhcpNameServer = 193.162.153.164 194.239.134.83 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmer\Fælles filer\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmer\Fælles filer\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\WINDOWS\System32\avldr.dll (On-Access Anti-Malware Scanner Sync) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll) - c:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Min aktuelle startside) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmer\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-04-29 15:15:31 \| 000,000,000 \|——\| M] () - C:\AUTOEXEC.BAT—[ NTFS ] O33 - MountPoints2\{38c3f6a3-a1a1-11dd-bd1f-001cc0076282}\Shell\AutoRun\command - “” = M:\InstallTomTomHOME.exe O33 - MountPoints2\{82976d1f-3dba-11dd-bc93-001cc0076282}\Shell - “” = AutoRun O33 - MountPoints2\{82976d1f-3dba-11dd-bc93-001cc0076282}\Shell\AutoRun\command - “” = E:\setup.exe AUTORUN=1 O33 - MountPoints2\{9245c2dc-15fd-11dd-8dd6-806d6172696f}\Shell - “” = AutoRun O33 - MountPoints2\{9245c2dc-15fd-11dd-8dd6-806d6172696f}\Shell\AutoRun\command - “” = H:\EIVCD.exe O33 - MountPoints2\{a5a6e54f-41c0-11dd-bc99-001cc0076282}\Shell\AutoRun\command - “” = L:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open]—“%1” % O35 - HKLM\..exefile [open]—“%1” %* O37 - HKLM\...com [@ = ComFile]—“%1” %* O37 - HKLM\...exe [@ = exefile]—“%1” %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler) Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.CSCD - camcodec.dll File not found Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.) Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept) Drivers32: VIDC.FFDS - ff_vfw.dll File not found Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (http://www.helixcommunity.org) Drivers32: vidc.IPJ2 - jp2avi.dll File not found Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.LAGS - lagarith.dll File not found Drivers32: vidc.VP40 - vp4vfw.dll File not found Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP70 - vp7vfw.dll File not found Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (http://www.helixcommunity.org) MsConfig - State: “system.ini” - 0 MsConfig - State: “win.ini” - 0 MsConfig - State: “bootini” - 0 MsConfig - State: “services” - 0 MsConfig - State: “startup” - 0 %CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012-08-16 09:53:39 \| 000,596,992 \|——\| C] (OldTimer Tools)—C:\Documents and Settings\Heidi\Skrivebord\OTL.exe [2012-08-16 09:21:30 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\Heidi\Menuen Start\Programmer\CyberLink PowerDVD [2012-08-16 09:06:13 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\Panda Security [2012-08-16 09:05:29 \| 000,026,696 \|——\| C] (Panda Security, S.L.)—C:\WINDOWS\System32\drivers\pavboot.sys [2012-08-16 09:05:21 \| 000,054,832 \|——\| C] (Panda Software)—C:\WINDOWS\System32\pavcpl.cpl [2012-08-16 09:05:21 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\Panda Antivirus Pro 2012 [2012-08-16 09:05:10 \| 000,520,000 \|——\| C] (Panda Security, S.L.)—C:\WINDOWS\System32\PavSHook.dll [2012-08-16 09:05:10 \| 000,193,344 \|——\| C] (Panda Security, S.L.)—C:\WINDOWS\System32\TpUtil.dll [2012-08-16 09:05:10 \| 000,107,568 \|——\| C] (Panda Software)—C:\WINDOWS\System32\SYSTOOLS.DLL [2012-08-16 09:05:10 \| 000,087,360 \|——\| C] (Panda Security, S.L.)—C:\WINDOWS\System32\PavLspHook.dll [2012-08-16 09:05:10 \| 000,055,616 \|——\| C] (Panda Security, S.L.)—C:\WINDOWS\System32\pavipc.dll [2012-08-16 09:05:08 \| 000,059,080 \|——\| C] (Panda Security, S.L.)—C:\WINDOWS\System32\drivers\amm8651.sys [2012-08-16 09:05:08 \| 000,055,552 \|——\| C] (On-Access Anti-Malware Scanner Sync)—C:\WINDOWS\System32\avldr.dll [2012-08-16 09:05:08 \| 000,000,000 \|—-D \| C]—C:\WINDOWS\System32\PAV [2012-08-16 09:05:07 \| 000,000,000 \|—-D \| C]—C:\Programmer\Panda Security [2012-08-16 09:05:07 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\Heidi\Application Data\Panda Security [2012-08-16 09:05:07 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\All Users\Application Data\Panda Security [2012-08-16 09:04:40 \| 000,163,848 \|——\| C] (Panda Security, S.L.)—C:\WINDOWS\System32\drivers\PavProc.sys [2012-08-16 09:04:40 \| 000,037,448 \|——\| C] (Panda Security, S.L.)—C:\WINDOWS\System32\drivers\ShlDrv51.sys [2012-08-16 09:04:40 \| 000,000,000 \|—-D \| C]—C:\Programmer\Fælles filer\Panda Security [2012-08-16 07:40:49 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2012-08-16 07:40:49 \| 000,000,000 \|—-D \| C]—C:\Programmer\SUPERAntiSpyware [2012-08-16 07:20:21 \| 000,000,000 \|—-D \| C]—C:\WINDOWS\temp [2012-08-16 07:08:16 \| 000,000,000 \|—-D \| C]—C:\ComboFix [2012-08-16 06:42:13 \| 000,518,144 \|——\| C] (SteelWerX)—C:\WINDOWS\SWREG.exe [2012-08-16 06:42:13 \| 000,406,528 \|——\| C] (SteelWerX)—C:\WINDOWS\SWSC.exe [2012-08-16 06:42:13 \| 000,212,480 \|——\| C] (SteelWerX)—C:\WINDOWS\SWXCACLS.exe [2012-08-16 06:42:13 \| 000,060,416 \|——\| C] (NirSoft)—C:\WINDOWS\NIRCMD.exe [2012-08-16 06:34:20 \| 000,000,000 \|—-D \| C]—C:\Qoobox [2012-08-16 06:34:03 \| 000,000,000 \|—-D \| C]—C:\WINDOWS\erdnt [2012-08-15 23:34:07 \| 000,040,776 \|——\| C] (Malwarebytes Corporation)—C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012-08-15 22:26:52 \| 000,022,344 \|——\| C] (Malwarebytes Corporation)—C:\WINDOWS\System32\drivers\mbam.sys [2012-08-15 22:26:52 \| 000,000,000 \|—-D \| C]—C:\Programmer\Malwarebytes’ Anti-Malware [2012-08-15 22:26:52 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\Malwarebytes’ Anti-Malware [2012-08-15 22:19:37 \| 000,000,000 \| -HSD \| C]—C:\WINDOWS\CSC [2012-08-15 16:07:26 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\Heidi\Application Data\TeamViewer [2012-08-06 12:37:23 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\Skype [2012-08-06 12:37:17 \| 000,000,000 \|—-D \| C]—C:\Programmer\Fælles filer\Skype [2012-08-05 17:48:47 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\beregner_001 [2012-08-04 08:50:59 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\Breaktru Software [2012-08-04 08:50:52 \| 000,000,000 \|—-D \| C]—C:\Programmer\Breaktru Software [2012-08-04 08:49:22 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\Heidi\My Documents [2012-08-02 13:02:29 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\Heidi\Dokumenter\xperia tlf. heidi [2012-07-28 12:06:17 \| 000,000,000 \|—-D \| C]—C:\Documents and Settings\Heidi\Dokumenter\Røg [1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-08-16 09:53:46 \| 000,596,992 \|——\| M] (OldTimer Tools)—C:\Documents and Settings\Heidi\Skrivebord\OTL.exe [2012-08-16 09:48:16 \| 000,000,336 \|——\| M] ()—C:\WINDOWS\tasks\Windows Codec Update Service.job [2012-08-16 09:39:07 \| 000,001,024 \|——\| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2856931144-146229035-2554457756-1004UA.job [2012-08-16 09:36:11 \| 000,008,627 \|——\| M] ()—C:\Documents and Settings\Heidi\PAV_FOG.OPC [2012-08-16 09:26:04 \| 000,000,912 \|——\| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-08-16 09:23:44 \| 000,001,374 \|——\| M] ()—C:\WINDOWS\System32\wpa.dbl [2012-08-16 09:22:20 \| 000,002,325 \|——\| M] ()—C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Acrobat Hurtigstart.lnk [2012-08-16 09:20:40 \| 000,000,908 \|——\| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-08-16 09:19:59 \| 000,002,048 \|—S- \| M] ()—C:\WINDOWS\bootstat.dat [2012-08-16 09:17:19 \| 000,008,627 \|——\| M] ()—C:\WINDOWS\System32\PAV_FOG.OPC [2012-08-16 09:16:19 \| 000,000,830 \|——\| M] ()—C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-08-16 09:05:34 \| 000,001,741 \|——\| M] ()—C:\Documents and Settings\Heidi\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2012.lnk [2012-08-16 09:05:34 \| 000,000,244 \|——\| M] ()—C:\WINDOWS\System32\PavCPL.dat [2012-08-16 08:56:33 \| 000,000,416 \| -H—\| M] ()—C:\WINDOWS\tasks\User_Feed_Synchronization-{579FD1B8-AC56-4393-B613-990F3547D46F}.job [2012-08-16 08:52:13 \| 000,000,514 \|——\| M] ()—C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b99d0b4b-7c71-4349-b1ad-25eec377c49a.job [2012-08-16 08:52:13 \| 000,000,514 \|——\| M] ()—C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 155d609a-63bd-46ee-a239-83eafd1f0c2f.job [2012-08-16 07:40:52 \| 000,001,657 \|——\| M] ()—C:\Documents and Settings\All Users\Skrivebord\SUPERAntiSpyware Free Edition.lnk [2012-08-16 07:39:57 \| 000,000,664 \|——\| M] ()—C:\WINDOWS\System32\d3d9caps.dat [2012-08-16 07:26:01 \| 000,000,027 \|——\| M] ()—C:\WINDOWS\System32\drivers\etc\hosts [2012-08-16 05:49:34 \| 000,040,776 \|——\| M] (Malwarebytes Corporation)—C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012-08-15 23:07:27 \| 000,000,769 \|——\| M] ()—C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk [2012-08-15 21:35:06 \| 000,195,368 \|——\| M] ()—C:\WINDOWS\System32\FNTCACHE.DAT [2012-08-15 21:10:50 \| 000,001,374 \|——\| M] ()—C:\WINDOWS\imsins.BAK [2012-08-15 21:10:30 \| 000,000,118 \|——\| M] ()—C:\WINDOWS\System32\MRT.INI [2012-08-15 20:19:27 \| 000,000,001 \|——\| M] ()—C:\Documents and Settings\Heidi\temp.dat [2012-08-15 18:39:00 \| 000,000,972 \|——\| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2856931144-146229035-2554457756-1004Core.job [2012-08-15 17:00:10 \| 000,000,314 \|——\| M] ()—C:\WINDOWS\tasks\SyncToyCmd.job [2012-08-15 06:40:39 \| 000,002,344 \|——\| M] ()—C:\Documents and Settings\Heidi\Skrivebord\Google Chrome.lnk [2012-08-15 06:40:39 \| 000,002,322 \|——\| M] ()—C:\Documents and Settings\Heidi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012-08-13 20:12:05 \| 000,000,278 \|——\| M] ()—C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012-08-13 09:16:04 \| 000,002,507 \|——\| M] ()—C:\Documents and Settings\All Users\Skrivebord\eJuice Me Up.lnk [2012-08-01 06:37:02 \| 000,012,022 \|——\| M] ()—C:\Documents and Settings\Heidi\Skrivebord\images.jpg [2012-07-28 09:56:28 \| 000,000,069 \|——\| M] ()—C:\WINDOWS\NeroDigital.ini [1 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] ========== Files Created - No Company Name ========== [2012-08-16 09:05:34 \| 000,001,741 \|——\| C] ()—C:\Documents and Settings\Heidi\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Antivirus Pro 2012.lnk [2012-08-16 09:05:34 \| 000,000,244 \|——\| C] ()—C:\WINDOWS\System32\PavCPL.dat [2012-08-16 07:41:19 \| 000,000,514 \|——\| C] ()—C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task b99d0b4b-7c71-4349-b1ad-25eec377c49a.job [2012-08-16 07:41:19 \| 000,000,514 \|——\| C] ()—C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 155d609a-63bd-46ee-a239-83eafd1f0c2f.job [2012-08-16 07:40:52 \| 000,001,657 \|——\| C] ()—C:\Documents and Settings\All Users\Skrivebord\SUPERAntiSpyware Free Edition.lnk [2012-08-16 07:36:00 \| 000,000,664 \|——\| C] ()—C:\WINDOWS\System32\d3d9caps.dat [2012-08-16 06:42:13 \| 000,256,000 \|——\| C] ()—C:\WINDOWS\PEV.exe [2012-08-16 06:42:13 \| 000,208,896 \|——\| C] ()—C:\WINDOWS\MBR.exe [2012-08-16 06:42:13 \| 000,098,816 \|——\| C] ()—C:\WINDOWS\sed.exe [2012-08-16 06:42:13 \| 000,080,412 \|——\| C] ()—C:\WINDOWS\grep.exe [2012-08-16 06:42:13 \| 000,068,096 \|——\| C] ()—C:\WINDOWS\zip.exe [2012-08-15 22:26:52 \| 000,000,769 \|——\| C] ()—C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk [2012-08-15 21:10:30 \| 000,000,118 \|——\| C] ()—C:\WINDOWS\System32\MRT.INI [2012-08-04 08:50:59 \| 000,002,507 \|——\| C] ()—C:\Documents and Settings\All Users\Skrivebord\eJuice Me Up.lnk [2012-08-01 06:37:34 \| 000,012,022 \|——\| C] ()—C:\Documents and Settings\Heidi\Skrivebord\images.jpg [2012-07-15 12:25:19 \| 000,024,880 \|——\| C] ()—C:\WINDOWS\System32\drivers\OXUDIDRV_x32.sys [2012-06-05 09:17:04 \| 000,000,218 \|——\| C] ()—C:\Documents and Settings\Heidi\.recently-used.xbel [2012-06-04 08:36:20 \| 000,001,808 \|——\| C] ()—C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\GGG.sm [2012-06-04 08:36:12 \| 000,000,386 \|——\| C] ()—C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\12.1.4sm [2012-05-23 19:06:12 \| 000,000,000 \|——\| C] ()—C:\WINDOWS\ViewNX2.INI [2012-05-22 15:29:09 \| 000,000,268 \| RH—\| C] ()—C:\Documents and Settings\All Users\Application Data\CMMs [2012-05-22 15:29:09 \| 000,000,268 \| RH—\| C] ()—C:\Documents and Settings\All Users\Application Data\Calibrators [2012-05-22 15:29:09 \| 000,000,268 \| RH—\| C] ()—C:\Documents and Settings\All Users\Application Data\Caches [2012-05-22 15:29:09 \| 000,000,268 \| RH—\| C] ()—C:\Documents and Settings\Heidi\Application Data\Bundle [2012-05-22 15:29:09 \| 000,000,268 \| RH—\| C] ()—C:\Documents and Settings\Heidi\Application Data\Bubble Noise [2012-05-22 15:29:09 \| 000,000,020 \| -H—\| C] ()—C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT [2012-05-22 15:29:09 \| 000,000,020 \| -H—\| C] ()—C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT [2012-05-22 15:29:09 \| 000,000,020 \| -H—\| C] ()—C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT [2012-05-16 22:24:50 \| 000,110,392 \|——\| C] ()—C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat [2012-02-16 16:38:06 \| 000,003,072 \|——\| C] ()—C:\WINDOWS\System32\iacenc.dll [2011-07-31 10:29:10 \| 000,000,151 \|——\| C] ()—C:\WINDOWS\PhotoSnapViewer.INI [2010-12-23 01:33:22 \| 002,185,696 \|——\| C] ()—C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\WPFFontCache_v0400-S-1-5-21-2856931144-146229035-2554457756-1004-0.dat [2010-12-23 01:33:21 \| 000,168,526 \|——\| C] ()—C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\WPFFontCache_v0400-System.dat [2010-12-14 08:53:27 \| 000,000,024 \|——\| C] ()—C:\WINDOWS\System32\sysogg.dll [2010-12-14 08:51:32 \| 000,233,472 \|——\| C] ()—C:\WINDOWS\System32\lame_enc.dll [2010-11-02 09:19:14 \| 000,524,288 \|——\| C] ()—C:\WINDOWS\System32\xvidcore.dll [2010-11-02 09:19:14 \| 000,139,264 \|——\| C] ()—C:\WINDOWS\System32\xvidvfw.dll [2010-11-02 07:48:58 \| 000,000,038 \| -HS- \| C] ()—C:\WINDOWS\camcodec100.ini [2010-11-02 07:48:58 \| 000,000,028 \| -HS- \| C] ()—C:\WINDOWS\lagarith.ini [2010-11-02 07:48:30 \| 000,027,648 \|——\| C] ()—C:\WINDOWS\System32\AVSredirect.dll [2010-07-20 11:36:30 \| 000,002,288 \|——\| C] ()—C:\Documents and Settings\Heidi\test.prx [2010-06-14 14:16:33 \| 000,000,063 \|——\| C] ()—C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\phone_update_wizard.ini [2010-02-09 09:06:12 \| 000,008,627 \|——\| C] ()—C:\Documents and Settings\Heidi\PAV_FOG.OPC [2009-11-16 15:46:01 \| 000,000,074 \|——\| C] ()—C:\Documents and Settings\Heidi\default.pls [2009-07-07 17:19:26 \| 000,000,760 \|——\| C] ()—C:\Documents and Settings\Heidi\Application Data\setup_ldm.iss [2009-02-24 18:01:06 \| 000,000,680 \|——\| C] ()—C:\Documents and Settings\Heidi\WebScarab.properties [2008-11-18 12:39:13 \| 000,000,001 \|——\| C] ()—C:\Documents and Settings\Heidi\temp.dat [2008-08-14 08:20:10 \| 000,000,134 \|——\| C] ()—C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\fusioncache.dat [2008-07-20 20:28:01 \| 000,083,968 \|——\| C] ()—C:\Documents and Settings\Heidi\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008-05-28 09:54:22 \| 000,000,012 \|——\| C] ()—C:\Documents and Settings\Heidi\intlname.ols ========== LOP Check ========== [2010-11-02 09:21:48 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\Axara [2009-05-17 16:43:57 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\BVRP Software [2012-05-22 15:29:09 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\EnterNHelp [2012-02-04 11:26:17 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\GARMIN [2009-04-22 07:08:15 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\Grasssoft [2008-05-15 14:45:37 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\IM [2008-05-15 14:45:08 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\IncrediMail [2009-07-24 07:51:32 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\Installations [2010-11-02 11:45:27 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2012-05-23 07:30:08 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\Nikon [2012-08-16 09:05:07 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\Panda Security [2009-07-24 08:02:23 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\PC Suite [2011-07-01 09:58:23 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator [2012-05-22 15:29:09 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\Podcasting [2012-05-22 15:29:09 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\PrintsService [2012-05-22 15:29:09 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\Repeat Routines [2008-05-15 15:29:16 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\ScanSoft [2008-05-15 14:25:13 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\sentinel [2008-06-24 14:35:55 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\TomTom [2008-05-15 15:51:10 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\UDL [2012-05-22 15:29:09 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2009-03-23 22:29:04 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2011-07-05 11:40:29 \| 000,000,000 \| -H-D \| M]—C:\Documents and Settings\All Users\Application Data\{7FF25028-8D8E-437E-ABB9-51CDAB0A0303} [2009-07-29 20:07:17 \| 000,000,000 \| -H-D \| M]—C:\Documents and Settings\All Users\Application Data\{BE1D7187-C39B-4B11-9EBD-9D19FAE66E65} [2010-11-02 09:19:52 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\Axara [2010-11-02 08:20:03 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\BabylonToolbar [2008-06-08 16:19:13 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\BitZipper [2009-04-28 17:07:57 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\CheckPoint [2008-05-15 17:11:34 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\Cryptomathic [2011-10-16 18:15:34 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\EPSON [2012-08-07 06:55:30 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\GARMIN [2009-03-10 10:18:00 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\Grasssoft [2008-05-28 18:06:06 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\gtk-2.0 [2012-06-03 14:24:23 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\inkscape [2010-01-11 12:00:22 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\ISL Online Cache [2009-07-07 17:19:42 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\Leadertech [2010-07-20 11:57:34 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\NCH Swift Sound [2012-05-23 19:06:00 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\Nikon [2009-07-28 10:36:25 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\Nokia [2012-08-16 09:05:07 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\Panda Security [2009-10-12 10:05:50 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\PBS [2009-12-07 21:17:53 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\PC Suite [2011-08-29 18:26:11 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\PhotoScape [2008-11-24 14:12:16 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\Politiken [2011-12-11 17:44:47 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heid
[ Ignorer ] [ # 10 ] delfin29
16.08.2012 10:20:40 Antal indlæg: 15	2008-10-17 09:39:50 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\ScanSoft [2008-05-19 10:52:33 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\Smart Panel [2010-06-16 08:23:48 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\Sony [2012-08-15 16:07:27 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\TeamViewer [2008-06-24 14:35:51 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings\Heidi\Application Data\TomTom [2010-08-03 21:18:06 \| 000,000,292 \|——\| M] ()—C:\WINDOWS\Tasks\expressburnShakeIcon.job [2012-08-16 08:52:13 \| 000,000,514 \|——\| M] ()—C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 155d609a-63bd-46ee-a239-83eafd1f0c2f.job [2012-08-16 08:52:13 \| 000,000,514 \|——\| M] ()—C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task b99d0b4b-7c71-4349-b1ad-25eec377c49a.job [2012-08-15 17:00:10 \| 000,000,314 \|——\| M] ()—C:\WINDOWS\Tasks\SyncToyCmd.job [2012-08-16 08:56:33 \| 000,000,416 \| -H—\| M] ()—C:\WINDOWS\Tasks\User_Feed_Synchronization-{579FD1B8-AC56-4393-B613-990F3547D46F}.job [2012-08-16 09:48:16 \| 000,000,336 \|——\| M] ()—C:\WINDOWS\Tasks\Windows Codec Update Service.job ========== Purity Check ==========
[ Ignorer ] [ # 11 ] delfin29
16.08.2012 10:21:33 Antal indlæg: 15	========== Custom Scans ========== < @ > < /md5stop > Invalid Switch: md5stop < %SYSTEMDRIVE%\. > [2008-04-29 15:15:31 \| 000,000,000 \|——\| M] ()—C:\AUTOEXEC.BAT [2010-10-28 11:13:31 \| 000,000,212 \| RHS- \| M] ()—C:\boot.ini [2006-03-02 14:00:00 \| 000,004,952 \| RHS- \| M] ()—C:\Bootfont.bin [2008-04-29 15:15:31 \| 000,000,000 \|——\| M] ()—C:\CONFIG.SYS [2000-09-24 13:03:52 \| 000,000,388 \|——\| M] ()—C:\file_id.diz [2000-09-24 13:08:16 \| 000,004,750 \|——\| M] ()—C:\fosi.nfo [2008-04-29 17:08:58 \| 000,004,128 \|——\| M] ()—C:\INFCACHE.1 [2008-04-29 15:15:31 \| 000,000,000 \| RHS- \| M] ()—C:\IO.SYS [2008-05-16 11:37:05 \| 002,667,068 \|——\| M] ()—C:\IS.log [2008-04-29 15:15:31 \| 000,000,000 \| RHS- \| M] ()—C:\MSDOS.SYS [2008-04-13 09:43:04 \| 000,047,564 \| RHS- \| M] ()—C:\NTDETECT.COM [2008-04-13 11:31:50 \| 000,250,576 \| RHS- \| M] ()—C:\ntldr [2012-08-16 09:19:48 \| 2145,386,496 \| -HS- \| M] ()—C:\pagefile.sys [2007-01-23 22:47:34 \| 000,092,354 \|——\| M] ()—C:\setupxp.htm [2008-10-01 12:18:29 \| 000,000,268 \| -H—\| M] ()—C:\sqmdata00.sqm [2008-10-01 20:41:20 \| 000,000,172 \| -H—\| M] ()—C:\sqmdata01.sqm [2008-10-10 06:51:46 \| 000,000,268 \| -H—\| M] ()—C:\sqmdata02.sqm [2008-11-06 08:49:47 \| 000,000,268 \| -H—\| M] ()—C:\sqmdata03.sqm [2008-12-08 18:13:03 \| 000,000,268 \| -H—\| M] ()—C:\sqmdata04.sqm [2008-10-01 12:18:29 \| 000,000,244 \| -H—\| M] ()—C:\sqmnoopt00.sqm [2008-10-01 20:41:20 \| 000,000,172 \| -H—\| M] ()—C:\sqmnoopt01.sqm [2008-10-10 06:51:46 \| 000,000,244 \| -H—\| M] ()—C:\sqmnoopt02.sqm [2008-11-06 08:49:47 \| 000,000,244 \| -H—\| M] ()—C:\sqmnoopt03.sqm [2008-12-08 18:13:03 \| 000,000,244 \| -H—\| M] ()—C:\sqmnoopt04.sqm [2008-02-23 13:10:56 \| 000,035,706 \|——\| M] ()—C:\vigtigt.htm [2008-04-14 10:17:06 \| 000,000,002 \|——\| M] ()—C:\win51ip.SP3 < %SYSTEMDRIVE%\*. > [2010-06-23 07:28:23 \| 000,000,000 \|—-D \| M]—C:\22849baf6d0d93850132ab [2009-08-14 21:02:53 \| 000,000,000 \|—-D \| M]—C:\3facb5a8709facde2771cf2ccbf0c4c0 [2010-07-01 19:13:47 \| 000,000,000 \|—-D \| M]—C:\Account4U [2011-12-11 17:44:38 \| 000,000,000 \|—-D \| M]—C:\AllSharePhotoSlide [2008-05-15 15:31:28 \| 000,000,000 \|—-D \| M]—C:\Brother [2008-04-30 00:01:45 \| 000,000,000 \|—-D \| M]—C:\cmpnents [2012-08-16 07:27:44 \| 000,000,000 \|—-D \| M]—C:\ComboFix [2008-04-30 00:01:46 \| 000,000,000 \|—-D \| M]—C:\docs [2008-05-15 13:48:27 \| 000,000,000 \|—-D \| M]—C:\Documents and Settings [2011-12-11 17:44:57 \| 000,000,000 \|—-D \| M]—C:\Download [2008-05-18 10:18:46 \| 000,000,000 \|—-D \| M]—C:\Downloads [2011-06-15 15:08:22 \| 000,000,000 \|—-D \| M]—C:\Garmin [2008-04-29 15:25:53 \| 000,000,000 \|—-D \| M]—C:\Intel [2009-06-08 11:51:43 \| 000,000,000 \|—-D \| M]—C:\Kuszon [2008-05-15 14:16:45 \| 000,000,000 \| R—D \| M]—C:\MSOCache [2012-07-15 12:25:09 \| 000,000,000 \|—-D \| M]—C:\Program Files [2012-08-16 09:05:07 \| 000,000,000 \| R—D \| M]—C:\Programmer [2012-08-16 07:24:35 \| 000,000,000 \|—-D \| M]—C:\Qoobox [2008-04-30 00:02:37 \| 000,000,000 \|—-D \| M]—C:\support [2008-05-15 13:48:19 \| 000,000,000 \| -HSD \| M]—C:\System Volume Information [2010-07-21 16:13:59 \| 000,000,000 \|—-D \| M]—C:\Temp [2008-05-15 15:04:25 \| 000,000,000 \|—-D \| M]—C:\TrueLink [2010-10-23 19:17:09 \| 000,000,000 \|—-D \| M]—C:\unisecur [2008-04-30 00:02:37 \| 000,000,000 \|—-D \| M]—C:\valueadd [2012-05-22 15:25:36 \| 000,000,000 \|—-D \| M]—C:\vc_temp [2012-08-16 09:23:36 \| 000,000,000 \|—-D \| M]—C:\WINDOWS < > < > < End of report >
[ Ignorer ] [ # 12 ] delfin29
16.08.2012 10:22:08 Antal indlæg: 15	OTL Extras logfile created on: 16-08-2012 09:55:53 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Heidi\Skrivebord Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 3,23 Gb Total Physical Memory \| 2,26 Gb Available Physical Memory \| 69,98% Memory free 5,07 Gb Paging File \| 3,78 Gb Available in Paging File \| 74,62% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Programmer Drive C: \| 232,88 Gb Total Space \| 66,69 Gb Free Space \| 28,64% Space Free \| Partition Type: NTFS Computer Name: KONTOR \| User Name: Heidi \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Quick Scan Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile]—rundll32.exe shell32.dll,Control_RunDLL “%1”,%* .js [@ = JSFile]—C:\Programmer\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.) .jse [@ = JSEFile]—C:\Programmer\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.) .vbe [@ = VBEFile]—C:\Programmer\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.) .vbs [@ = VBSFile]—C:\Programmer\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.) .wsf [@ = WSFFile]—C:\Programmer\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.) .wsh [@ = WSHFile]—C:\Programmer\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open]—“%1” %* cmdfile [open]—“%1” %* comfile [open]—“%1” %* cplfile [cplopen]—rundll32.exe shell32.dll,Control_RunDLL “%1”,%* exefile [open]—“%1” %* jsfile [open]—C:\PROGRA~1\PANDAS~1\PANDAA~1\PavScrip.exe “%1” %* (Panda Security, S.L.) jsefile [open]—C:\PROGRA~1\PANDAS~1\PANDAA~1\PavScrip.exe “%1” %* (Panda Security, S.L.) piffile [open]—“%1” %* regfile [merge]—Reg Error: Key error. scrfile [config]—“%1” scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open]—“%1” /S txtfile [edit]—Reg Error: Key error. vbefile [open]—C:\PROGRA~1\PANDAS~1\PANDAA~1\PavScrip.exe “%1” %* (Panda Security, S.L.) vbsfile [open]—C:\PROGRA~1\PANDAS~1\PANDAA~1\PavScrip.exe “%1” %* (Panda Security, S.L.) wsffile [open]—C:\PROGRA~1\PANDAS~1\PANDAA~1\PavScrip.exe “%1” %* (Panda Security, S.L.) wshfile [open]—C:\PROGRA~1\PANDAS~1\PANDAA~1\PavScrip.exe “%1” %* (Panda Security, S.L.) Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Elgiganten fotoservice]—“C:\Programmer\elgiganten_fotoservice_4.5\Elgiganten fotoservice\Elgiganten fotoservice.exe” “%1” () Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open]—%SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore]—%SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] “FirstRunDisabled” = 1 “AntiVirusDisableNotify” = 0 “FirewallDisableNotify” = 0 “UpdatesDisableNotify” = 0 “AntiVirusOverride” = 0 “FirewallOverride” = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] “DisableMonitoring” = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] “DisableSR” = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] “Start” = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] “Start” = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] “139:TCP” = 139:TCP::Enabled:@xpsp2res.dll,-22004 “445:TCP” = 445:TCP::Enabled:@xpsp2res.dll,-22005 “137:UDP” = 137:UDP::Enabled:@xpsp2res.dll,-22001 “138:UDP” = 138:UDP::Enabled:@xpsp2res.dll,-22002 “3389:TCP” = 3389:TCP::Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] “EnableFirewall” = 1 “DoNotAllowExceptions” = 0 “DisableNotifications” = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] “139:TCP” = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 “445:TCP” = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 “137:UDP” = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 “138:UDP” = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 “3389:TCP” = 3389:TCP::Enabled:@xpsp2res.dll,-22009 “54925:UDP” = 54925:UDP::Enabled:Brother Scanner “137:TCP” = 137:TCP::Enabled:Brother Scan “54010:TCP” = 54010:TCP::Enabled:Samsung AllShare SlideShow Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] “C:\Programmer\IncrediMail\bin\ImApp.exe” = C:\Programmer\IncrediMail\bin\ImApp.exe::Enabled:IncrediMail—(IncrediMail, Ltd.) “C:\Programmer\IncrediMail\bin\IncMail.exe” = C:\Programmer\IncrediMail\bin\IncMail.exe::Enabled:IncrediMail—(IncrediMail, Ltd.) “C:\Programmer\IncrediMail\bin\ImpCnt.exe” = C:\Programmer\IncrediMail\bin\ImpCnt.exe::Enabled:IncrediMail—(IncrediMail, Ltd.) “C:\Programmer\Sony Ericsson\Update Service\Update Service.exe” = C:\Programmer\Sony Ericsson\Update Service\Update Service.exe::Enabled:Update Service—() “C:\Programmer\Java\jre6\bin\java.exe” = C:\Programmer\Java\jre6\bin\java.exe::Enabled:Java(TM) Platform SE binary—(Sun Microsystems, Inc.) “C:\Programmer\Fælles filer\Ahead\Nero Web\SetupX.exe” = C:\Programmer\Fælles filer\Ahead\Nero Web\SetupX.exe::Enabled:Nero ProductSetup—(Nero AG) “C:\Programmer\Google\Google Earth\client\googleearth.exe” = C:\Programmer\Google\Google Earth\client\googleearth.exe::Enabled:Google Earth—(Google) “C:\Documents and Settings\Heidi\Lokale indstillinger\Temporary Internet Files\Content.IE5\D8VBE12H\VideoConverter_Setup[1].exe” = C:\Documents and Settings\Heidi\Lokale indstillinger\Temporary Internet Files\Content.IE5\D8VBE12H\VideoConverter_Setup[1].exe::Enabled:Video Converter “C:\Documents and Settings\Heidi\Lokale indstillinger\Temporary Internet Files\Content.IE5\FHAKY6FW\VideoConverter_Setup[1].exe” = C:\Documents and Settings\Heidi\Lokale indstillinger\Temporary Internet Files\Content.IE5\FHAKY6FW\VideoConverter_Setup[1].exe::Enabled:Video Converter “C:\Programmer\Samsung\AllShare\AllShareDMS\AllShareDMS.exe” = C:\Programmer\Samsung\AllShare\AllShareDMS\AllShareDMS.exe::Enabled:Samsung AllShare Service—(Samsung Electronics Co., Ltd.) “C:\Programmer\Samsung\AllShare\AllShare.exe” = C:\Programmer\Samsung\AllShare\AllShare.exe::Enabled:Samsung AllShare Player—(Samsung Electronics Co., Ltd.) “C:\Programmer\Samsung\AllShare\AllShareAgent.exe” = C:\Programmer\Samsung\AllShare\AllShareAgent.exe::Enabled:Samsung AllShare Agent—(Samsung Electronics Co., Ltd.) “C:\Documents and Settings\Heidi\Application Data\Spotify\spotify.exe” = C:\Documents and Settings\Heidi\Application Data\Spotify\spotify.exe::Enabled:Spotify “C:\Programmer\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe” = C:\Programmer\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe:*:Enabled:Panda permanent protection—(Panda Security, S.L.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “{0059ECD1-BB50-41CF-B729-0958A120F152}” = Windows Live Messenger “{04FCD5DE-1662-4F99-BDA9-C57212113EF2}” = RemoteComms External Disk Access “{0C826C5B-B131-423A-A229-C71B3CACCD6A}” = CDDRV_Installer “{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}” = Garmin Lifetime Updater “{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}” = PlayStation(R)Store “{109D28C7-FB38-483A-9C91-001CB59E2699}” = EPSON CardMonitor “{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}” = Primo “{162B71B8-8464-4680-A086-601D555B331D}” = Apple Mobile Device Support “{18DB3375-0649-4EA3-959A-44F1ACD278BA}” = IncrediMail “{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}” = YouTube Downloader 2.6.3 “{1AC30EF0-7CC5-45BC-9C1E-2468EBC7BBB0}” = Update Service “{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1” = GPSBabel 1.4.2 “{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 “{205C6BDD-7B73-42DE-8505-9A093F35A238}” = Overførselsværktøj til Windows Live “{212748BB-0DA5-46DE-82A1-403736DC9F27}” = MSVC80_x86 “{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}” = MSVCRT “{23B59ED4-C360-11D7-875B-0090CC005647}” = EPSON PRINT Image Framer Tool2.1 “{26A24AE4-039D-4CA4-87B4-2F83216031FF}” = Java(TM) 6 Update 31 “{28107FBC-832A-4E18-9C9D-4E771B441F69}” = eJuice Me Up “{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}” = Garmin Training Center “{2EBC07F5-4898-4D76-988F-773A07CFC63F}” = GlobeTrotter Connect “{2FFE93F0-BB72-4E52-8761-354D1AAA9387}” = Sony Ericsson PC Suite 6.011.00 “{3101CB58-3482-4D21-AF1A-7057FC935355}” = KhalInstallWrapper “{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}” = Windows Live Communications Platform “{3248F0A8-6813-11D6-A77B-00B0D0160050}” = Java(TM) 6 Update 5 “{3248F0A8-6813-11D6-A77B-00B0D0160070}” = Java(TM) 6 Update 7 “{336D0C35-8A85-403a-B9D2-65C292C39087}_is1” = Web Assistant 2.0.0.441 “{350C9406-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP “{362B3467-5AB3-4400-939F-09F6BF5522E0}” = Politikens Tysk-Dansk Dansk-Tysk Ordbog “{3C3901C5-3455-3E0A-A214-0B093A5070A6}” = Microsoft .NET Framework 4 Client Profile “{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}” = erLT “{41A00174-B4EA-4E79-9CAF-DC118A878B92}” = Garmin City Navigator Europe NT 2012.10 Update “{470F16F3-4F15-4D30-B411-28F8706B24E8}” = Politikens Nudansk Ordbog “{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater “{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}” = Media Go “{57752979-A1C9-4C02-856B-FBB27AC4E02C}” = QuickTime “{590B11BB-7FF9-4D4F-A9E8-E8165BF88381}” = Panda Antivirus Pro 2010 “{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}” = Google Earth “{65F5B7AF-3363-11D7-BB6B-00018021113F}” = EPSON PhotoQuicker3.5 “{66C8BE35-8BBB-472B-96C7-C7C9A499F988}” = PhotoImpression 5 “{67EDD823-135A-4D59-87BD-950616D6E857}” = EPSON Copy Utility 3 “{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}” = PowerDVD “{6956856F-B6B3-4BE0-BA0B-8F495BE32033}” = Apple Software Update “{6C11D561-620B-47DA-A693-4C597F3CDF40}” = EPSON Smart Panel “{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable “{71C97545-E547-4A8B-B0C8-61FF853270AC}” = PaperPort “{71FD03B5-E653-4CB8-9B56-A466ABC9FCA9}” = Brother MFL-Pro Suite “{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}” = Nokia PC Suite “{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}” = Avanquest update “{770657D0-A123-3C07-8E44-1C83EC895118}” = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 “{788A0222-5690-4212-AA9C-C48FD0E1C9AE}” = Photo Notifier and Animation Creator “{78ABD478-3EAF-4CFE-BA62-B5CD5143F922}” = WinPCSIGN Basic 2012 “{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}” = PIF DESIGNER2.1 “{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}” = EPSON Web-To-Page “{82427977-8776-4087-90CA-9F65174D3C4D}” = Nokia Connectivity Cable Driver “{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable “{84814E6B-2581-46EC-926A-823BD1C670F6}” = WIDCOMM Bluetooth Software “{87441A59-5E64-4096-A170-14EFE67200C3}” = Picture Control Utility “{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight “{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}” = Digital Signatur “{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}” = TomTom HOME Visual Studio Merge Modules “{90120000-0020-0409-0000-0000000FF1CE}” = Compatibility Pack for the 2007 Office system “{90140000-2005-0000-0000-0000000FF1CE}” = Microsoft Office File Validation Add-In “{90849E84-F026-4638-A184-E6FCFD472C34}” = Brother Software “{91120406-6000-11D3-8CFE-0150048383C9}” = Microsoft Office Standard Edition 2003 “{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}” = Brother MFL-Pro Suite “{93864EDB-C183-4570-A0D3-ED6F4E01398F}” = Update service “{95120000-00B9-0409-0000-0000000FF1CE}” = Microsoft Application Error Reporting “{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 “{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 “{9F020EB5-95A5-4762-94A2-A889B27BEF63}” = NemID “{A0C39D92-DEB9-434E-9F1A-2A4AEFB0EB86}” = Panda Antivirus Pro 2012 “{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}” = Segoe UI “{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}” = Microsoft .NET Framework 3.0 Service Pack 2 “{A498D9EB-927B-459B-85D6-DD6EF8C2C564}” = erLT “{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper “{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}” = Garmin USB Drivers “{AC76BA86-1053-DF00-BA7E-000000000003}” = Adobe Acrobat 8 Standard - Svenska, Dansk, Suomi “{AC76BA86-7AD7-1030-7B44-AA1000000001}” = Adobe Reader X (10.1.4) - Dansk “{AD0E23A6-7257-44FF-AAEC-2DE8592A5398}” = WinPCSIGN Basic 2012 “{ADD9E56D-2DD8-448A-8887-B3AF76AB1030}” = Nero 7 Essentials “{B014EE44-9197-4513-9613-71E6EB1B514E}” = Nikon Message Center 2 “{B1A820F9-9F85-4513-B601-A998FC1AFDA0}” = Politikens Engelsk-Dansk Dansk-Engelsk Ordbog “{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1” = Panda Secure Vault 5 “{B2544A03-10D0-4E5E-BA69-0362FFC20D18}” = OGA Notifier 2.0.0048.0 “{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}” = PlayStation(R)Network Downloader “{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}” = PC Connectivity Solution “{C07B86C3-1816-4C59-927E-0287925DFB96}” = Garmin City Navigator Europe NT 2010 Update “{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}” = Microsoft .NET Framework 2.0 Service Pack 2 “{C26B06A9-27BB-45B0-9873-9C623EC2BA38}” = iTunes “{C48817E7-AA05-4151-A99D-1E1E550CE801}” = EPSON PhotoStarter3.1 “{C6AC092B-BA9D-4DE9-B05B-38D29EB3C9CF}” = Brother P-touch Editor Version 4.1 “{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb” = Microsoft Automated Troubleshooting Services Shim “{CB146A86-E375-4F38-9ACE-7AF1E4256768}” = Microsoft® C5 “{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1 “{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}” = SUPERAntiSpyware “{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}” = Microsoft .NET Framework 3.5 SP1 “{D203AE01-C8EB-43D8-A5C5-DCF891446FEA}” = Windows Live Essentials “{D5068583-D569-468B-9755-5FBF5848F46F}” = Sony Picture Utility “{DABF43D9-1104-4764-927B-5BED1274A3B0}” = Runtime “{DDD62492-32A7-412B-8AF1-2CF032AD42E3}” = ViewNX 2 “{DF47ACA3-7C78-4C08-8007-AC682563C9F1}” = Samsung AllShare “{E2019D64-E819-3B4F-9C85-95BE2688ABF9}” = Microsoft .NET Framework 4 Client Profile DAN Language Pack “{E55FB276-73C9-4776-AB53-BC028C0509ED}” = Panda Antivirus Pro 2012 “{E80F9ABB-618D-4B9E-9EA0-5BF6A7C2FE9D}” = Tilmeldingsassistent til Windows Live “{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}” = ScanToWeb “{EE6097DD-05F4-4178-9719-D3170BF098E8}” = Apple Application Support “{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}” = Skype™ 5.10 “{EFD1EBBD-2879-416A-875C-770DDD04BB47}” = OPTAC Fleet Viewer “{EFF87108-C9D0-43F1-BEE1-28DA87778F1A}” = Garmin Communicator Plugin “{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}” = Microsoft SQL Server 2005 Compact Edition [ENU] “{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}” = Microsoft Choice Guard “{F11806F4-0CF2-4CA6-AD7A-8E96F059B824}” = Microsoft .NET Framework 2.0 Language Pack - DAN “{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver “{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}” = Logitech SetPoint “{F3666943-0411-41D1-8015-8B572B6E91A7}” = SyncToy 2.0 Beta “{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}” = Garmin WebUpdater “504244733D18C8F63FF584AEB290E3904E791693” = Windows-driverpakke - Nokia pccsmcfd (08/22/2008 7.0.0.0) “98157A226B40B173301B0F53C8E98C47805D5152” = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) “Adobe Acrobat 8 Standard - Svenska, Dansk, Suomi” = Adobe Acrobat 8.1.5 Standard “Adobe Acrobat 8 Standard - Svenska, Dansk, Suomi_815” = Adobe Acrobat 8.1.5 - CPSID_49013 “Adobe Flash Player ActiveX” = Adobe Flash Player 11 ActiveX “Adobe Flash Player Plugin” = Adobe Flash Player 11 Plugin “Adobe Photoshop 6.0” = Adobe Photoshop 6.0 “Adobe SVG Viewer” = Adobe SVG Viewer “Axara Video Converter_is1” = Axara Video Converter 3.5.6 “Bubble Shooter” = Bubble Shooter (remove only) “Creative PD0870” = Creative WebCam Live! Motion Driver (1.00.08.00) “Creative Photo Manager” = Creative Photo Manager “Creative WebCam Center” = Creative WebCam Center “Creative WebCam Live! Motion User’s Guide English” = Creative WebCam Live! Motion User’s Guide (English) “D978F69D5F15B845BD6BC6F8BF9BCD36982A2087” = Windows-driverpakke - Nokia Modem (02/24/2009 4.0) “Digital Signatur” = Digital Signatur “E7F682214B951640C9C539C41FDA1A7F836FF7B6” = Windows-driverpakke - Nokia Modem (02/23/2009 7.01.0.2) “Elgiganten fotoservice” = Elgiganten fotoservice “EPSON Printer and Utilities” = EPSON-printersoftware “EPSON Scanner” = EPSON Scan “ESPRX620 Series Brugervejledning” = ESPRX620 Series Brugervejledning “ESPRX620-softwaremanual” = ESPRX620-softwaremanual “ExpressBurn” = Express Burn Disc Burning Software “Face Tracking Utility” = Face Tracking Utility “Google Calendar Sync” = Google Calendar Sync “HDMI” = Intel(R) Graphics Media Accelerator Driver “IDNMitigationAPIs” = Microsoft Internationalized Domain Names Mitigation APIs “ie7” = Windows Internet Explorer 7 “ie8” = Windows Internet Explorer 8 “IncrediMail” = IncrediMail 2.0 “Inkscape” = Inkscape 0.48.2 “InstallShield_{C6AC092B-BA9D-4DE9-B05B-38D29EB3C9CF}” = Brother P-touch Editor Version 4.1 “InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}” = Samsung AllShare “Malwarebytes’ Anti-Malware_is1” = Malwarebytes Anti-Malware version 1.62.0.1300 “Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1 “Microsoft .NET Framework 2.0 Language Pack - DAN” = Microsoft .NET Framework 2.0 Language Pack - DAN “Microsoft .NET Framework 3.5 SP1” = Microsoft .NET Framework 3.5 SP1 “Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile “Microsoft .NET Framework 4 Client Profile DAN Language Pack” = Microsoft .NET Framework 4 Client Profile DAN sprogpakke “Mozilla Firefox (3.5.9)” = Mozilla Firefox (3.5.9) “MP3 Converter Simple” = MP3 Converter Simple “MSCompPackV1” = Microsoft Compression Client Pack 1.0 for Windows XP “Multidata chipkort software” = Multidata chipkort software “NemID” = NemID “NLSDownlevelMapping” = Microsoft National Language Support Downlevel APIs “Nokia PC Suite” = Nokia PC Suite “Pan and Tilt Control” = Pan and Tilt Control “Photo Notifier and Animation Creator” = Photo Notifier and Animation Creator “PhotoScape” = PhotoScape “PROSet” = Intel(R) PRO Network Connections Drivers “TomTom HOME” = TomTom HOME 2.6.2.1586 “TrueLink” = TrueLink Client “Update Service” = Update Service “Wdf01005” = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 “Wdf01007” = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 “Windows Essentials Media Codec Pack” = Windows Essentials Media Codec Pack 3.0 [32-Bit] “Windows Media Format Runtime” = Windows Media Format 11 runtime “Windows Media Player” = Windows Media Player 11 “WinLiveSuite_Wave3” = Windows Live Essentials “Wisdom-soft ScreenHunter 5.0 Free” = Wisdom-soft ScreenHunter 5.0 Free “WMFDist11” = Windows Media Format 11 runtime “wmp11” = Windows Media Player 11 “Wudf01005” = Microsoft User-Mode Driver Framework Feature Pack 1.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “Google Chrome” = Google Chrome “TrueLink” = TrueLink “Truelink service” = Truelink service ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15-08-2012 10:39:30 \| Computer Name = KONTOR \| Source = Application Hang \| ID = 1002 Description = Stoppet program iexplore.exe, version 8.0.6001.18702, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 15-08-2012 10:40:00 \| Computer Name = KONTOR \| Source = Application Hang \| ID = 1002 Description = Stoppet program iexplore.exe, version 8.0.6001.18702, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 15-08-2012 10:40:23 \| Computer Name = KONTOR \| Source = Application Hang \| ID = 1002 Description = Stoppet program iexplore.exe, version 8.0.6001.18702, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 15-08-2012 10:42:39 \| Computer Name = KONTOR \| Source = Application Hang \| ID = 1002 Description = Stoppet program iexplore.exe, version 8.0.6001.18702, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 15-08-2012 15:01:17 \| Computer Name = KONTOR \| Source = MsiInstaller \| ID = 11719 Description = Produkt: Microsoft Office Standard Edition 2003—Fejl 1719. Der kunne ikke opnås adgang til tjenesten Windows Installer. Dette kan ske, hvis Windows Installer er installeret forkert. Kontakt din supportafdeling for at få hjælp. Error - 15-08-2012 15:01:17 \| Computer Name = KONTOR \| Source = MsiInstaller \| ID = 1024 Description = Produkt: Microsoft Office Standard Edition 2003 - Opdateringen ‘Update for Outlook 2003 Junk E-mail Filter (KB2687403): OUTLFLTR’ kunne ikke installeres. Fejlkode 1603. Windows Installer kan oprette logfiler som hjælp til fejlfinding af problemer ved installation af softwarepakker. Brug følgende link for at få oplysninger om, hvordan logføring slås til: http://go.microsoft.com/fwlink/?LinkId=23127 Error - 15-08-2012 17:28:03 \| Computer Name = KONTOR \| Source = Application Hang \| ID = 1002 Description = Stoppet program iexplore.exe, version 8.0.6001.18702, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 15-08-2012 18:03:07 \| Computer Name = KONTOR \| Source = Application Hang \| ID = 1002 Description = Stoppet program mbam.exe, version 1.62.0.87, stoppet modul hungapp, version 0.0.0.0, stoppet adresse 0x00000000. Error - 16-08-2012 03:06:10 \| Computer Name = KONTOR \| Source = crypt32 \| ID = 131083 Description = Udpakning af tredjepartsrodliste fra automatisk opdaterings-cab-fil på <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> mislykkedes med fejlen Et krævet certifikat er ikke inden for gyldighedsperioden, når der godkendes med det aktuelle systemklokkeslæt eller tidsstemplet i den signerede fil. Error - 16-08-2012 03:06:10 \| Computer Name = KONTOR \| Source = crypt32 \| ID = 131083 Description = Udpakning af tredjepartsrodliste fra automatisk opdaterings-cab-fil på <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> mislykkedes med fejlen Et krævet certifikat er ikke inden for gyldighedsperioden, når der godkendes med det aktuelle systemklokkeslæt eller tidsstemplet i den signerede fil. [ System Events ] Error - 16-08-2012 01:04:37 \| Computer Name = KONTOR \| Source = DCOM \| ID = 10005 Description = Fejlen “84” opstod på DCOM under forsøg på at starte tjenesten EventSystem med argumenterne “” for at køre serveren: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 16-08-2012 01:05:16 \| Computer Name = KONTOR \| Source = Service Control Manager \| ID = 7026 Description = Følgende boot-start- eller system-start-driver kunne ikke indlæses: ASPI32 Fips intelppm Error - 16-08-2012 01:07:42 \| Computer Name = KONTOR \| Source = DCOM \| ID = 10005 Description = Fejlen “84” opstod på DCOM under forsøg på at starte tjenesten StiSvc med argumenterne “” for at køre serveren: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Error - 16-08-2012 01:20:33 \| Computer Name = KONTOR \| Source = DCOM \| ID = 10005 Description = Fejlen “84” opstod på DCOM under forsøg på at starte tjenesten EventSystem med argumenterne “” for at køre serveren: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 16-08-2012 01:27:30 \| Computer Name = KONTOR \| Source = Service Control Manager \| ID = 7022 Description = Tjenesten Samsung AllShare PC hang ved start. Error - 16-08-2012 01:31:20 \| Computer Name = KONTOR \| Source = DCOM \| ID = 10005 Description = Fejlen “84” opstod på DCOM under forsøg på at starte tjenesten EventSystem med argumenterne “” for at køre serveren: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 16-08-2012 01:32:25 \| Computer Name = KONTOR \| Source = Service Control Manager \| ID = 7026 Description = Følgende boot-start- eller system-start-driver kunne ikke indlæses: ASPI32 Fips intelppm Error - 16-08-2012 02:50:47 \| Computer Name = KONTOR \| Source = DCOM \| ID = 10005 Description = Fejlen “84” opstod på DCOM under forsøg på at starte tjenesten EventSystem med argumenterne “” for at køre serveren: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 16-08-2012 02:54:39 \| Computer Name = KONTOR \| Source = Service Control Manager \| ID = 7022 Description = Tjenesten Samsung AllShare PC hang ved start. Error - 16-08-2012 03:23:38 \| Computer Name = KONTOR \| Source = Service Control Manager \| ID = 7022 Description = Tjenesten Samsung AllShare PC hang ved start. < End of report >
[ Ignorer ] [ # 13 ] delfin29
16.08.2012 10:22:39 Antal indlæg: 15	så sku det hele vidst være der
[ Ignorer ] [ # 14 ] Magic Spyhunter
16.08.2012 14:14:40 Administrator Supporter Emeritus Antal indlæg: 32083	Jep • Start OTL • Kopier nedenstånde med fed skrift ind i Custom Scan feltet :Services :OTL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB (Reg Error: Key error.) [2012-08-16 09:48:16 \| 000,000,336 \|——\| M] ()—C:\WINDOWS\tasks\Windows Codec Update Service.job [2012-08-16 09:39:07 \| 000,001,024 \|——\| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2856931144-146229035-2554457756-1004UA.job [2008-10-01 12:18:29 \| 000,000,268 \| -H—\| M] ()—C:\sqmdata00.sqm [2008-10-01 20:41:20 \| 000,000,172 \| -H—\| M] ()—C:\sqmdata01.sqm [2008-10-10 06:51:46 \| 000,000,268 \| -H—\| M] ()—C:\sqmdata02.sqm [2008-11-06 08:49:47 \| 000,000,268 \| -H—\| M] ()—C:\sqmdata03.sqm [2008-12-08 18:13:03 \| 000,000,268 \| -H—\| M] ()—C:\sqmdata04.sqm [2008-10-01 12:18:29 \| 000,000,244 \| -H—\| M] ()—C:\sqmnoopt00.sqm [2008-10-01 20:41:20 \| 000,000,172 \| -H—\| M] ()—C:\sqmnoopt01.sqm [2008-10-10 06:51:46 \| 000,000,244 \| -H—\| M] ()—C:\sqmnoopt02.sqm [2008-11-06 08:49:47 \| 000,000,244 \| -H—\| M] ()—C:\sqmnoopt03.sqm [2008-12-08 18:13:03 \| 000,000,244 \| -H—\| M] ()—C:\sqmnoopt04.sqm :Reg :Files ipconfig /flushdns /c C:\Documents and Settings\Heidi\Application Data\BabylonToolbar C:\Temp C:\vc_temp :Commands [purity] [resethosts] [CreateRestorePoint] [emptytemp] [EMPTYFLASH] [EMPTYJAVA] • Klik på Run Fix - Knappen • Hvis OTL spørger om at genstarte, så sig ja. • Klik på OK. • En log vil åbne, kopier den herind i dit næste svar. • • Ellers kan den findes her: • C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss Kør en ny scan med combofix. Opdater, hvis spurgt, send også denne log herind. Signatur Sund Computer fornuft
[ Ignorer ] [ # 15 ] delfin29
16.08.2012 14:54:34 Antal indlæg: 15	jeg kan slet ik køre OTL . har kopieret det indmed fed, og når jeg så klikker run fix, så går hele min pc i frys, og der blir den :-(

1 af 2

Næste