Spywarefri Forum | Melder mig i koret af incredibar inficerede medlemmer

Melder mig i koret af incredibar inficerede medlemmer

[ Ignorer ] hrs
09.09.2012 00:25:52 Antal indlæg: 17	Min laptop begyndte at køre besværet og langsomt osv. har kørt ad aware, som fandt 9 trusler, herunder et par trojanere. Er renset. Men men, så opdager jeg, at foruden babylon åbner mystart.incrediabr på nye faner. har kørt spybot, som siger at den er renset ud, men det er den ikke. Håber I kan hjælpe? Tillægsspørgsmål - kan den incredibar ting være årsagen til, at jeg får timeout på ftp? Mange hilsner Henrik
[ Ignorer ] [ # 1 ] Magic Spyhunter
09.09.2012 08:35:32 Administrator Supporter Emeritus Antal indlæg: 32210	Hej Hent: AdwCleaner af Xplode, og gem den på dit Skrivebord. Start AdwCleaner, og klik på “Search” Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator. Når scanningen er færdig, lukker du AdwCleaner. Den laver en logfil (AdwCleaner[R1].txt) som du skal kopiere herind i næste indlæg. Logfilen kan også findes her: C:\AdwCleaner[R1].txt Download OTL af Oldtimer, gem den på dit skrivebord: http://oldtimer.geekstogo.com/OTL.exe Luk alle åbne vinduer. Klik på OTL ikonet (for Vista/win7, skal du højreklikke på ikonet og Kør som Administrator) for at starte programmet. Når vinduet vises, under Output i toppen skift til Minimal Output. Sæt prik i – Scan all users Marker felterne ud for LOP check og Purity Check. Klik så på Quick Scan. • Det vil give to (2) logfiler på skrivebordet, en kaldet OTL.txt, den anden vil blive navngivet Extras.txt. Husk, hvor du har gemt disse 2 filer. Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg. Signatur Sund Computer fornuft
[ Ignorer ] [ # 2 ] hrs
09.09.2012 09:05:15 Antal indlæg: 17	# AdwCleaner v2.000 - Logfile created 09/09/2012 at 08:43:42 # Updated 30/08/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Henrik Anker - KARENCOFFEE # Boot Mode : Normal # Running from : C:\Users\Henrik Anker\Desktop\adwcleaner.exe # Option [Search] *** [Services] * * [Files / Folders] * File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Found : C:\user.js File Found : C:\Users\Henrik Anker\AppData\Roaming\Mozilla\Firefox\Profiles\g2cq4hn0.default\searchplugins\yahoo-zugo.xml Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\InstallMate Folder Found : C:\ProgramData\Premium Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\Henrik Anker\AppData\Local\OpenCandy Folder Found : C:\Users\Henrik Anker\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\Henrik Anker\AppData\LocalLow\Conduit Folder Found : C:\Users\Henrik Anker\AppData\LocalLow\PriceGong Folder Found : C:\Users\Henrik Anker\AppData\Roaming\OpenCandy Folder Found : C:\Users\HENRIK~1\AppData\Local\Temp\OpenCandy * [Registry] * Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Zugo Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Key Found : HKLM\Software\Web Assistant Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKLM\SOFTWARE\Tarma Installer Key Found : HKLM\SOFTWARE\Web Assistant Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] * [Internet Browsers] * -\\ Internet Explorer v8.0.7600.16385 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110822&tt=100512_1_&babsrc=NT_ss&mntrId=36095778000000000000002682e85235 -\\ Mozilla Firefox v15.0 (da) Profile name : default File : C:\Users\Henrik Anker\AppData\Roaming\Mozilla\Firefox\Profiles\g2cq4hn0.default\prefs.js Found : user_pref(“browser.babylon.HPOnNewTab”, “search.babylon.com”); Found : user_pref(“browser.search.defaultenginename”, “MyStart Search”); Found : user_pref(“browser.search.order.1”, “Search the web (Babylon)”); Found : user_pref(“browser.search.selectedEngine”, “MyStart Search”); Found : user_pref(“extensions.BabylonToolbar_i.aflt”, “babsst”); Found : user_pref(“extensions.BabylonToolbar_i.babExt”, “”); Found : user_pref(“extensions.BabylonToolbar_i.babTrack”, “affID=110822&tt=100512_1_”); Found : user_pref(“extensions.BabylonToolbar_i.hardId”, “36095778000000000000002682e85235”); Found : user_pref(“extensions.BabylonToolbar_i.id”, “36095778000000000000002682e85235”); Found : user_pref(“extensions.BabylonToolbar_i.instlDay”, “15479”); Found : user_pref(“extensions.BabylonToolbar_i.instlRef”, “sst”); Found : user_pref(“extensions.BabylonToolbar_i.newTab”, true); Found : user_pref(“extensions.BabylonToolbar_i.newTabUrl”, “hxxp://search.babylon.com/?affID=110822&tt=10051[...] Found : user_pref(“extensions.BabylonToolbar_i.prdct”, “BabylonToolbar”); Found : user_pref(“extensions.BabylonToolbar_i.prtnrId”, “babylon”); Found : user_pref(“extensions.BabylonToolbar_i.smplGrp”, “none”); Found : user_pref(“extensions.BabylonToolbar_i.srcExt”, “ss”); Found : user_pref(“extensions.BabylonToolbar_i.tlbrId”, “tb9”); Found : user_pref(“extensions.BabylonToolbar_i.vrsn”, “1.5.3.17”); Found : user_pref(“extensions.BabylonToolbar_i.vrsnTs”, “1.5.3.170:35:26”); Found : user_pref(“extensions.BabylonToolbar_i.vrsni”, “1.5.3.17”); Found : user_pref(“extensions.incredibar.admin”, false); Found : user_pref(“extensions.incredibar.aflt”, “orgnl”); Found : user_pref(“extensions.incredibar.cntry”, “DK”); Found : user_pref(“extensions.incredibar.dfltLng”, “”); Found : user_pref(“extensions.incredibar.dfltSrch”, false); Found : user_pref(“extensions.incredibar.did”, “10650”); Found : user_pref(“extensions.incredibar.envrmnt”, “production”); Found : user_pref(“extensions.incredibar.excTlbr”, false); Found : user_pref(“extensions.incredibar.hdrMd5”, “51E6612299CE3D99168842F5EE3E191B”); Found : user_pref(“extensions.incredibar.hmpg”, false); Found : user_pref(“extensions.incredibar.id”, “36095778000000000000002682e85235”); Found : user_pref(“extensions.incredibar.installerproductid”, “26”); Found : user_pref(“extensions.incredibar.instlDay”, “15586”); Found : user_pref(“extensions.incredibar.instlRef”, “”); Found : user_pref(“extensions.incredibar.isDcmntCmplt”, true); Found : user_pref(“extensions.incredibar.lastVrsnTs”, “1.5.11.1412:26:26”); Found : user_pref(“extensions.incredibar.mntrvrsn”, “1.2.0”); Found : user_pref(“extensions.incredibar.newTab”, false); Found : user_pref(“extensions.incredibar.noFFXTlbr”, false); Found : user_pref(“extensions.incredibar.ppd”, “26_5”); Found : user_pref(“extensions.incredibar.prdct”, “incredibar”); Found : user_pref(“extensions.incredibar.productid”, “26”); Found : user_pref(“extensions.incredibar.prtnrId”, “Incredibar”); Found : user_pref(“extensions.incredibar.sg”, “none”); Found : user_pref(“extensions.incredibar.smplGrp”, “none”); Found : user_pref(“extensions.incredibar.tlbrId”, “base”); Found : user_pref(“extensions.incredibar.tlbrSrchUrl”, “hxxp://mystart.Incredibar.com/?a=6PQIvWljOg&loc=IB_T[...] Found : user_pref(“extensions.incredibar.upn2”, “6PQIvWljOg”); Found : user_pref(“extensions.incredibar.upn2n”, “92543517094525840”); Found : user_pref(“extensions.incredibar.vrsn”, “1.5.11.14”); Found : user_pref(“extensions.incredibar.vrsnTs”, “1.5.11.1412:26:26”); Found : user_pref(“extensions.incredibar.vrsni”, “1.5.11.14”); Found : user_pref(“extensions.incredibar_i.aflt”, “orgnl”); Found : user_pref(“extensions.incredibar_i.dfltLng”, “”); Found : user_pref(“extensions.incredibar_i.did”, “10650”); Found : user_pref(“extensions.incredibar_i.excTlbr”, false); Found : user_pref(“extensions.incredibar_i.id”, “36095778000000000000002682e85235”); Found : user_pref(“extensions.incredibar_i.installerproductid”, “26”); Found : user_pref(“extensions.incredibar_i.instlDay”, “15586”); Found : user_pref(“extensions.incredibar_i.instlRef”, “”); Found : user_pref(“extensions.incredibar_i.ms_url_id”, “”); Found : user_pref(“extensions.incredibar_i.newTab”, false); Found : user_pref(“extensions.incredibar_i.ppd”, “26_5”); Found : user_pref(“extensions.incredibar_i.prdct”, “incredibar”); Found : user_pref(“extensions.incredibar_i.productid”, “26”); Found : user_pref(“extensions.incredibar_i.prtnrId”, “Incredibar”); Found : user_pref(“extensions.incredibar_i.smplGrp”, “none”); Found : user_pref(“extensions.incredibar_i.tlbrId”, “base”); Found : user_pref(“extensions.incredibar_i.tlbrSrchUrl”, “hxxp://mystart.Incredibar.com/?a=6PQIvWljOg&loc=IB[...] Found : user_pref(“extensions.incredibar_i.upn2”, “6PQIvWljOg”); Found : user_pref(“extensions.incredibar_i.upn2n”, “92543517094525840”); Found : user_pref(“extensions.incredibar_i.vrsn”, “1.5.11.14”); Found : user_pref(“extensions.incredibar_i.vrsnTs”, “1.5.11.1412:26:26”); Found : user_pref(“extensions.incredibar_i.vrsni”, “1.5.11.14”); Found : user_pref(“keyword.URL”, “hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQIvWljOg&&i;=26&search;=”[...] -\\ Google Chrome v21.0.1180.89 File : C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.2.1578.0 File : C:\Users\Henrik Anker\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. *********************** AdwCleaner[R1].txt - [8892 octets] - [09/09/2012 08:43:42] ########## EOF - C:\AdwCleaner[R1].txt - [8952 octets] ##########
[ Ignorer ] [ # 3 ] hrs
09.09.2012 09:06:19 Antal indlæg: 17	OTL logfile created on: 09-09-2012 08:50:24 - Run 1 OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\Henrik Anker\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 3,87 Gb Total Physical Memory \| 2,57 Gb Available Physical Memory \| 66,35% Memory free 7,73 Gb Paging File \| 6,11 Gb Available in Paging File \| 79,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 421,81 Gb Total Space \| 298,77 Gb Free Space \| 70,83% Space Free \| Partition Type: NTFS Drive D: \| 29,00 Gb Total Space \| 27,75 Gb Free Space \| 95,71% Space Free \| Partition Type: NTFS Computer Name: KARENCOFFEE \| User Name: Henrik Anker \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Quick Scan \| Include 64bit Scans Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Henrik Anker\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro) PRC - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_da_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe () MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll () MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll () ========== Services (SafeList) ========== SRV:64bit: - (Lenovo ReadyComm ConnSvc)—C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited) SRV:64bit: - (Lenovo ReadyComm AppSvc)—C:\Program Files\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited) SRV:64bit: - (btwdins)—C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (WinDefend)—C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance)—C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc)—C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service)—C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AdobeARMservice)—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate)—C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AVP)—C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) SRV - (SUService)—C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (clr_optimization_v4.0.30319_32)—C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc)—C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SwitchBoard)—C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (CSObjectsSrv)—C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) SRV - (UNS)—C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS)—C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Fabs)—C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (PS_MDP)—C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited) SRV - (IGRS)—C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) SRV - (ReadyComm.DirectRouter)—C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited) SRV - (clr_optimization_v2.0.50727_32)—C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance)—C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (EPSON_EB_RPCV4_01)—C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01)—C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF)—C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (Fs_Rec)—C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64)—C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (KL1)—C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2)—C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (amdsata)—C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata)—C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (KLIM6)—C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (fssfltr)—C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (ETD)—C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (BCM43XX)—C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (Netaapl)—C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (vm331avs)—C:\Windows\SysNative\drivers\vm331avs.sys (Vimicro Corporation) DRV:64bit: - (RSUSBSTOR)—C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (iaStor)—C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (NVHDA)—C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (CnxtHdAudService)—C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (CSCrySec)—C:\Windows\SysNative\drivers\CSCrySec.sys (Infowatch) DRV:64bit: - (CSVirtualDiskDrv)—C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys (Infowatch) DRV:64bit: - (klmouflt)—C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (ACPIVPC)—C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation) DRV:64bit: - (HECIx64)—C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RTL8167)—C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (wsvd)—C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (wdmirror)—C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo) DRV:64bit: - (Bridge0)—C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo) DRV:64bit: - (amdsbs)—C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2)—C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD)—C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor)—C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usbser)—C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (btusbflt)—C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio)—C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt)—C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid)—C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (igfx)—C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (netw5v64)—C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (k57nd60a)—C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (ebdrv)—C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv)—C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a)—C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir)—C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM)—C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (btwl2cap)—C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (WimFltr)—C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:64bit: - (psadd)—C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (WIMMount)—C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ni.dk/ IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ni.dk/ IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\..\SearchScopes\{70BA3E6B-1059-2266-0B2C-40E4A85231B8}: “URL” = http://www.ddlstart.com/s/?q={searchTerms}&src=defsearch&provider;=&provider_name=yahoo&provider;_code=&partner_id=750&product_id=872&affiliate;_id=&channel;=&toolbar_id=200&toolbar_version=2.5.0&install_country=DK&install_date=20120903&user_guid=3CC96EF643874BFD885E1FEB447FECFD&machine_id=7ca729b311cb44ece203f70905c80578&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc;={referrer:source} IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\..\SearchScopes\{9F4E6C12-41BA-4887-B8B1-284509C4A2F8}: “URL” = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie;={inputEncoding?}&oe;={outputEncoding?} IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: “MyStart Search” FF - prefs.js..browser.search.order.1: “Search the web (Babylon)” FF - prefs.js..browser.search.selectedEngine: “MyStart Search” FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: “http://ni.dk/” FF - prefs.js..extensions.enabledAddons: .:2.0.0 FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.6 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledItems: .:11.0.1.400 FF - prefs.js..extensions.enabledItems: .:11.0.1.400 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.74 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..keyword.URL: “http://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQIvWljOg&&i;=26&search;=” FF - prefs.js..network.proxy.type: 0 FF:64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Henrik Anker\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Henrik Anker\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Henrik Anker\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Henrik Anker\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012-09-07 23:58:23 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012-09-07 23:58:23 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012-09-07 23:58:23 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-04 22:35:58 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-07 23:28:11 \| 000,000,000 \|—-D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-04 22:35:58 \| 000,000,000 \|—-D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-07 23:28:11 \| 000,000,000 \|—-D \| M] [2011-07-04 07:42:29 \| 000,000,000 \|—-D \| M] (No name found)—C:\Users\Henrik Anker\AppData\Roaming\mozilla\Extensions [2012-09-04 22:38:02 \| 000,000,000 \|—-D \| M] (No name found)—C:\Users\Henrik Anker\AppData\Roaming\mozilla\Firefox\Profiles\g2cq4hn0.default\extensions [2012-08-23 12:47:26 \| 000,000,000 \|—-D \| M] (SeoQuake)—C:\Users\Henrik Anker\AppData\Roaming\mozilla\Firefox\Profiles\g2cq4hn0.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2012-08-23 07:43:27 \| 000,000,000 \|—-D \| M] (LastPass)—C:\Users\Henrik Anker\AppData\Roaming\mozilla\Firefox\Profiles\g2cq4hn0.default\extensions\support@lastpass.com [2012-09-03 10:50:48 \| 000,001,389 \|——\| M] ()—C:\Users\Henrik Anker\AppData\Roaming\mozilla\firefox\profiles\g2cq4hn0.default\searchplugins\yahoo-zugo.xml [2012-09-07 23:30:26 \| 000,000,000 \|—-D \| M] (No name found)—C:\Program Files (x86)\Mozilla Firefox\extensions [2012-08-25 18:25:35 \| 000,000,000 \|—-D \| M] (Skype Click to Call)—C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-06-27 07:30:00 \| 000,000,000 \|—-D \| M] (Java Console)—C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-09-07 23:30:26 \| 000,000,000 \|—-D \| M] (Java Console)—C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-04 22:35:57 \| 000,266,720 \|——\| M] (Mozilla Foundation)—C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-06-10 11:13:56 \| 000,001,525 \|——\| M] ()—C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml [2012-05-20 00:35:03 \| 000,002,352 \|——\| M] ()—C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012-09-04 22:35:56 \| 000,002,465 \|——\| M] ()—C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012-06-10 11:13:56 \| 000,001,178 \|——\| M] ()—C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie;={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl;={language}&q={searchTerms}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.1.288_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.1.288_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.1.288_0\plugin/npABPlugin.dll CHR - plugin: Perion plugin (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll CHR - plugin: NPLastPass (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\nplastpass.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Henrik Anker\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Henrik Anker\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Kaspersky URL-r\u00E5dgiver = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.1.288_0\ CHR - Extension: LastPass = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\ CHR - Extension: Virtuelt Tastatur = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.1.288_0\ CHR - Extension: Skype Click to Call = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\ CHR - Extension: Anti-Banner = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.1.288_0\ O1 HOSTS File: ([2010-04-30 15:56:09 \| 000,001,798 \|——\| M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 http://www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000..\Run: [EPSON SX110 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU “C:\windows\TEMP\E_SCC05.tmp” /EF “HKCU” File not found O4 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000..\Run: [EPSON SX110 Series (kopi 1)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU “C:\windows\TEMP\E_S3B30.tmp” /EF “HKCU” File not found O4 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation) O4 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Føj til Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Henrik Anker\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Henrik Anker\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O8:64bit: - Extra context menu item: Send billede til &Bluetooth;-enhed… - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send siden til &Bluetooth;-enhed… - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Føj til Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8 - Extra context menu item: LastPass - file://C:\Users\Henrik Anker\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Henrik Anker\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: Send billede til &Bluetooth;-enhed… - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send siden til &Bluetooth;-enhed… - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: &Virtuelt; Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9:64bit: - Extra ‘Tools’ menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra ‘Tools’ menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: URL-&kontrol; - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelt; Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O9 - Extra ‘Tools’ menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra ‘Tools’ menuitem : Send to &Bluetooth; Device… - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: URL-&kontrol; - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://www.king.com/ctl/kingcomie.cab (king.com) O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.dk/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.150.129.22 89.150.129.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A326DE3-7D3F-4A29-9FA7-D0FF1E47A7BD}: DhcpNameServer = 80.251.201.177 80.251.201.178 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6578530-2C5B-4419-9CD5-A8DFF4FE43EB}: DhcpNameServer = 89.150.129.22 89.150.129.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB0001FF-254C-495F-BA36-467A20317B33}: DhcpNameServer = 89.150.129.22 89.150.129.10 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ae7a1aeb-c857-11df-8c21-806e6f6e6963}\Shell - “” = AutoRun O33 - MountPoints2\{ae7a1aeb-c857-11df-8c21-806e6f6e6963}\Shell\AutoRun\command - “” = F:\dvdcheck.exe O33 - MountPoints2\{e4108a2c-8f9f-11e0-9703-c0cb38ec058b}\Shell - “” = AutoRun O33 - MountPoints2\{e4108a2c-8f9f-11e0-9703-c0cb38ec058b}\Shell\AutoRun\command - “” = E:\AutoRun.exe O33 - MountPoints2\{e4108a3d-8f9f-11e0-9703-c0cb38ec058b}\Shell - “” = AutoRun O33 - MountPoints2\{e4108a3d-8f9f-11e0-9703-c0cb38ec058b}\Shell\AutoRun\command - “” = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open]—“%1” %* O35:64bit: - HKLM\..exefile [open]—“%1” %* O35 - HKLM\..comfile [open]—“%1” %* O35 - HKLM\..exefile [open]—“%1” %* O37:64bit: - HKLM\...com [@ = comfile]—“%1” %* O37:64bit: - HKLM\...exe [@ = exefile]—“%1” %* O37 - HKLM\...com [@ = comfile]—“%1” %* O37 - HKLM\...exe [@ = exefile]—“%1” %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-09-09 08:45:18 \| 000,599,552 \|——\| C] (OldTimer Tools)—C:\Users\Henrik Anker\Desktop\OTL.exe [2012-09-09 06:33:13 \| 000,000,000 \|—-D \| C]—C:\ProgramData\GFI Software [2012-09-08 22:51:01 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Spybot - Search & Destroy [2012-09-08 22:51:01 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Spybot - Search & Destroy [2012-09-08 15:17:48 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Roaming\Malwarebytes [2012-09-08 15:17:24 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Malwarebytes [2012-09-08 06:31:49 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012-09-07 23:24:53 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0 [2012-09-07 23:24:29 \| 000,085,048 \|——\| C] (Infowatch)—C:\windows\SysNative\drivers\CSCrySec.sys [2012-09-07 23:24:29 \| 000,066,104 \|——\| C] (Infowatch)—C:\windows\SysNative\drivers\CSVirtualDiskDrv.sys [2012-09-07 23:23:24 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Common Files\InfoWatch [2012-09-07 23:23:22 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Kaspersky Lab [2012-09-07 23:23:22 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Kaspersky Lab [2012-09-07 23:23:03 \| 000,639,280 \|——\| C] (Kaspersky Lab)—C:\windows\SysNative\drivers\klif.sys [2012-09-07 23:17:05 \| 000,000,000 \|—SD \| C]—C:\Users\Henrik Anker\Documents\Passwords Database [2012-09-05 16:39:27 \| 000,000,000 \| R—D \| C]—C:\Backup [2012-09-04 13:11:15 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio [2012-09-04 13:11:14 \| 000,049,664 \|——\| C] (CamStudio Group)—C:\windows\SysNative\CamCodec.dll [2012-09-04 13:11:14 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\CamStudio 2.6b [2012-09-04 10:45:04 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Local\{CF06E502-38BB-4E98-95A6-3B130E11E7C0} [2012-09-03 12:26:44 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Premium [2012-09-03 12:26:31 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Perion [2012-09-03 12:24:09 \| 000,000,000 \|—-D \| C]—C:\ProgramData\InstallMate [2012-09-01 16:46:45 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Incansoft [2012-09-01 16:46:43 \| 000,000,000 \|—-D \| C]—C:\IncanBots [2012-08-30 20:19:54 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Local\{5002FEEF-6E2B-47A8-B535-C8BBB4FFDAF7} [2012-08-28 17:22:04 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Local\{EFDD4846-F88C-4B95-B8E4-EBFD61015BFB} [2012-08-28 17:22:03 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Local\{D4447086-902C-4C0E-8D2C-FBE78AFC1F64} [2012-08-25 21:50:22 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Local\Unity [2012-08-24 10:22:59 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\Documents\Fonts [2012-08-23 07:43:23 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass [2012-08-23 07:43:23 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass [2012-08-23 07:43:23 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\LastPass [2012-08-21 09:55:29 \| 000,000,000 \|—SD \| C]—C:\Users\Henrik Anker\Google Drev [2012-08-21 09:54:07 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012-08-15 09:02:39 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\Desktop\Jing [2012-08-11 09:06:40 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Local\TechSmith [2012-08-11 09:06:22 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith [2012-08-11 09:06:21 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\TechSmith [2012-08-10 20:04:17 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\Documents\Internet Marketing - sites mv ========== Files - Modified Within 30 Days ========== [2012-09-09 08:45:12 \| 000,599,552 \|——\| M] (OldTimer Tools)—C:\Users\Henrik Anker\Desktop\OTL.exe [2012-09-09 08:41:27 \| 000,511,265 \|——\| M] ()—C:\Users\Henrik Anker\Desktop\adwcleaner.exe [2012-09-09 08:40:00 \| 000,000,830 \|——\| M] ()—C:\windows\tasks\Adobe Flash Player Updater.job [2012-09-09 08:32:00 \| 000,000,970 \|——\| M] ()—C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3061276965-3596754536-3702179295-1000UA.job [2012-09-09 08:32:00 \| 000,000,918 \|——\| M] ()—C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3061276965-3596754536-3702179295-1000Core.job [2012-09-09 08:11:00 \| 000,000,944 \|——\| M] ()—C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012-09-09 06:43:20 \| 000,013,632 \| -H—\| M] ()—C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-09-09 06:43:20 \| 000,013,632 \| -H—\| M] ()—C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-09-09 06:35:46 \| 000,000,940 \|——\| M] ()—C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012-09-09 06:35:22 \| 000,067,584 \|—S- \| M] ()—C:\windows\bootstat.dat [2012-09-09 06:35:16 \| 3113,365,504 \| -HS- \| M] ()—C:\hiberfil.sys [2012-09-08 06:31:52 \| 000,002,418 \|——\| M] ()—C:\Users\Henrik Anker\Desktop\Google Chrome.lnk [2012-09-08 06:21:20 \| 005,081,704 \|——\| M] ()—C:\windows\SysNative\FNTCACHE.DAT [2012-09-07 23:56:27 \| 000,153,053 \|——\| M] ()—C:\windows\SysNative\drivers\klin.dat [2012-09-07 23:56:27 \| 000,107,384 \|——\| M] ()—C:\windows\SysNative\drivers\klick.dat [2012-09-07 23:23:03 \| 000,639,280 \|——\| M] (Kaspersky Lab)—C:\windows\SysNative\drivers\klif.sys [2012-09-07 11:02:36 \| 000,000,132 \|——\| M] ()—C:\Users\Henrik Anker\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012-09-05 16:39:30 \| 000,017,408 \|——\| M] ()—C:\Users\Henrik Anker\AppData\Local\WebpageIcons.db [2012-09-04 22:47:11 \| 000,001,793 \|——\| M] ()—C:\Users\Public\Desktop\Opera.lnk [2012-09-04 22:36:02 \| 000,002,048 \|——\| M] ()—C:\Users\Henrik Anker\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012-09-04 13:11:15 \| 000,000,939 \|——\| M] ()—C:\Users\Public\Desktop\CamStudio-Recorder.lnk [2012-09-03 12:26:28 \| 000,000,703 \|——\| M] ()—C:\user.js [2012-09-02 09:36:03 \| 000,165,734 \|——\| M] ()—C:\Users\Henrik Anker\Documents\conversational hypnosis.inca [2012-09-02 09:10:16 \| 000,100,406 \|——\| M] ()—C:\Users\Henrik Anker\Documents\Feline health.inca [2012-09-02 08:05:56 \| 000,067,552 \|——\| M] ()—C:\Users\Henrik Anker\Documents\covert hypnosis.inca [2012-09-01 18:37:48 \| 000,241,996 \|——\| M] ()—C:\Users\Henrik Anker\Documents\Hypnosis.inca [2012-09-01 16:46:45 \| 000,003,043 \|——\| M] ()—C:\Users\Henrik Anker\Desktop\Niche Mania.lnk [2012-08-23 07:43:28 \| 000,001,192 \|——\| M] ()—C:\Users\Henrik Anker\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk [2012-08-23 07:43:24 \| 000,001,192 \|——\| M] ()—C:\Users\Public\Desktop\My LastPass Vault.lnk [2012-08-21 09:55:29 \| 000,001,712 \|——\| M] ()—C:\Users\Henrik Anker\Desktop\Google Drev.lnk [2012-08-13 01:14:43 \| 001,352,136 \|——\| M] ()—C:\windows\SysWow64\PerfStringBackup.INI [2012-08-13 01:14:43 \| 000,652,376 \|——\| M] ()—C:\windows\SysNative\perfh009.dat [2012-08-13 01:14:43 \| 000,507,478 \|——\| M] ()—C:\windows\SysNative\perfh006.dat [2012-08-13 01:14:43 \| 000,121,308 \|——\| M] ()—C:\windows\SysNative\perfc009.dat [2012-08-13 01:14:43 \| 000,097,708 \|——\| M] ()—C:\windows\SysNative\perfc006.dat [2012-08-13 01:14:32 \| 001,352,136 \|——\| M] ()—C:\windows\SysNative\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2012-09-09 08:41:26 \| 000,511,265 \|——\| C] ()—C:\Users\Henrik Anker\Desktop\adwcleaner.exe [2012-09-08 06:31:52 \| 000,002,418 \|——\| C] ()—C:\Users\Henrik Anker\Desktop\Google Chrome.lnk [2012-09-07 23:24:56 \| 000,153,053 \|——\| C] ()—C:\windows\SysNative\drivers\klin.dat [2012-09-07 23:24:56 \| 000,107,384 \|——\| C] ()—C:\windows\SysNative\drivers\klick.dat [2012-09-05 16:39:29 \| 000,017,408 \|——\| C] ()—C:\Users\Henrik Anker\AppData\Local\WebpageIcons.db [2012-09-04 22:47:11 \| 000,001,805 \|——\| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012-09-04 22:47:11 \| 000,001,793 \|——\| C] ()—C:\Users\Public\Desktop\Opera.lnk [2012-09-04 13:11:15 \| 000,000,939 \|——\| C] ()—C:\Users\Public\Desktop\CamStudio-Recorder.lnk [2012-09-02 09:23:10 \| 000,165,734 \|——\| C] ()—C:\Users\Henrik Anker\Documents\conversational hypnosis.inca [2012-09-02 08:10:10 \| 000,100,406 \|——\| C] ()—C:\Users\Henrik Anker\Documents\Feline health.inca [2012-09-02 07:54:09 \| 000,067,552 \|——\| C] ()—C:\Users\Henrik Anker\Documents\covert hypnosis.inca [2012-09-01 18:31:32 \| 000,241,996 \|——\| C] ()—C:\Users\Henrik Anker\Documents\Hypnosis.inca [2012-09-01 16:46:45 \| 000,003,043 \|——\| C] ()—C:\Users\Henrik Anker\Desktop\Niche Mania.lnk [2012-08-23 07:43:27 \| 000,001,192 \|——\| C] ()—C:\Users\Henrik Anker\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk [2012-08-23 07:43:24 \| 000,001,192 \|——\| C] ()—C:\Users\Public\Desktop\My LastPass Vault.lnk [2012-08-21 09:55:29 \| 000,001,712 \|——\| C] ()—C:\Users\Henrik Anker\Desktop\Google Drev.lnk [2012-08-11 09:03:08 \| 001,352,136 \|——\| C] ()—C:\windows\SysWow64\PerfStringBackup.INI [2012-06-21 14:51:07 \| 000,000,132 \|——\| C] ()—C:\Users\Henrik Anker\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011-11-20 21:52:28 \| 000,001,007 \|——\| C] ()—C:\windows\MyHeritage.INI [2011-11-20 21:48:49 \| 000,454,656 \|——\| C] ()—C:\windows\SysWow64\PaintX.dll [2011-11-18 18:49:13 \| 000,000,170 \|——\| C] ()—C:\Users\Henrik Anker\LAViewer.properties [2011-09-25 11:01:01 \| 000,000,088 \|——\| C] ()—C:\ProgramData\profile.xml [2011-06-12 13:34:28 \| 000,000,132 \|——\| C] ()—C:\Users\Henrik Anker\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011-03-21 08:54:43 \| 000,000,000 \|——\| C] ()—C:\Users\Henrik Anker\temp.dat [2011-03-01 21:43:45 \| 000,001,456 \|——\| C] ()—C:\Users\Henrik Anker\AppData\Local\Adobe Save for Web 12.0 Prefs [2010-12-01 22:26:22 \| 000,000,056 \| -H—\| C] ()—C:\ProgramData\ezsidmv.dat [2010-09-25 06:34:40 \| 000,000,512 \|——\| C] ()—C:\windows\previous.bin [2010-09-25 06:34:40 \| 000,000,512 \|——\| C] ()—C:\windows\current.bin [2010-09-25 06:26:36 \| 000,016,648 \| R—- \| C] ()—C:\windows\SysWow64\LogAPI.dll [2010-09-25 06:21:43 \| 002,110,816 \|——\| C] ()—C:\windows\SysWow64\Apblend.dll [2010-09-25 06:21:43 \| 001,171,456 \|——\| C] ()—C:\windows\SysWow64\PicNotify.dll [2010-09-25 06:21:35 \| 001,044,480 \|——\| C] ()—C:\windows\SysWow64\3DImageRenderer.dll [2010-09-25 05:54:58 \| 000,001,341 \|——\| C] ()—C:\windows\vm331Rmv.ini ========== LOP Check ========== [2012-05-06 12:26:22 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\Acoustica [2012-09-05 23:55:21 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\BitTorrent [2011-05-20 15:19:28 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\bppenu11 [2011-03-19 10:15:07 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011-03-26 13:25:27 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011-08-18 15:18:28 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\com.kpdev.InMyMug [2012-07-08 11:30:08 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\com.pageone.KeywordXP [2012-09-09 08:48:00 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\Dropbox [2011-01-31 09:20:32 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\EPSON [2012-04-18 15:12:11 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\Feedreader [2012-09-07 17:00:46 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\FileZilla [2011-04-10 16:36:02 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\GARMIN [2012-09-05 23:52:43 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\Guitar Pro 6 [2011-06-13 11:57:05 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\Hardcore [2011-06-12 00:10:25 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\MAGIX [2011-11-20 22:16:12 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\MyHeritage [2011-03-01 22:07:19 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\NoteTab Pro [2011-06-12 00:55:29 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\OpenCandy [2010-12-02 19:36:58 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\Opera [2011-06-28 20:25:29 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\PC Suite [2012-07-26 09:25:30 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012-05-06 08:12:26 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\SummaSummarum [2012-05-06 12:27:07 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\SynthMaker [2011-11-23 21:22:49 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\The Complete Genealogy Reporter - FTB [2011-11-30 19:05:01 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\Thunderbird [2010-12-02 08:31:08 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2012-06-28 13:44:30 \| 000,032,550 \|——\| M] ()—C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
[ Ignorer ] [ # 4 ] hrs
09.09.2012 09:07:16 Antal indlæg: 17	OTL Extras logfile created on: 09-09-2012 08:50:24 - Run 1 OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\Henrik Anker\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 3,87 Gb Total Physical Memory \| 2,57 Gb Available Physical Memory \| 66,35% Memory free 7,73 Gb Paging File \| 6,11 Gb Available in Paging File \| 79,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 421,81 Gb Total Space \| 298,77 Gb Free Space \| 70,83% Space Free \| Partition Type: NTFS Drive D: \| 29,00 Gb Total Space \| 27,75 Gb Free Space \| 95,71% Space Free \| Partition Type: NTFS Computer Name: KARENCOFFEE \| User Name: Henrik Anker \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Quick Scan \| Include 64bit Scans Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut]—C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile]—C:\windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open]—“%1” %* cmdfile [open]—“%1” %* comfile [open]—“%1” %* exefile [open]—“%1” %* helpfile [open]—Reg Error: Key error. inffile [install]—%SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation) InternetShortcut [open]—“C:\Windows\System32\rundll32.exe” “C:\Windows\System32\ieframe.dll”,OpenURL %l (Microsoft Corporation) InternetShortcut [print]—“C:\Windows\System32\rundll32.exe” “C:\Windows\System32\mshtml.dll”,PrintHTML “%1” (Microsoft Corporation) piffile [open]—“%1” %* regfile [merge]—Reg Error: Key error. scrfile [config]—“%1” scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open]—“%1” /S txtfile [edit]—Reg Error: Key error. Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge]—C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe “%L” (Adobe Systems, Inc.) Directory [cmd]—cmd.exe /s /k pushd “%V” (Microsoft Corporation) Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore]—Reg Error: Value error. Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open]—“%1” %* cmdfile [open]—“%1” %* comfile [open]—“%1” %* cplfile [cplopen]—%SystemRoot%\System32\control.exe “%1”,%* (Microsoft Corporation) exefile [open]—“%1” %* helpfile [open]—Reg Error: Key error. inffile [install]—%SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation) piffile [open]—“%1” %* regfile [merge]—Reg Error: Key error. scrfile [config]—“%1” scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open]—“%1” /S txtfile [edit]—Reg Error: Key error. Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge]—C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe “%L” (Adobe Systems, Inc.) Directory [cmd]—cmd.exe /s /k pushd “%V” (Microsoft Corporation) Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore]—Reg Error: Value error. Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] “cval” = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] “VistaSp1” = 28 4D B2 76 41 04 CA 01 [binary data] “AntiVirusOverride” = 0 “AntiSpywareOverride” = 0 “FirewallOverride” = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] “DisableMonitoring” = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] “DisableNotifications” = 0 “EnableFirewall” = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] “DisableNotifications” = 0 “EnableFirewall” = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] “DisableNotifications” = 0 “EnableFirewall” = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] “{0C39720F-197C-40F8-ABFD-1B4AA3DDA3F9}” = rport=137 \| protocol=17 \| dir=out \| app=system \| “{104369DF-E899-4241-A394-ACA69674A314}” = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| “{1A616E86-FCD4-4915-9D3B-81269D0B0058}” = lport=6004 \| protocol=17 \| dir=in \| app=c:\program files (x86)\microsoft office\office14\outlook.exe \| “{33FBF66D-71DF-4A67-A1FD-4EB99A829353}” = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| “{3954AAB2-39D6-4000-BBD3-D3CF92168CF8}” = rport=138 \| protocol=17 \| dir=out \| app=system \| “{3C9B2D10-9E72-4A0C-AD9D-0431DA53B8D2}” = lport=139 \| protocol=6 \| dir=in \| app=system \| “{404E8FE8-CD42-4254-A40B-288412B414C5}” = lport=2177 \| protocol=6 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| “{4167851E-566E-4506-B2DF-18E1A7B30B68}” = rport=10243 \| protocol=6 \| dir=out \| app=system \| “{443F60A3-605F-4E0A-A9FF-A21EA2AEC09E}” = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| name=@firewallapi.dll,-28539 \| “{512F44B3-3871-453D-A947-C5F4DB779F45}” = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| “{58114ABA-F1FE-4770-ABD0-36F2EEDF5D0E}” = lport=10243 \| protocol=6 \| dir=in \| app=system \| “{62C32291-2DC7-4269-909B-C9A528750CD7}” = lport=138 \| protocol=17 \| dir=in \| app=system \| “{7A3DA4EC-4407-4C21-8993-F0382A3CF3F4}” = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| “{7EB5AEC3-1A70-4BF2-8767-17CC422E6DE9}” = lport=137 \| protocol=17 \| dir=in \| app=system \| “{8A589346-F19E-4B53-A681-DCCDB39AA007}” = lport=2177 \| protocol=17 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| “{8EFBC3CF-963C-403B-BD3C-FDE947159BC8}” = lport=1900 \| protocol=17 \| dir=in \| name=windows live communications platform (ssdp) \| “{96275D9A-7E14-404A-A31A-884518360454}” = lport=2869 \| protocol=6 \| dir=in \| app=system \| “{AC1495D7-E2E3-46B3-BC86-C830FDE82C4A}” = lport=445 \| protocol=6 \| dir=in \| app=system \| “{B017F14B-BB05-4C08-B92C-0426FC0F1A97}” = rport=445 \| protocol=6 \| dir=out \| app=system \| “{BD900596-7BE8-4F81-A65E-EAFD7835399A}” = lport=rpc \| protocol=6 \| dir=in \| svc=spooler \| app=%systemroot%\system32\spoolsv.exe \| “{D0EF3EBE-53D1-4BCD-BB11-878018031173}” = rport=2177 \| protocol=17 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| “{D34B8CBD-E26C-4A37-8FFB-84A3609CA89E}” = lport=2869 \| protocol=6 \| dir=in \| name=windows live communications platform (upnp) \| “{F720FB68-EFDD-42AA-8D35-F84DBD431F47}” = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| “{F9C8285D-48F1-40D2-A1FF-94427EC3D265}” = rport=2177 \| protocol=6 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| “{FAC324EF-082D-4AED-A675-F8BAB9AD2506}” = rport=139 \| protocol=6 \| dir=out \| app=system \| “{FFD80589-8D11-4EF7-AE81-648132CAA9B0}” = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] “{084E42A9-FEC0-4167-AA06-CC8B25999161}” = dir=out \| app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe \| “{09DC1469-26E2-47C2-B494-100CA22716C0}” = dir=out \| app=c:\program files\lenovo\readycomm\readycomm.exe \| “{0CE57322-BCF5-4C62-BB44-70E91518AF09}” = protocol=17 \| dir=in \| app=c:\program files (x86)\microsoft office\office14\onenote.exe \| “{1A2BAF1D-3E0B-4FAE-85B0-960085EF74DE}” = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmpnetwk.exe \| “{1B4BF8F8-3177-44E6-8D4D-F962093ADF78}” = dir=in \| app=c:\program files\lenovo\readycomm\projectionist.exe \| “{1C8DBABC-9DC6-404A-A621-240623328E42}” = protocol=17 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| “{20065444-C7D7-483C-881E-4BADDD8321CC}” = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| “{27635CD2-E130-4BDE-A247-B6351C248BF3}” = protocol=6 \| dir=in \| app=c:\users\henrik anker\appdata\roaming\dropbox\bin\dropbox.exe \| “{2BB24039-EEDA-4188-B3C8-5C20DC88F68C}” = protocol=58 \| dir=out \| name=@firewallapi.dll,-28546 \| “{2EC08B2C-1257-4230-A19F-6F3D10932D76}” = protocol=6 \| dir=in \| app=c:\program files (x86)\microsoft office\office14\onenote.exe \| “{2FE85674-9FA8-4063-A24C-5CD2AAE428B5}” = dir=out \| app=c:\program files\lenovo\readycomm\appsvc.exe \| “{38599585-04A6-47AC-A3BC-1E2AEC7F17F2}” = dir=in \| app=c:\program files\lenovo\readycomm\appsvc.exe \| “{4B5C9F9C-9673-48D7-9A40-2C13A38C0235}” = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| “{4BA70FF6-7815-4177-8011-2CDE1CE10812}” = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmpnetwk.exe \| “{4CAA49C5-8A6E-4DB3-9867-C13CB0F55FB4}” = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| “{5037CD74-5024-41A8-8639-9451D17F09F0}” = protocol=6 \| dir=out \| app=system \| “{51E9693B-C9F5-4F8F-954D-0DE5DB53CF59}” = dir=out \| app=c:\windows\system32\igrssvcs.exe \| “{52BC7632-EB84-4CC9-BAD3-0A822E12CCCF}” = dir=in \| app=c:\windows\system32\igrssvcs.exe \| “{56C8CF41-F827-47BE-9916-DC7A08D7B687}” = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| “{596D4C56-F69C-429C-99EF-4E6C9F50F567}” = dir=in \| app=c:\program files\lenovo\readycomm\readycom.exe \| “{60F188D3-DCCB-4095-A339-BEE098776BD6}” = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| “{6154CEBA-F7A1-4AA3-9D3F-82D43D680A63}” = dir=out \| app=c:\program files\lenovo\readycomm\connsvc.exe \| “{6697299C-473C-480F-ACB6-3849ECDDDCA3}” = protocol=58 \| dir=in \| name=@firewallapi.dll,-28545 \| “{6A75347E-81DB-41BE-AFD4-7EC14D2B6B95}” = dir=in \| app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe \| “{7016C139-7164-4CE4-8234-EB6C230BDBED}” = protocol=17 \| dir=in \| app=c:\users\henrik anker\appdata\local\directdownloader\directdownloader.exe \| “{790296A6-6A3C-4358-AF8A-EA3FD808636A}” = dir=out \| app=c:\program files\lenovo\readycomm\projectionist.exe \| “{7DBB0C7D-F252-476C-AF55-D0AB5EF89234}” = protocol=17 \| dir=out \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| “{87CBD846-5351-41E6-83BF-A6F6BE34C72F}” = protocol=1 \| dir=in \| name=@firewallapi.dll,-28543 \| “{94CBCD8F-F2E5-4F92-AF0F-00C023CF0E27}” = dir=in \| app=c:\program files (x86)\skype\phone\skype.exe \| “{9D5FE062-AA10-47F3-93C6-FE66244FB960}” = protocol=6 \| dir=in \| app=c:\program files\bonjour\mdnsresponder.exe \| “{A1CB184C-D930-44D6-AE5E-484E0B07F1B9}” = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmpnetwk.exe \| “{A6EE63F9-2B62-4CFE-9D98-98DFB6A919A3}” = protocol=1 \| dir=out \| name=@firewallapi.dll,-28544 \| “{A8608355-C77D-4C7A-B352-519B11DDD783}” = dir=in \| app=c:\program files (x86)\itunes\itunes.exe \| “{ABBBA165-8F53-43BC-8FE4-7A0A44323D84}” = protocol=6 \| dir=in \| app=c:\program files (x86)\opera\opera.exe \| “{AE1A09FE-C099-46A1-A793-EE0BEDAE3296}” = protocol=6 \| dir=in \| app=c:\program files (x86)\bonjour\mdnsresponder.exe \| “{AE2B7D09-671C-4863-B3DF-0B99D008F146}” = dir=out \| app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe \| “{B55FFCA7-5139-4126-81C2-BB550AAE7845}” = dir=in \| app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe \| “{C4942361-5DAC-4A76-8BDB-A9998D622127}” = protocol=17 \| dir=in \| app=c:\program files (x86)\bonjour\mdnsresponder.exe \| “{CA009D24-F1BC-4039-A22B-EFBFC2DABF5E}” = protocol=6 \| dir=in \| app=%programfiles%\windows media player\wmpnetwk.exe \| “{D011450C-4446-458E-8E13-B0B4C016792F}” = dir=in \| app=c:\program files\lenovo\readycomm\connsvc.exe \| “{D078BE94-8AF5-4EE4-B6FF-76B9C1793B37}” = protocol=17 \| dir=in \| app=c:\program files (x86)\filezilla ftp client\filezilla.exe \| “{D372A87B-593B-4F81-AB12-EAB4602FCDF5}” = protocol=6 \| dir=out \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| “{DD9F20CB-3030-474B-908E-3A9FBDA99C5D}” = dir=in \| app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe \| “{E3A133C9-EF15-4FFA-83A1-081293E6A6D5}” = dir=in \| app=c:\program files (x86)\windows live\contacts\wlcomm.exe \| “{E40DABBF-34E6-48CD-BF1D-1C745BDAB981}” = protocol=6 \| dir=in \| app=c:\program files (x86)\filezilla ftp client\filezilla.exe \| “{EB984F1F-9FB4-45A4-8F5D-A3E5ABD05ED3}” = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| “{EBBA6271-EFDE-4325-A6ED-2CF8BA97CC43}” = protocol=17 \| dir=in \| app=c:\program files (x86)\opera\opera.exe \| “{ED0FF00B-F05D-461C-A0AC-DB7AD05032F3}” = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| “{F6E3D972-22C7-4730-BDE1-810BABBDFAC6}” = protocol=17 \| dir=in \| app=%programfiles(x86)%\windows media player\wmplayer.exe \| “{FD44E44B-5E4B-469F-9DB8-13A0846CFBC7}” = protocol=6 \| dir=in \| app=c:\users\henrik anker\appdata\local\directdownloader\directdownloader.exe \| “{FD4F9FC9-F79D-4B90-92DC-122643AF5384}” = protocol=17 \| dir=in \| app=c:\users\henrik anker\appdata\roaming\dropbox\bin\dropbox.exe \| ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “{027E5FAB-1476-4C59-AAB4-32EF28520399}” = Windows Live Language Selector “{071c9b48-7c32-4621-a0ac-3f809523288f}” = Microsoft Visual C++ 2005 Redistributable (x64) “{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}” = Windows Live ID Sign-in Assistant “{1E9FC118-651D-4934-97BE-E53CAE5C7D45}” = Microsoft_VC80_MFCLOC_x86_x64 “{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}” = Microsoft_VC80_CRT_x86_x64 “{46F4D124-20E5-4D12-BE52-EC177A7A4B42}” = Lenovo OneKey Recovery “{4D668D4F-FAA2-4726-834C-31F4614F312E}” = MSVC80_x64_v2 “{57019733-78E6-43DE-8E6D-55349F0FDE6F}” = inSSIDer 2.0 “{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}” = Apple Mobile Device Support “{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}” = MobileMe Control Panel “{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}” = Bonjour “{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}” = iTunes “{8557397C-A42D-486F-97B3-A2CBC2372593}” = Microsoft_VC90_ATL_x86_x64 “{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight “{8B485965-8EFE-464A-842F-CF8F18C3DFD7}” = iCloud “{8E34682C-8118-31F1-BC4C-98CD9675E1C2}” = Microsoft .NET Framework 4 Extended “{90140000-002A-0000-1000-0000000FF1CE}” = Microsoft Office Office 64-bit Components 2010 “{90140000-002A-0406-1000-0000000FF1CE}” = Microsoft Office Shared 64-bit MUI (Danish) 2010 “{925D058B-564A-443A-B4B2-7E90C6432E55}” = Microsoft_VC80_ATL_x86_x64 “{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}” = Microsoft_VC90_CRT_x86_x64 “{95120000-00B9-0409-1000-0000000FF1CE}” = Microsoft Application Error Reporting “{99830F57-829F-3185-99EF-B364AA00A216}” = Microsoft .NET Framework 4 Extended DAN Language Pack “{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}” = Lenovo Bluetooth with Enhanced Data Rate Software “{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}” = Microsoft_VC90_MFC_x86_x64 “{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}” = MSVC90_x64 “{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}” = Microsoft Visual C++ 2005 Redistributable (x64) “{B6E3757B-5E77-3915-866A-CCFC4B8D194C}” = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 “{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}” = Microsoft_VC80_MFC_x86_x64 “{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}” = Microsoft .NET Framework 4 Client Profile “{F83E9BF0-B8D8-3D68-9E07-7505290C2202}” = Microsoft .NET Framework 4 Client Profile DAN Language Pack “{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}” = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 “0A4175B489A1B4A6E07E11B063A6263480C51D71” = Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) “3BA80AB4C7E9F8497C115C844953A3D4BEB84D21” = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) “6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1” = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) “6B8550A319DDC8B17F35F4A89988705E4592349B” = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) “CNXT_AUDIO_HDA” = Conexant HD Audio “CutePDF Writer Installation” = CutePDF Writer 2.8 “Elantech” = ETDWare PS/2-x64 7.0.4.18_WHQL “EPSON Printer and Utilities” = EPSON Printer Software “EPSON SX110 Series” = Afinstallation af EPSON SX110 Series-printeren “Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile “Microsoft .NET Framework 4 Client Profile DAN Language Pack” = Microsoft .NET Framework 4 Client Profile DAN sprogpakke “Microsoft .NET Framework 4 Extended” = Microsoft .NET Framework 4 Extended “Microsoft .NET Framework 4 Extended DAN Language Pack” = Microsoft .NET Framework 4 Extended DAN sprogpakke “NVIDIA Drivers” = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}” = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 “{01FB4998-33C4-4431-85ED-079E3EEFE75D}” = CyberLink YouCam “{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}” = Microsoft_VC90_ATL_x86 “{08D2E121-7F6A-43EB-97FD-629B44903403}” = Microsoft_VC90_CRT_x86 “{0B0F231F-CE6A-483D-AA23-77B364F75917}” = Windows Live Installer “{0CE226F3-EB27-4ECD-BBF5-F088716779FD}” = Energy Management “{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}” = Adobe Community Help “{0E64B098-8018-4256-BA23-C316A43AD9B0}” = QuickTime “{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}” = Microsoft_VC80_ATL_x86 “{122ADF8C-DDA1-480C-9936-C88F2825B265}” = Apple Application Support “{15FEDA5F-141C-4127-8D7E-B962D1742728}” = Adobe Photoshop CS5 “{17542DBF-E17C-4562-BC4D-FA3EF3076C45}” = Lenovo ReadyComm 5 “{200FEC62-3C34-4D60-9CE8-EC372E01C08F}” = Windows Live SOXE Definitions “{25C64847-B900-48AD-A164-1B4F9B774650}” = System Update “{26A24AE4-039D-4CA4-87B4-2F83216033FF}” = Java(TM) 6 Update 35 “{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}” = Google Earth Plug-in “{2AEF1D63-88A3-0D99-AB8C-900E31ACB6CB}” = KeywordXP “{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}” = Kaspersky PURE 2.0 “{3336F667-9049-4D46-98B6-4C743EEBC5B1}” = Windows Live Photo Gallery “{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}” = Firebird SQL Server - MAGIX Edition “{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}” = Intel(R) Rapid Storage Technology “{3E9E68FB-49FA-410A-8787-424F2A506E0F}” = Business Plan Pro 15th Anniversary Edition “{40BF1E83-20EB-11D8-97C5-0009C5020658}” = Power2Go “{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}” = Windows Live Photo Gallery “{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater “{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}” = Microsoft_VC90_MFC_x86 “{65153EA5-8B6E-43B6-857B-C6E4FC25798A}” = Intel(R) Management Engine Components “{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}” = Adobe AIR “{682B3E4F-696A-42DE-A41C-4C07EA1678B4}” = Windows Live SOXE “{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1” = Poedit “{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}” = Windows Media Player Firefox Plugin “{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}” = MSVC80_x86_v2 “{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable “{716E0306-8318-4364-8B8F-0CC4E9376BAC}” = MSXML 4.0 SP2 Parser and SDK “{76C66170-C538-4E77-B54D-48E136B5B533}” = Lenovo ReadyComm 5.0 Service “{770657D0-A123-3C07-8E44-1C83EC895118}” = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 “{77DCDCE3-2DED-62F3-8154-05E745472D07}” = Acrobat.com “{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}” = Apple Software Update “{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}” = Text-To-Speech-Runtime “{827D3E4A-0186-48B7-9801-7D1E9DD40C07}” = Windows Live Essentials “{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable “{83C292B7-38A5-440B-A731-07070E81A64F}” = Windows Live PIMT Platform “{8833FFB6-5B0C-4764-81AA-06DFEED9A476}” = Realtek Ethernet Controller Driver For Windows Vista and Later “{8991E763-21F5-4DEA-A938-5D9D77DCB488}” = Broadcom 802.11 Wireless Driver “{8CC9F4D8-D938-412B-B67D-A28FA7BDB8AA}” = Jing “{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}” = MSVCRT “{90140000-0015-0406-0000-0000000FF1CE}” = Microsoft Office Access MUI (Danish) 2010 “{90140000-0015-0406-0000-0000000FF1CE}_Office14.SingleImage_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-0016-0406-0000-0000000FF1CE}” = Microsoft Office Excel MUI (Danish) 2010 “{90140000-0016-0406-0000-0000000FF1CE}_Office14.SingleImage_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-0018-0406-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (Danish) 2010 “{90140000-0018-0406-0000-0000000FF1CE}_Office14.SingleImage_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-0019-0406-0000-0000000FF1CE}” = Microsoft Office Publisher MUI (Danish) 2010 “{90140000-0019-0406-0000-0000000FF1CE}_Office14.SingleImage_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-001A-0406-0000-0000000FF1CE}” = Microsoft Office Outlook MUI (Danish) 2010 “{90140000-001A-0406-0000-0000000FF1CE}_Office14.SingleImage_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-001B-0406-0000-0000000FF1CE}” = Microsoft Office Word MUI (Danish) 2010 “{90140000-001B-0406-0000-0000000FF1CE}_Office14.SingleImage_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-001F-0406-0000-0000000FF1CE}” = Microsoft Office Proof (Danish) 2010 “{90140000-001F-0406-0000-0000000FF1CE}_Office14.SingleImage_{59BCA417-5095-450B-931A-AE6194728386}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-001F-0407-0000-0000000FF1CE}” = Microsoft Office Proof (German) 2010 “{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2010 “{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-001F-041D-0000-0000000FF1CE}” = Microsoft Office Proof (Swedish) 2010 “{90140000-001F-041D-0000-0000000FF1CE}_Office14.SingleImage_{D00E944F-5ECB-42FF-B58E-8FDCF2219DE8}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-002A-0406-1000-0000000FF1CE}_Office14.SingleImage_{2AE96E9C-E4F4-4D18-8A54-C4FABBEA0CDD}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-002C-0406-0000-0000000FF1CE}” = Microsoft Office Proofing (Danish) 2010 “{90140000-002C-0406-0000-0000000FF1CE}_Office14.SingleImage_{EC231F64-29AF-4FBD-85B8-EAFFFAE8B7A5}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-003D-0000-0000-0000000FF1CE}” = Microsoft Office Single Image 2010 “{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-006E-0406-0000-0000000FF1CE}” = Microsoft Office Shared MUI (Danish) 2010 “{90140000-006E-0406-0000-0000000FF1CE}_Office14.SingleImage_{63CDEDB9-50F5-4C35-9219-72C4F31A61FE}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-00A1-0406-0000-0000000FF1CE}” = Microsoft Office OneNote MUI (Danish) 2010 “{90140000-00A1-0406-0000-0000000FF1CE}_Office14.SingleImage_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1) “{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}” = Microsoft_VC80_CRT_x86 “{92EA4134-10D1-418A-91E1-5A0453131A38}” = Windows Live Movie Maker “{9527A496-5DF9-412A-ADC7-168BA5379CA6}” = Microsoft Flight Simulator X “{96334581-5554-3E5F-8BC9-924C3C3AC5BE}” = Google Talk Plugin “{96AE7E41-E34E-47D0-AC07-1091A8127911}” = Realtek USB 2.0 Card Reader “{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 “{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 “{A78FE97A-C0C8-49CE-89D0-EDD524A17392}” = PDF Settings CS5 “{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper “{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}” = Windows Live Photo Common “{AC76BA86-7AD7-1030-7B44-AA1000000001}” = Adobe Reader X (10.1.4) - Dansk “{AC76BA86-7AD7-5464-3428-900000000004}” = Spelling Dictionaries Support For Adobe Reader 9 “{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}” = Lenovo EasyCamera “{AF111648-99A1-453E-81DD-80DBBF6DAD0D}” = MSVC90_x86 “{B2164CCB-C002-4B80-8550-7535D80DF237}” = Lenovo DirectShare “{B6CF2967-C81E-40C0-9815-C05774FEF120}” = Skype Click to Call “{C779648B-410E-4BBA-B75B-5815BCEFE71D}” = Safari “{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}” = TweetDeck “{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}” = Windows Live UX Platform “{CF671BFE-6BA3-44E7-98C1-500D9C51D947}” = Windows Live Photo Gallery “{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}” = Microsoft Search Enhancement Pack “{D1A19B02-817E-4296-A45B-07853FD74D57}” = Microsoft_VC80_MFC_x86 “{D45240D3-B6B3-4FF9-B243-54ECE3E10066}” = Windows Live Communications Platform “{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}” = Microsoft_VC80_MFCLOC_x86 “{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}” = Windows Live Movie Maker “{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}” = Adobe Media Player “{DFB19121-0609-49C1-92B1-546E5A940FE8}” = Onekey Theater “{E09C4DB7-630C-4F06-A631-8EA7239923AF}” = D3DX10 “{E5DD4723-FE0B-436E-A815-DC23CF902A0B}” = Windows Live UX Platform Language Pack “{E77A53A2-4623-4635-AE7F-702152168EE5}” = Google Drive “{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}” = Skype™ 5.10 “{EFE0217F-B520-4D8F-8380-A420FA9F9CD1}” = Niche Mania “{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}” = Microsoft SQL Server 2005 Compact Edition [ENU] “{F8A9085D-4C7A-41a9-8A77-C8998A96C421}” = Intel(R) Control Center “{FD9C31B6-F572-414D-81E3-89368C97A125}_is1” = CamStudio OSS Desktop Recorder “{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 “Adobe AIR” = Adobe AIR “Adobe Flash Player ActiveX” = Adobe Flash Player 11 ActiveX “Adobe Flash Player Plugin” = Adobe Flash Player 11 Plugin “chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1” = Adobe Community Help “com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1” = Adobe Media Player “com.pageone.KeywordXP” = KeywordXP “EPSON Scanner” = EPSON Scan “Family Tree Builder” = MyHeritage Family Tree Builder “InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}” = CyberLink YouCam “InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}” = Lenovo OneKey Recovery “InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}” = Microsoft Flight Simulator X “InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}” = Lenovo DirectShare “InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}” = Kaspersky PURE 2.0 “LastPass” = LastPass (uninstall only) “Mozilla Firefox 15.0 (x86 da)” = Mozilla Firefox 15.0 (x86 da) “MozillaMaintenanceService” = Mozilla Maintenance Service “Office14.SingleImage” = Microsoft Office til Hjemmet og Firmaet 2010 “Opera 12.02.1578” = Opera 12.02 “SummaSummarum_is1” = SummaSummarum 3.7 “TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1” = TweetDeck “WinLiveSuite” = Windows Live Essentials “WinRAR archiver” = WinRAR 4.01 beta 1 (32-bit) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3061276965-3596754536-3702179295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “Dropbox” = Dropbox “Google Chrome” = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 05-09-2012 13:27:15 \| Computer Name = KarenCoffee \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7285 Error - 05-09-2012 13:27:16 \| Computer Name = KarenCoffee \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 05-09-2012 13:27:16 \| Computer Name = KarenCoffee \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8299 Error - 05-09-2012 13:27:16 \| Computer Name = KarenCoffee \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8299 Error - 05-09-2012 14:09:47 \| Computer Name = KarenCoffee \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 05-09-2012 14:09:47 \| Computer Name = KarenCoffee \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2559867 Error - 05-09-2012 14:09:47 \| Computer Name = KarenCoffee \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2559867 Error - 05-09-2012 18:10:58 \| Computer Name = KarenCoffee \| Source = Application Hang \| ID = 1002 Description = Programmet Skype.exe version 5.10.0.116 afbrød kommunikationen med Windows og blev afsluttet. Hvis du vil se, om der findes flere oplysninger om problemet, kan du læse om problemets historik via Løsningscenter. Proces-id: 1868 Starttidspunkt: 01cd8bb3007bddda Afslutningstidspunkt: 6 Programsti: C:\Program Files (x86)\Skype\Phone\Skype.exe Rapport-id: 81441a51-f7a6-11e1-9737-aee008ac02e9 Error - 07-09-2012 16:50:39 \| Computer Name = KarenCoffee \| Source = Application Error \| ID = 1000 Description = Navn på program med fejl: chrome.exe, version: 22.0.1229.39, tidsstempel: 0x50481a0c Navn på modul med fejl: ole32.dll, version: 6.1.7600.16624, tidsstempel: 0x4c297c56 Undtagelseskode: 0xc0000005 Forskydning med fejl 0x0002f367 Proces-id 0xdbc Programmets starttidspunkt 0x01cd8d0bef302669 Programsti: C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\chrome.exe Modulsti: C:\windows\syswow64\ole32.dll Rapport-id: ae0a596d-f92d-11e1-b46f-d9292f950093 Error - 07-09-2012 17:28:34 \| Computer Name = KarenCoffee \| Source = MsiInstaller \| ID = 11500 Description = Error - 08-09-2012 00:34:12 \| Computer Name = KarenCoffee \| Source = Application Error \| ID = 1000 Description = Navn på program med fejl: chrome.exe, version: 21.0.1180.89, tidsstempel: 0x503ebf10 Navn på modul med fejl: ole32.dll, version: 6.1.7600.16624, tidsstempel: 0x4c297c56 Undtagelseskode: 0xc0000005 Forskydning med fejl 0x0002f367 Proces-id 0x1470 Programmets starttidspunkt 0x01cd8d7af091d935 Programsti: C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\chrome.exe Modulsti: C:\windows\syswow64\ole32.dll Rapport-id: 6fd83f19-f96e-11e1-962a-b0c73f68aae9 [ Media Center Events ] Error - 22-05-2011 02:37:51 \| Computer Name = KarenCoffee \| Source = MCUpdate \| ID = 0 Description = 08:37:46 - Fejl under oprettelse af forbindelse til internettet. 08:37:46 - Der kunne ikke oprettes forbindelse til serveren.. Error - 07-06-2011 06:50:59 \| Computer Name = KarenCoffee \| Source = MCUpdate \| ID = 0 Description = 12:50:59 - Fejl under oprettelse af forbindelse til internettet. 12:50:59 - Der kunne ikke oprettes forbindelse til serveren.. Error - 07-06-2011 06:51:34 \| Computer Name = KarenCoffee \| Source = MCUpdate \| ID = 0 Description = 12:51:29 - Fejl under oprettelse af forbindelse til internettet. 12:51:29 - Der kunne ikke oprettes forbindelse til serveren.. Error - 11-08-2011 01:58:08 \| Computer Name = KarenCoffee \| Source = MCUpdate \| ID = 0 Description = 07:58:08 - Fejl under oprettelse af forbindelse til internettet. 07:58:08 - Der kunne ikke oprettes forbindelse til serveren.. [ System Events ] Error - 08-09-2012 13:57:54 \| Computer Name = KarenCoffee \| Source = bowser \| ID = 8003 Description = Error - 08-09-2012 14:33:55 \| Computer Name = KarenCoffee \| Source = bowser \| ID = 8003 Description = Error - 08-09-2012 15:09:50 \| Computer Name = KarenCoffee \| Source = bowser \| ID = 8003 Description = Error - 08-09-2012 15:33:52 \| Computer Name = KarenCoffee \| Source = bowser \| ID = 8003 Description = Error - 08-09-2012 16:09:50 \| Computer Name = KarenCoffee \| Source = bowser \| ID = 8003 Description = Error - 08-09-2012 16:33:49 \| Computer Name = KarenCoffee \| Source = bowser \| ID = 8003 Description = Error - 08-09-2012 16:45:51 \| Computer Name = KarenCoffee \| Source = bowser \| ID = 8003 Description = Error - 09-09-2012 00:30:31 \| Computer Name = KarenCoffee \| Source = Service Control Manager \| ID = 7000 Description = Tjenesten ReadyComm.DirectRouter kunne ikke starte pga. følgende fejl: %%2 Error - 09-09-2012 00:35:43 \| Computer Name = KarenCoffee \| Source = Service Control Manager \| ID = 7026 Description = Følgende boot-start- eller system-start-driver kunne ikke indlæses: SBRE Error - 09-09-2012 00:38:08 \| Computer Name = KarenCoffee \| Source = Service Control Manager \| ID = 7000 Description = Tjenesten ReadyComm.DirectRouter kunne ikke starte pga. følgende fejl: %%2 < End of report >
[ Ignorer ] [ # 5 ] Magic Spyhunter
09.09.2012 10:00:10 Administrator Supporter Emeritus Antal indlæg: 32210	Dobbeltklik på adwcleaner.exe. Klik på Slet. Din computer vil (muligvis) blive genstartet automatisk. En tekstfil åbnes efter genstart. Kopier venligst indholdet af denne logfil i dit næste svar. Du kan finde logfilen her C: \ AdwCleaner [Sn] Kør så en ny scan med OTL, og send en ny OTL.txt fil herind. NB. Kender du noget til de adobe adresser i hostsfilen O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com OSV. Signatur Sund Computer fornuft
[ Ignorer ] [ # 6 ] hrs
09.09.2012 10:10:54 Antal indlæg: 17	# AdwCleaner v2.000 - Logfile created 09/09/2012 at 10:05:45 # Updated 30/08/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Henrik Anker - KARENCOFFEE # Boot Mode : Normal # Running from : C:\Users\Henrik Anker\Desktop\adwcleaner.exe # Option [Delete] *** [Services] * * [Files / Folders] * File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\user.js File Deleted : C:\Users\Henrik Anker\AppData\Roaming\Mozilla\Firefox\Profiles\g2cq4hn0.default\searchplugins\yahoo-zugo.xml Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Premium Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Henrik Anker\AppData\Local\OpenCandy Folder Deleted : C:\Users\Henrik Anker\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Henrik Anker\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Henrik Anker\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Henrik Anker\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\HENRIK~1\AppData\Local\Temp\OpenCandy * [Registry] * Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Zugo Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Key Deleted : HKLM\Software\Web Assistant Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Tarma Installer Key Deleted : HKLM\SOFTWARE\Web Assistant Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] * [Internet Browsers] * -\\ Internet Explorer v8.0.7600.16385 Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110822&tt=100512_1_&babsrc=NT_ss&mntrId=36095778000000000000002682e85235—> hxxp://www.google.com -\\ Mozilla Firefox v15.0 (da) Profile name : default File : C:\Users\Henrik Anker\AppData\Roaming\Mozilla\Firefox\Profiles\g2cq4hn0.default\prefs.js C:\Users\Henrik Anker\AppData\Roaming\Mozilla\Firefox\Profiles\g2cq4hn0.default\user.js ... Deleted ! Deleted : user_pref(“browser.babylon.HPOnNewTab”, “search.babylon.com”); Deleted : user_pref(“browser.search.defaultenginename”, “MyStart Search”); Deleted : user_pref(“browser.search.order.1”, “Search the web (Babylon)”); Deleted : user_pref(“browser.search.selectedEngine”, “MyStart Search”); Deleted : user_pref(“extensions.BabylonToolbar_i.aflt”, “babsst”); Deleted : user_pref(“extensions.BabylonToolbar_i.babExt”, “”); Deleted : user_pref(“extensions.BabylonToolbar_i.babTrack”, “affID=110822&tt=100512_1_”); Deleted : user_pref(“extensions.BabylonToolbar_i.hardId”, “36095778000000000000002682e85235”); Deleted : user_pref(“extensions.BabylonToolbar_i.id”, “36095778000000000000002682e85235”); Deleted : user_pref(“extensions.BabylonToolbar_i.instlDay”, “15479”); Deleted : user_pref(“extensions.BabylonToolbar_i.instlRef”, “sst”); Deleted : user_pref(“extensions.BabylonToolbar_i.newTab”, true); Deleted : user_pref(“extensions.BabylonToolbar_i.newTabUrl”, “hxxp://search.babylon.com/?affID=110822&tt=10051[...] Deleted : user_pref(“extensions.BabylonToolbar_i.prdct”, “BabylonToolbar”); Deleted : user_pref(“extensions.BabylonToolbar_i.prtnrId”, “babylon”); Deleted : user_pref(“extensions.BabylonToolbar_i.smplGrp”, “none”); Deleted : user_pref(“extensions.BabylonToolbar_i.srcExt”, “ss”); Deleted : user_pref(“extensions.BabylonToolbar_i.tlbrId”, “tb9”); Deleted : user_pref(“extensions.BabylonToolbar_i.vrsn”, “1.5.3.17”); Deleted : user_pref(“extensions.BabylonToolbar_i.vrsnTs”, “1.5.3.170:35:26”); Deleted : user_pref(“extensions.BabylonToolbar_i.vrsni”, “1.5.3.17”); Deleted : user_pref(“extensions.incredibar.admin”, false); Deleted : user_pref(“extensions.incredibar.aflt”, “orgnl”); Deleted : user_pref(“extensions.incredibar.cntry”, “DK”); Deleted : user_pref(“extensions.incredibar.dfltLng”, “”); Deleted : user_pref(“extensions.incredibar.dfltSrch”, false); Deleted : user_pref(“extensions.incredibar.did”, “10650”); Deleted : user_pref(“extensions.incredibar.envrmnt”, “production”); Deleted : user_pref(“extensions.incredibar.excTlbr”, false); Deleted : user_pref(“extensions.incredibar.hdrMd5”, “51E6612299CE3D99168842F5EE3E191B”); Deleted : user_pref(“extensions.incredibar.hmpg”, false); Deleted : user_pref(“extensions.incredibar.id”, “36095778000000000000002682e85235”); Deleted : user_pref(“extensions.incredibar.installerproductid”, “26”); Deleted : user_pref(“extensions.incredibar.instlDay”, “15586”); Deleted : user_pref(“extensions.incredibar.instlRef”, “”); Deleted : user_pref(“extensions.incredibar.isDcmntCmplt”, true); Deleted : user_pref(“extensions.incredibar.lastVrsnTs”, “1.5.11.1412:26:26”); Deleted : user_pref(“extensions.incredibar.mntrvrsn”, “1.2.0”); Deleted : user_pref(“extensions.incredibar.newTab”, false); Deleted : user_pref(“extensions.incredibar.noFFXTlbr”, false); Deleted : user_pref(“extensions.incredibar.ppd”, “26_5”); Deleted : user_pref(“extensions.incredibar.prdct”, “incredibar”); Deleted : user_pref(“extensions.incredibar.productid”, “26”); Deleted : user_pref(“extensions.incredibar.prtnrId”, “Incredibar”); Deleted : user_pref(“extensions.incredibar.sg”, “none”); Deleted : user_pref(“extensions.incredibar.smplGrp”, “none”); Deleted : user_pref(“extensions.incredibar.tlbrId”, “base”); Deleted : user_pref(“extensions.incredibar.tlbrSrchUrl”, “hxxp://mystart.Incredibar.com/?a=6PQIvWljOg&loc=IB_T[...] Deleted : user_pref(“extensions.incredibar.upn2”, “6PQIvWljOg”); Deleted : user_pref(“extensions.incredibar.upn2n”, “92543517094525840”); Deleted : user_pref(“extensions.incredibar.vrsn”, “1.5.11.14”); Deleted : user_pref(“extensions.incredibar.vrsnTs”, “1.5.11.1412:26:26”); Deleted : user_pref(“extensions.incredibar.vrsni”, “1.5.11.14”); Deleted : user_pref(“extensions.incredibar_i.aflt”, “orgnl”); Deleted : user_pref(“extensions.incredibar_i.dfltLng”, “”); Deleted : user_pref(“extensions.incredibar_i.did”, “10650”); Deleted : user_pref(“extensions.incredibar_i.excTlbr”, false); Deleted : user_pref(“extensions.incredibar_i.id”, “36095778000000000000002682e85235”); Deleted : user_pref(“extensions.incredibar_i.installerproductid”, “26”); Deleted : user_pref(“extensions.incredibar_i.instlDay”, “15586”); Deleted : user_pref(“extensions.incredibar_i.instlRef”, “”); Deleted : user_pref(“extensions.incredibar_i.ms_url_id”, “”); Deleted : user_pref(“extensions.incredibar_i.newTab”, false); Deleted : user_pref(“extensions.incredibar_i.ppd”, “26_5”); Deleted : user_pref(“extensions.incredibar_i.prdct”, “incredibar”); Deleted : user_pref(“extensions.incredibar_i.productid”, “26”); Deleted : user_pref(“extensions.incredibar_i.prtnrId”, “Incredibar”); Deleted : user_pref(“extensions.incredibar_i.smplGrp”, “none”); Deleted : user_pref(“extensions.incredibar_i.tlbrId”, “base”); Deleted : user_pref(“extensions.incredibar_i.tlbrSrchUrl”, “hxxp://mystart.Incredibar.com/?a=6PQIvWljOg&loc=IB[...] Deleted : user_pref(“extensions.incredibar_i.upn2”, “6PQIvWljOg”); Deleted : user_pref(“extensions.incredibar_i.upn2n”, “92543517094525840”); Deleted : user_pref(“extensions.incredibar_i.vrsn”, “1.5.11.14”); Deleted : user_pref(“extensions.incredibar_i.vrsnTs”, “1.5.11.1412:26:26”); Deleted : user_pref(“extensions.incredibar_i.vrsni”, “1.5.11.14”); Deleted : user_pref(“keyword.URL”, “hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQIvWljOg&&i;=26&search;=”[...] -\\ Google Chrome v21.0.1180.89 File : C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.2.1578.0 File : C:\Users\Henrik Anker\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. *********************** AdwCleaner[R1].txt - [9013 octets] - [09/09/2012 08:43:42] AdwCleaner[S1].txt - [9605 octets] - [09/09/2012 10:05:45] ########## EOF - C:\AdwCleaner[S1].txt - [9665 octets] ##########
[ Ignorer ] [ # 7 ] hrs
09.09.2012 10:13:07 Antal indlæg: 17	Magic Emeritus - 09.09.2012 10:00:10 NB. Kender du noget til de adobe adresser i hostsfilen O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com OSV. Nej, det ved jeg ikke hvad er, andet end at jeg kan se, at det er noget med adobe. Jeg er heller ikke helt klar over hvad en hostfil er er.
[ Ignorer ] [ # 8 ] hrs
09.09.2012 10:22:35 Antal indlæg: 17	OTL logfile created on: 09-09-2012 10:14:13 - Run 2 OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\Henrik Anker\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 3,87 Gb Total Physical Memory \| 2,19 Gb Available Physical Memory \| 56,56% Memory free 7,73 Gb Paging File \| 5,79 Gb Available in Paging File \| 74,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 421,81 Gb Total Space \| 298,80 Gb Free Space \| 70,84% Space Free \| Partition Type: NTFS Drive D: \| 29,00 Gb Total Space \| 27,75 Gb Free Space \| 95,71% Space Free \| Partition Type: NTFS Computer Name: KARENCOFFEE \| User Name: Henrik Anker \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Quick Scan \| Include 64bit Scans Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-09-09 08:45:12 \| 000,599,552 \|——\| M] (OldTimer Tools)—C:\Users\Henrik Anker\Desktop\OTL.exe PRC - [2012-08-13 13:33:30 \| 003,064,000 \|——\| M] (Skype Technologies S.A.)—C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-07-27 22:51:26 \| 000,063,960 \|——\| M] (Adobe Systems Incorporated)—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-07-23 10:20:44 \| 002,908,536 \|——\| M] (TechSmith Corporation)—C:\Program Files (x86)\TechSmith\Jing\Jing.exe PRC - [2012-02-23 13:30:40 \| 000,059,240 \|——\| M] (Apple Inc.)—C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2011-12-24 12:24:36 \| 000,202,296 \|——\| M] (Kaspersky Lab ZAO)—C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe PRC - [2011-07-25 23:18:46 \| 000,028,672 \|——\| M] (Lenovo Group Limited)—C:\Program Files (x86)\Lenovo\System Update\SUService.exe PRC - [2010-03-03 22:16:06 \| 000,013,336 \|——\| M] (Intel Corporation)—C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010-03-03 22:16:04 \| 000,284,696 \|——\| M] (Intel Corporation)—C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010-01-15 13:38:46 \| 000,536,576 \|——\| M] (Vimicro)—C:\Program Files (x86)\USB Camera\VM331_STI.EXE PRC - [2009-12-22 14:40:58 \| 000,167,008 \|——\| M] (CyberLink Corp.)—C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe PRC - [2009-12-21 17:34:38 \| 000,743,992 \|——\| M] (Infowatch)—C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe PRC - [2009-12-19 04:52:48 \| 000,100,256 \|——\| M] ()—C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe PRC - [2009-12-09 10:48:26 \| 002,320,920 \|——\| M] (Intel Corporation)—C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009-12-09 10:48:24 \| 000,268,824 \|——\| M] (Intel Corporation)—C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009-08-27 17:09:10 \| 001,253,376 \|——\| M] (MAGIX AG)—C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009-01-26 15:31:16 \| 002,144,088 \|——\| M] (Safer Networking Limited)—C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe ========== Modules (No Company Name) ========== MOD - [2012-08-30 04:58:45 \| 000,442,392 \|——\| M] ()—C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll MOD - [2012-08-30 04:58:42 \| 003,997,720 \|——\| M] ()—C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll MOD - [2012-08-30 04:57:15 \| 000,144,424 \|——\| M] ()—C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll MOD - [2012-08-30 04:57:13 \| 000,266,792 \|——\| M] ()—C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll MOD - [2012-08-30 04:57:12 \| 002,480,680 \|——\| M] ()—C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll MOD - [2012-08-11 15:50:24 \| 000,253,952 \|——\| M] ()—C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll MOD - [2012-08-11 15:46:54 \| 001,782,272 \|——\| M] ()—C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll MOD - [2012-08-11 15:42:53 \| 011,824,128 \|——\| M] ()—C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll MOD - [2012-08-11 15:42:46 \| 000,771,584 \|——\| M] ()—C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012-08-11 15:42:45 \| 003,325,952 \|——\| M] ()—C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012-08-11 15:42:43 \| 000,452,608 \|——\| M] ()—C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll MOD - [2012-08-11 15:42:40 \| 012,433,920 \|——\| M] ()—C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012-08-11 15:42:33 \| 001,591,808 \|——\| M] ()—C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012-08-11 15:42:15 \| 005,453,312 \|——\| M] ()—C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012-08-11 15:42:11 \| 000,971,264 \|——\| M] ()—C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012-08-11 15:42:10 \| 007,952,384 \|——\| M] ()—C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012-08-11 15:42:04 \| 011,490,816 \|——\| M] ()—C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012-08-11 11:18:50 \| 018,000,896 \|——\| M] ()—C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll MOD - [2012-08-11 11:18:38 \| 013,198,336 \|——\| M] ()—C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll MOD - [2012-08-11 11:18:37 \| 011,451,904 \|——\| M] ()—C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll MOD - [2012-08-11 11:18:26 \| 001,666,048 \|——\| M] ()—C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll MOD - [2012-08-11 11:18:24 \| 000,595,968 \|——\| M] ()—C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll MOD - [2012-08-11 11:16:24 \| 003,858,432 \|——\| M] ()—C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll MOD - [2012-08-11 11:16:15 \| 005,617,664 \|——\| M] ()—C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012-08-11 11:16:11 \| 000,982,528 \|——\| M] ()—C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll MOD - [2012-08-11 11:16:07 \| 007,069,184 \|——\| M] ()—C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll MOD - [2012-08-11 11:15:59 \| 009,091,584 \|——\| M] ()—C:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012-08-11 11:15:52 \| 014,412,800 \|——\| M] ()—C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2012-01-08 15:41:12 \| 000,093,696 \|——\| M] ()—C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2011-12-24 12:22:20 \| 007,422,352 \|——\| M] ()—C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtgui4.dll MOD - [2011-12-24 12:22:20 \| 000,795,024 \|——\| M] ()—C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtnetwork4.dll MOD - [2011-12-24 12:22:16 \| 001,270,160 \|——\| M] ()—C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtscript4.dll MOD - [2011-12-24 12:22:16 \| 000,192,912 \|——\| M] ()—C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtsql4.dll MOD - [2011-12-24 12:22:14 \| 002,453,904 \|——\| M] ()—C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtdeclarative4.dll MOD - [2011-12-24 12:22:12 \| 002,126,224 \|——\| M] ()—C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\qtcore4.dll MOD - [2011-12-24 12:21:10 \| 000,459,152 \|——\| M] ()—C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll MOD - [2011-09-05 19:36:52 \| 000,025,088 \|——\| M] ()—C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll MOD - [2011-09-05 19:36:50 \| 000,180,224 \|——\| M] ()—C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll MOD - [2011-06-24 22:56:36 \| 000,087,328 \|——\| M] ()—C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011-06-24 22:56:14 \| 001,241,888 \|——\| M] ()—C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010-09-24 20:25:14 \| 000,299,008 \|——\| M] ()—C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll MOD - [2010-09-24 20:25:11 \| 000,032,768 \|——\| M] ()—C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_da_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009-12-19 04:52:48 \| 000,100,256 \|——\| M] ()—C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe MOD - [2009-12-19 04:51:18 \| 000,133,024 \|——\| M] ()—C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll MOD - [2009-12-19 04:50:38 \| 000,161,696 \|——\| M] ()—C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ========== Services (SafeList) ========== SRV:64bit: - [2009-09-22 20:16:32 \| 000,579,400 \|——\| M] (Lenovo Group Limited) [On_Demand \| Stopped]—C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe—(Lenovo ReadyComm ConnSvc) SRV:64bit: - [2009-08-14 16:22:48 \| 000,509,192 \|——\| M] (Lenovo Group Limited) [On_Demand \| Stopped]—C:\Program Files\Lenovo\ReadyComm\AppSvc.exe—(Lenovo ReadyComm AppSvc) SRV:64bit: - [2009-08-11 18:59:38 \| 000,864,032 \|——\| M] (Broadcom Corporation.) [Auto \| Running]—C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe—(btwdins) SRV:64bit: - [2009-07-14 03:41:27 \| 001,011,712 \|——\| M] (Microsoft Corporation) [Auto \| Running]—C:\Program Files\Windows Defender\mpsvc.dll—(WinDefend) SRV - [2012-09-04 22:35:57 \| 000,114,144 \|——\| M] (Mozilla Foundation) [On_Demand \| Stopped]—C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe—(MozillaMaintenance) SRV - [2012-08-26 08:01:56 \| 000,250,568 \|——\| M] (Adobe Systems Incorporated) [On_Demand \| Stopped]—C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe—(AdobeFlashPlayerUpdateSvc) SRV - [2012-08-13 13:33:30 \| 003,064,000 \|——\| M] (Skype Technologies S.A.) [Auto \| Running]—C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe—(Skype C2C Service) SRV - [2012-07-27 22:51:26 \| 000,063,960 \|——\| M] (Adobe Systems Incorporated) [Auto \| Running]—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe—(AdobeARMservice) SRV - [2012-06-07 19:12:14 \| 000,160,944 \| R—- \| M] (Skype Technologies) [Auto \| Stopped]—C:\Program Files (x86)\Skype\Updater\Updater.exe—(SkypeUpdate) SRV - [2011-12-24 12:24:36 \| 000,202,296 \|——\| M] (Kaspersky Lab ZAO) [Auto \| Running]—C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe—(AVP) SRV - [2011-07-25 23:18:46 \| 000,028,672 \|——\| M] (Lenovo Group Limited) [Auto \| Running]—C:\Program Files (x86)\Lenovo\System Update\SUService.exe—(SUService) SRV - [2010-03-18 14:16:28 \| 000,130,384 \|——\| M] (Microsoft Corporation) [Auto \| Stopped]—C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe—(clr_optimization_v4.0.30319_32) SRV - [2010-03-03 22:16:06 \| 000,013,336 \|——\| M] (Intel Corporation) [Auto \| Running]—C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe—(IAStorDataMgrSvc) SRV - [2010-02-19 14:37:14 \| 000,517,096 \|——\| M] (Adobe Systems Incorporated) [On_Demand \| Stopped]—C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe—(SwitchBoard) SRV - [2009-12-21 17:34:38 \| 000,743,992 \|——\| M] (Infowatch) [Auto \| Running]—C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe—(CSObjectsSrv) SRV - [2009-12-09 10:48:26 \| 002,320,920 \|——\| M] (Intel Corporation) [Auto \| Running]—C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe—(UNS) SRV - [2009-12-09 10:48:24 \| 000,268,824 \|——\| M] (Intel Corporation) [Auto \| Running]—C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe—(LMS) SRV - [2009-08-27 17:09:10 \| 001,253,376 \|——\| M] (MAGIX AG) [Auto \| Running]—C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe—(Fabs) SRV - [2009-07-16 05:12:42 \| 000,276,296 \|——\| M] (Lenovo Group Limited) [On_Demand \| Stopped]—C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll—(PS_MDP) SRV - [2009-07-14 16:27:26 \| 000,038,152 \|——\| M] (Lenovo Group Limited) [On_Demand \| Stopped]—C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe—(IGRS) SRV - [2009-07-14 16:27:20 \| 000,103,688 \|——\| M] (Lenovo Group Limited) [Auto \| Stopped]—C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll—(ReadyComm.DirectRouter) SRV - [2009-06-10 23:23:09 \| 000,066,384 \|——\| M] (Microsoft Corporation) [Disabled \| Stopped]—C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe—(clr_optimization_v2.0.50727_32) SRV - [2008-08-07 11:10:02 \| 003,276,800 \|——\| M] (MAGIX®) [On_Demand \| Stopped]—C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe—(FirebirdServerMAGIXInstance) SRV - [2007-12-17 05:00:00 \| 000,163,840 \|——\| M] (SEIKO EPSON CORPORATION) [Auto \| Running]—C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE—(EPSON_EB_RPCV4_01) SRV - [2007-01-11 05:02:00 \| 000,126,464 \|——\| M] (SEIKO EPSON CORPORATION) [Auto \| Running]—C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE—(EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012-09-07 23:23:03 \| 000,639,280 \|——\| M] (Kaspersky Lab) [File_System \| System \| Running]—C:\Windows\SysNative\drivers\klif.sys—(KLIF) DRV:64bit: - [2012-03-01 08:54:38 \| 000,022,896 \|——\| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown]—C:\windows\SysNative\drivers\fs_rec.sys—(Fs_Rec) DRV:64bit: - [2012-02-15 12:01:50 \| 000,052,736 \|——\| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\usbaapl64.sys—(USBAAPL64) DRV:64bit: - [2011-10-20 11:48:00 \| 000,458,032 \|——\| M] (Kaspersky Lab ZAO) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\kl1.sys—(KL1) DRV:64bit: - [2011-10-20 11:48:00 \| 000,013,616 \|——\| M] (Kaspersky Lab ZAO) [Kernel \| System \| Running]—C:\Windows\SysNative\drivers\kl2.sys—(kl2) DRV:64bit: - [2011-03-11 08:22:41 \| 000,107,904 \|——\| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\amdsata.sys—(amdsata) DRV:64bit: - [2011-03-11 08:22:40 \| 000,027,008 \|——\| M] (Advanced Micro Devices) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\amdxata.sys—(amdxata) DRV:64bit: - [2011-03-10 18:36:24 \| 000,029,488 \|——\| M] (Kaspersky Lab ZAO) [Kernel \| System \| Running]—C:\Windows\SysNative\drivers\klim6.sys—(KLIM6) DRV:64bit: - [2010-09-23 01:36:48 \| 000,048,488 \|——\| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\fssfltr.sys—(fssfltr) DRV:64bit: - [2010-06-24 04:43:58 \| 000,167,816 \|——\| M] (ELAN Microelectronics Corp.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\ETD.sys—(ETD) DRV:64bit: - [2010-06-18 15:34:58 \| 004,170,304 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\BCMWL664.SYS—(BCM43XX) DRV:64bit: - [2010-04-19 21:29:18 \| 000,022,528 \|——\| M] (Apple Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\netaapl64.sys—(Netaapl) DRV:64bit: - [2010-03-18 12:35:10 \| 000,215,168 \|——\| M] (Vimicro Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\vm331avs.sys—(vm331avs) DRV:64bit: - [2010-03-12 05:23:16 \| 000,242,720 \|——\| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\RtsUStor.sys—(RSUSBSTOR) DRV:64bit: - [2010-03-03 21:51:40 \| 000,540,696 \|——\| M] (Intel Corporation) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\iaStor.sys—(iaStor) DRV:64bit: - [2010-01-28 13:55:04 \| 000,086,120 \|——\| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\nvhda64v.sys—(NVHDA) DRV:64bit: - [2010-01-18 11:45:50 \| 000,717,368 \|——\| M] (Conexant Systems Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\CHDRT64.sys—(CnxtHdAudService) DRV:64bit: - [2009-12-14 12:44:24 \| 000,085,048 \|——\| M] (Infowatch) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\CSCrySec.sys—(CSCrySec) DRV:64bit: - [2009-12-14 12:44:24 \| 000,066,104 \|——\| M] (Infowatch) [Kernel \| System \| Running]—C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys—(CSVirtualDiskDrv) DRV:64bit: - [2009-11-02 20:27:10 \| 000,022,544 \|——\| M] (Kaspersky Lab) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\klmouflt.sys—(klmouflt) DRV:64bit: - [2009-10-19 02:40:50 \| 000,028,176 \|——\| M] (Lenovo Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\AcpiVpc.sys—(ACPIVPC) DRV:64bit: - [2009-09-17 06:54:54 \| 000,056,344 \|——\| M] (Intel Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\HECIx64.sys—(HECIx64) DRV:64bit: - [2009-08-20 18:05:06 \| 000,239,616 \|——\| M] (Realtek ) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\Rt64win7.sys—(RTL8167) DRV:64bit: - [2009-07-21 16:20:06 \| 000,121,840 \|——\| M] (CyberLink) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\wsvd.sys—(wsvd) DRV:64bit: - [2009-07-16 13:55:34 \| 000,011,280 \|——\| M] (Lenovo) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\WDMirror.sys—(wdmirror) DRV:64bit: - [2009-07-16 05:38:20 \| 000,079,376 \|——\| M] (Lenovo) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\WDBridge.sys—(Bridge0) DRV:64bit: - [2009-07-14 03:52:20 \| 000,194,128 \|——\| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\amdsbs.sys—(amdsbs) DRV:64bit: - [2009-07-14 03:48:04 \| 000,065,600 \|——\| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\lsi_sas2.sys—(LSI_SAS2) DRV:64bit: - [2009-07-14 03:47:48 \| 000,077,888 \|——\| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\HpSAMD.sys—(HpSAMD) DRV:64bit: - [2009-07-14 03:45:55 \| 000,024,656 \|——\| M] (Promise Technology) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\stexstor.sys—(stexstor) DRV:64bit: - [2009-07-14 02:06:32 \| 000,032,768 \|——\| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\usbser.sys—(usbser) DRV:64bit: - [2009-07-01 06:46:58 \| 000,052,264 \|——\| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\btusbflt.sys—(btusbflt) DRV:64bit: - [2009-07-01 06:46:52 \| 000,098,344 \|——\| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\btwaudio.sys—(btwaudio) DRV:64bit: - [2009-07-01 06:46:48 \| 000,132,648 \|——\| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\btwavdt.sys—(btwavdt) DRV:64bit: - [2009-07-01 06:46:40 \| 000,021,160 \|——\| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\btwrchid.sys—(btwrchid) DRV:64bit: - [2009-06-10 22:37:05 \| 006,108,416 \|——\| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\igdkmd64.sys—(igfx) DRV:64bit: - [2009-06-10 22:35:28 \| 005,434,368 \|——\| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\netw5v64.sys—(netw5v64) DRV:64bit: - [2009-06-10 22:34:36 \| 000,270,848 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\k57nd60a.sys—(k57nd60a) DRV:64bit: - [2009-06-10 22:34:33 \| 003,286,016 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\evbda.sys—(ebdrv) DRV:64bit: - [2009-06-10 22:34:28 \| 000,468,480 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\bxvbda.sys—(b06bdrv) DRV:64bit: - [2009-06-10 22:34:23 \| 000,270,848 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\b57nd60a.sys—(b57nd60a) DRV:64bit: - [2009-06-10 22:31:59 \| 000,031,232 \|——\| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\hcw85cir.sys—(hcw85cir) DRV:64bit: - [2009-05-18 14:17:08 \| 000,034,152 \|——\| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\GEARAspiWDM.sys—(GEARAspiWDM) DRV:64bit: - [2009-04-07 09:33:08 \| 000,035,104 \|——\| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\btwl2cap.sys—(btwl2cap) DRV:64bit: - [2008-08-06 14:32:16 \| 000,151,656 \|——\| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\WimFltr.sys—(WimFltr) DRV:64bit: - [2007-02-19 07:56:38 \| 000,027,136 \|——\| M] (Lenovo (United States) Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\psadd.sys—(psadd) DRV - [2009-07-14 03:19:10 \| 000,019,008 \|——\| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped]—C:\Windows\SysWOW64\drivers\wimmount.sys—(WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ni.dk/ IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ni.dk/ IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\..\SearchScopes\{70BA3E6B-1059-2266-0B2C-40E4A85231B8}: “URL” = http://www.ddlstart.com/s/?q={searchTerms}&src=defsearch&provider;=&provider_name=yahoo&provider;_code=&partner_id=750&product_id=872&affiliate;_id=&channel;=&toolbar_id=200&toolbar_version=2.5.0&install_country=DK&install_date=20120903&user_guid=3CC96EF643874BFD885E1FEB447FECFD&machine_id=7ca729b311cb44ece203f70905c80578&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc;={referrer:source} IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\..\SearchScopes\{9F4E6C12-41BA-4887-B8B1-284509C4A2F8}: “URL” = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie;={inputEncoding?}&oe;={outputEncoding?} IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = .local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: “http://ni.dk/” FF - prefs.js..extensions.enabledAddons: .:2.0.0 FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.6 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledItems: .:11.0.1.400 FF - prefs.js..extensions.enabledItems: .:11.0.1.400 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.74 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Henrik Anker\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Henrik Anker\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Henrik Anker\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Henrik Anker\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012-09-07 23:58:23 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012-09-07 23:58:23 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012-09-07 23:58:23 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-04 22:35:58 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-07 23:28:11 \| 000,000,000 \|—-D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-09-04 22:35:58 \| 000,000,000 \|—-D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-07 23:28:11 \| 000,000,000 \|—-D \| M] [2011-07-04 07:42:29 \| 000,000,000 \|—-D \| M] (No name found)—C:\Users\Henrik Anker\AppData\Roaming\mozilla\Extensions [2012-09-04 22:38:02 \| 000,000,000 \|—-D \| M] (No name found)—C:\Users\Henrik Anker\AppData\Roaming\mozilla\Firefox\Profiles\g2cq4hn0.default\extensions [2012-08-23 12:47:26 \| 000,000,000 \|—-D \| M] (SeoQuake)—C:\Users\Henrik Anker\AppData\Roaming\mozilla\Firefox\Profiles\g2cq4hn0.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2012-08-23 07:43:27 \| 000,000,000 \|—-D \| M] (LastPass)—C:\Users\Henrik Anker\AppData\Roaming\mozilla\Firefox\Profiles\g2cq4hn0.default\extensions\support@lastpass.com [2012-09-07 23:30:26 \| 000,000,000 \|—-D \| M] (No name found)—C:\Program Files (x86)\Mozilla Firefox\extensions [2012-08-25 18:25:35 \| 000,000,000 \|—-D \| M] (Skype Click to Call)—C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-06-27 07:30:00 \| 000,000,000 \|—-D \| M] (Java Console)—C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-09-07 23:30:26 \| 000,000,000 \|—-D \| M] (Java Console)—C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-04 22:35:57 \| 000,266,720 \|——\| M] (Mozilla Foundation)—C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012-06-10 11:13:56 \| 000,001,525 \|——\| M] ()—C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml [2012-09-04 22:35:56 \| 000,002,465 \|——\| M] ()—C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012-06-10 11:13:56 \| 000,001,178 \|——\| M] ()—C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie;={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl;={language}&q={searchTerms}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.1.288_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.1.288_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.1.288_0\plugin/npABPlugin.dll CHR - plugin: Perion plugin (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll CHR - plugin: NPLastPass (Enabled) = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\nplastpass.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Henrik Anker\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Henrik Anker\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\windows\SysWOW64\npdeployJava1.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Kaspersky URL-r\u00E5dgiver = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.1.288_0\ CHR - Extension: LastPass = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.1_0\ CHR - Extension: Virtuelt Tastatur = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.1.288_0\ CHR - Extension: Skype Click to Call = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\ CHR - Extension: Anti-Banner = C:\Users\Henrik Anker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.1.288_0\ O1 HOSTS File: ([2010-04-30 15:56:09 \| 000,001,798 \|——\| M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 http://www.adobeereg.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 125.252.224.90 O1 - Hosts: 127.0.0.1 125.252.224.91 O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe File not found O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000..\Run: [EPSON SX110 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU “C:\windows\TEMP\E_SCC05.tmp” /EF “HKCU” File not found O4 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000..\Run: [EPSON SX110 Series (kopi 1)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU “C:\windows\TEMP\E_S3B30.tmp” /EF “HKCU” File not found O4 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation) O4 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-3061276965-3596754536-3702179295-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Føj til Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Henrik Anker\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Henrik Anker\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O8:64bit: - Extra context menu item: Send billede til &Bluetooth;-enhed… - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send siden til &Bluetooth;-enhed… - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Føj til Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8 - Extra context menu item: LastPass - file://C:\Users\Henrik Anker\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Henrik Anker\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: Send billede til &Bluetooth;-enhed… - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send siden til &Bluetooth;-enhed… - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: &Virtuelt; Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9:64bit: - Extra ‘Tools’ menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra ‘Tools’ menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: URL-&kontrol; - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelt; Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O9 - Extra ‘Tools’ menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra ‘Tools’ menuitem : Send to &Bluetooth; Device… - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: URL-&kontrol; - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} http://www.king.com/ctl/kingcomie.cab (king.com) O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.dk/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.150.129.22 89.150.129.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A326DE3-7D3F-4A29-9FA7-D0FF1E47A7BD}: DhcpNameServer = 80.251.201.177 80.251.201.178 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6578530-2C5B-4419-9CD5-A8DFF4FE43EB}: DhcpNameServer = 89.150.129.22 89.150.129.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB0001FF-254C-495F-BA36-467A20317B33}: DhcpNameServer = 89.150.129.22 89.150.129.10 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ae7a1aeb-c857-11df-8c21-806e6f6e6963}\Shell - “” = AutoRun O33 - MountPoints2\{ae7a1aeb-c857-11df-8c21-806e6f6e6963}\Shell\AutoRun\command - “” = F:\dvdcheck.exe O33 - MountPoints2\{e4108a2c-8f9f-11e0-9703-c0cb38ec058b}\Shell - “” = AutoRun O33 - MountPoints2\{e4108a2c-8f9f-11e0-9703-c0cb38ec058b}\Shell\AutoRun\command - “” = E:\AutoRun.exe O33 - MountPoints2\{e4108a3d-8f9f-11e0-9703-c0cb38ec058b}\Shell - “” = AutoRun O33 - MountPoints2\{e4108a3d-8f9f-11e0-9703-c0cb38ec058b}\Shell\AutoRun\command - “” = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open]—“%1” %* O35:64bit: - HKLM\..exefile [open]—“%1” %* O35 - HKLM\..comfile [open]—“%1” %* O35 - HKLM\..exefile [open]—“%1” %* O37:64bit: - HKLM\...com [@ = comfile]—“%1” %* O37:64bit: - HKLM\...exe [@ = exefile]—“%1” %* O37 - HKLM\...com [@ = comfile]—“%1” %* O37 - HKLM\...exe [@ = exefile]—“%1” %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-09-09 08:45:18 \| 000,599,552 \|——\| C] (OldTimer Tools)—C:\Users\Henrik Anker\Desktop\OTL.exe [2012-09-09 06:33:13 \| 000,000,000 \|—-D \| C]—C:\ProgramData\GFI Software [2012-09-08 22:51:01 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Spybot - Search & Destroy [2012-09-08 22:51:01 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Spybot - Search & Destroy [2012-09-08 15:17:48 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Roaming\Malwarebytes [2012-09-08 15:17:24 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Malwarebytes [2012-09-08 06:31:49 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012-09-07 23:24:53 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 2.0 [2012-09-07 23:24:29 \| 000,085,048 \|——\| C] (Infowatch)—C:\windows\SysNative\drivers\CSCrySec.sys [2012-09-07 23:24:29 \| 000,066,104 \|——\| C] (Infowatch)—C:\windows\SysNative\drivers\CSVirtualDiskDrv.sys [2012-09-07 23:23:24 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Common Files\InfoWatch [2012-09-07 23:23:22 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Kaspersky Lab [2012-09-07 23:23:22 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Kaspersky Lab [2012-09-07 23:23:03 \| 000,639,280 \|——\| C] (Kaspersky Lab)—C:\windows\SysNative\drivers\klif.sys [2012-09-07 23:17:05 \| 000,000,000 \|—SD \| C]—C:\Users\Henrik Anker\Documents\Passwords Database [2012-09-05 16:39:27 \| 000,000,000 \| R—D \| C]—C:\Backup [2012-09-04 13:11:15 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio [2012-09-04 13:11:14 \| 000,049,664 \|——\| C] (CamStudio Group)—C:\windows\SysNative\CamCodec.dll [2012-09-04 13:11:14 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\CamStudio 2.6b [2012-09-04 10:45:04 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Local\{CF06E502-38BB-4E98-95A6-3B130E11E7C0} [2012-09-03 12:26:31 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Perion [2012-09-01 16:46:45 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Incansoft [2012-09-01 16:46:43 \| 000,000,000 \|—-D \| C]—C:\IncanBots [2012-08-30 20:19:54 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Local\{5002FEEF-6E2B-47A8-B535-C8BBB4FFDAF7} [2012-08-28 17:22:04 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Local\{EFDD4846-F88C-4B95-B8E4-EBFD61015BFB} [2012-08-28 17:22:03 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Local\{D4447086-902C-4C0E-8D2C-FBE78AFC1F64} [2012-08-25 21:50:22 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Local\Unity [2012-08-24 10:22:59 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\Documents\Fonts [2012-08-23 07:43:23 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass [2012-08-23 07:43:23 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass [2012-08-23 07:43:23 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\LastPass [2012-08-21 09:55:29 \| 000,000,000 \|—SD \| C]—C:\Users\Henrik Anker\Google Drev [2012-08-21 09:54:07 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2012-08-15 09:02:39 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\Desktop\Jing [2012-08-11 09:06:40 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\AppData\Local\TechSmith [2012-08-11 09:06:22 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith [2012-08-11 09:06:21 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\TechSmith [2012-08-10 20:04:17 \| 000,000,000 \|—-D \| C]—C:\Users\Henrik Anker\Documents\Internet Marketing - sites mv ========== Files - Modified Within 30 Days ========== [2012-09-09 10:14:27 \| 000,013,632 \| -H—\| M] ()—C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-09-09 10:14:27 \| 000,013,632 \| -H—\| M] ()—C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-09-09 10:11:00 \| 000,000,944 \|——\| M] ()—C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012-09-09 10:07:16 \| 000,000,940 \|——\| M] ()—C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012-09-09 10:06:51 \| 000,067,584 \|—S- \| M] ()—C:\windows\bootstat.dat [2012-09-09 10:06:44 \| 3113,365,504 \| -HS- \| M] ()—C:\hiberfil.sys [2012-09-09 09:40:00 \| 000,000,830 \|——\| M] ()—C:\windows\tasks\Adobe Flash Player Updater.job [2012-09-09 09:32:00 \| 000,000,970 \|——\| M] ()—C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3061276965-3596754536-3702179295-1000UA.job [2012-09-09 08:45:12 \| 000,599,552 \|——\| M] (OldTimer Tools)—C:\Users\Henrik Anker\Desktop\OTL.exe [2012-09-09 08:41:27 \| 000,511,265 \|——\| M] ()—C:\Users\Henrik Anker\Desktop\adwcleaner.exe [2012-09-09 08:32:00 \| 000,000,918 \|——\| M] ()—C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3061276965-3596754536-3702179295-1000Core.job [2012-09-08 06:31:52 \| 000,002,418 \|——\| M] ()—C:\Users\Henrik Anker\Desktop\Google Chrome.lnk [2012-09-08 06:21:20 \| 005,081,704 \|——\| M] ()—C:\windows\SysNative\FNTCACHE.DAT [2012-09-07 23:56:27 \| 000,153,053 \|——\| M] ()—C:\windows\SysNative\drivers\klin.dat [2012-09-07 23:56:27 \| 000,107,384 \|——\| M] ()—C:\windows\SysNative\drivers\klick.dat [2012-09-07 23:23:03 \| 000,639,280 \|——\| M] (Kaspersky Lab)—C:\windows\SysNative\drivers\klif.sys [2012-09-07 11:02:36 \| 000,000,132 \|——\| M] ()—C:\Users\Henrik Anker\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012-09-05 16:39:30 \| 000,017,408 \|——\| M] ()—C:\Users\Henrik Anker\AppData\Local\WebpageIcons.db [2012-09-04 22:47:11 \| 000,001,793 \|——\| M] ()—C:\Users\Public\Desktop\Opera.lnk [2012-09-04 22:36:02 \| 000,002,048 \|——\| M] ()—C:\Users\Henrik Anker\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012-09-04 13:11:15 \| 000,000,939 \|——\| M] ()—C:\Users\Public\Desktop\CamStudio-Recorder.lnk [2012-09-02 09:36:03 \| 000,165,734 \|——\| M] ()—C:\Users\Henrik Anker\Documents\conversational hypnosis.inca [2012-09-02 09:10:16 \| 000,100,406 \|——\| M] ()—C:\Users\Henrik Anker\Documents\Feline health.inca [2012-09-02 08:05:56 \| 000,067,552 \|——\| M] ()—C:\Users\Henrik Anker\Documents\covert hypnosis.inca [2012-09-01 18:37:48 \| 000,241,996 \|——\| M] ()—C:\Users\Henrik Anker\Documents\Hypnosis.inca [2012-09-01 16:46:45 \| 000,003,043 \|——\| M] ()—C:\Users\Henrik Anker\Desktop\Niche Mania.lnk [2012-08-23 07:43:28 \| 000,001,192 \|——\| M] ()—C:\Users\Henrik Anker\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk [2012-08-23 07:43:24 \| 000,001,192 \|——\| M] ()—C:\Users\Public\Desktop\My LastPass Vault.lnk [2012-08-21 09:55:29 \| 000,001,712 \|——\| M] ()—C:\Users\Henrik Anker\Desktop\Google Drev.lnk [2012-08-13 01:14:43 \| 001,352,136 \|——\| M] ()—C:\windows\SysWow64\PerfStringBackup.INI [2012-08-13 01:14:43 \| 000,652,376 \|——\| M] ()—C:\windows\SysNative\perfh009.dat [2012-08-13 01:14:43 \| 000,507,478 \|——\| M] ()—C:\windows\SysNative\perfh006.dat [2012-08-13 01:14:43 \| 000,121,308 \|——\| M] ()—C:\windows\SysNative\perfc009.dat [2012-08-13 01:14:43 \| 000,097,708 \|——\| M] ()—C:\windows\SysNative\perfc006.dat [2012-08-13 01:14:32 \| 001,352,136 \|——\| M] ()—C:\windows\SysNative\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2012-09-09 08:41:26 \| 000,511,265 \|——\| C] ()—C:\Users\Henrik Anker\Desktop\adwcleaner.exe [2012-09-08 06:31:52 \| 000,002,418 \|——\| C] ()—C:\Users\Henrik Anker\Desktop\Google Chrome.lnk [2012-09-07 23:24:56 \| 000,153,053 \|——\| C] ()—C:\windows\SysNative\drivers\klin.dat [2012-09-07 23:24:56 \| 000,107,384 \|——\| C] ()—C:\windows\SysNative\drivers\klick.dat [2012-09-05 16:39:29 \| 000,017,408 \|——\| C] ()—C:\Users\Henrik Anker\AppData\Local\WebpageIcons.db [2012-09-04 22:47:11 \| 000,001,805 \|——\| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012-09-04 22:47:11 \| 000,001,793 \|——\| C] ()—C:\Users\Public\Desktop\Opera.lnk [2012-09-04 13:11:15 \| 000,000,939 \|——\| C] ()—C:\Users\Public\Desktop\CamStudio-Recorder.lnk [2012-09-02 09:23:10 \| 000,165,734 \|——\| C] ()—C:\Users\Henrik Anker\Documents\conversational hypnosis.inca [2012-09-02 08:10:10 \| 000,100,406 \|——\| C] ()—C:\Users\Henrik Anker\Documents\Feline health.inca [2012-09-02 07:54:09 \| 000,067,552 \|——\| C] ()—C:\Users\Henrik Anker\Documents\covert hypnosis.inca [2012-09-01 18:31:32 \| 000,241,996 \|——\| C] ()—C:\Users\Henrik Anker\Documents\Hypnosis.inca [2012-09-01 16:46:45 \| 000,003,043 \|——\| C] ()—C:\Users\Henrik Anker\Desktop\Niche Mania.lnk [2012-08-23 07:43:27 \| 000,001,192 \|——\| C] ()—C:\Users\Henrik Anker\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk [2012-08-23 07:43:24 \| 000,001,192 \|——\| C] ()—C:\Users\Public\Desktop\My LastPass Vault.lnk [2012-08-21 09:55:29 \| 000,001,712 \|——\| C] ()—C:\Users\Henrik Anker\Desktop\Googl
[ Ignorer ] [ # 9 ] hrs
09.09.2012 10:30:01 Antal indlæg: 17	Første linje herunder = sidste linje i posten ovenfor [2012-08-21 09:55:29 \| 000,001,712 \|——\| C] ()—C:\Users\Henrik Anker\Desktop\Google Drev.lnk [2012-08-11 09:03:08 \| 001,352,136 \|——\| C] ()—C:\windows\SysWow64\PerfStringBackup.INI [2012-06-21 14:51:07 \| 000,000,132 \|——\| C] ()—C:\Users\Henrik Anker\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011-11-20 21:52:28 \| 000,001,007 \|——\| C] ()—C:\windows\MyHeritage.INI [2011-11-20 21:48:49 \| 000,454,656 \|——\| C] ()—C:\windows\SysWow64\PaintX.dll [2011-11-18 18:49:13 \| 000,000,170 \|——\| C] ()—C:\Users\Henrik Anker\LAViewer.properties [2011-09-25 11:01:01 \| 000,000,088 \|——\| C] ()—C:\ProgramData\profile.xml [2011-06-12 13:34:28 \| 000,000,132 \|——\| C] ()—C:\Users\Henrik Anker\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011-03-21 08:54:43 \| 000,000,000 \|——\| C] ()—C:\Users\Henrik Anker\temp.dat [2011-03-01 21:43:45 \| 000,001,456 \|——\| C] ()—C:\Users\Henrik Anker\AppData\Local\Adobe Save for Web 12.0 Prefs [2010-12-01 22:26:22 \| 000,000,056 \| -H—\| C] ()—C:\ProgramData\ezsidmv.dat [2010-09-25 06:34:40 \| 000,000,512 \|——\| C] ()—C:\windows\previous.bin [2010-09-25 06:34:40 \| 000,000,512 \|——\| C] ()—C:\windows\current.bin [2010-09-25 06:26:36 \| 000,016,648 \| R—- \| C] ()—C:\windows\SysWow64\LogAPI.dll [2010-09-25 06:21:43 \| 002,110,816 \|——\| C] ()—C:\windows\SysWow64\Apblend.dll [2010-09-25 06:21:43 \| 001,171,456 \|——\| C] ()—C:\windows\SysWow64\PicNotify.dll [2010-09-25 06:21:35 \| 001,044,480 \|——\| C] ()—C:\windows\SysWow64\3DImageRenderer.dll [2010-09-25 05:54:58 \| 000,001,341 \|——\| C] ()—C:\windows\vm331Rmv.ini ========== LOP Check ========== [2012-05-06 12:26:22 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\Acoustica [2012-09-05 23:55:21 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\BitTorrent [2011-05-20 15:19:28 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\bppenu11 [2011-03-19 10:15:07 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011-03-26 13:25:27 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011-08-18 15:18:28 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\com.kpdev.InMyMug [2012-07-08 11:30:08 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\com.pageone.KeywordXP [2012-09-09 08:48:00 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\Dropbox [2011-01-31 09:20:32 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\EPSON [2012-04-18 15:12:11 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\Feedreader [2012-09-07 17:00:46 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\FileZilla [2011-04-10 16:36:02 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\GARMIN [2012-09-05 23:52:43 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\Guitar Pro 6 [2011-06-13 11:57:05 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\Hardcore [2011-06-12 00:10:25 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\MAGIX [2011-11-20 22:16:12 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\MyHeritage [2011-03-01 22:07:19 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\NoteTab Pro [2010-12-02 19:36:58 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\Opera [2011-06-28 20:25:29 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\PC Suite [2012-07-26 09:25:30 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012-05-06 08:12:26 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\SummaSummarum [2012-05-06 12:27:07 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\SynthMaker [2011-11-23 21:22:49 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\The Complete Genealogy Reporter - FTB [2011-11-30 19:05:01 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\Thunderbird [2010-12-02 08:31:08 \| 000,000,000 \|—-D \| M]—C:\Users\Henrik Anker\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2012-06-28 13:44:30 \| 000,032,550 \|——\| M] ()—C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
[ Ignorer ] [ # 10 ] Magic Spyhunter
09.09.2012 17:05:59 Administrator Supporter Emeritus Antal indlæg: 32210	Nej, det ved jeg ikke hvad er, andet end at jeg kan se, at det er noget med adobe. Jeg er heller ikke helt klar over hvad en hostfil er er. Nej ok. De er ikke skadelige, så fred være med dem Det ser ud til at du er sluppet af med de Toolbars Signatur Sund Computer fornuft
[ Ignorer ] [ # 11 ] hrs
09.09.2012 17:22:32 Antal indlæg: 17	Okay - jeg takker mange mange gange for din/jeres store hjælp. Fortsat god søndag
[ Ignorer ] [ # 12 ] Magic Spyhunter
10.09.2012 16:44:50 Administrator Supporter Emeritus Antal indlæg: 32210	Velbekomme Start OTL. Klik på CleanUp! knappen. Du vil blive spurgt, om du vil begynde at rensningen? Vælg Ja. Dette trin fjerner de filer, mapper og genveje skabt af de værktøjer, du har downloadet og kørt. Når du er færdig, vil du blive bedt om at genstarte computeren. Genstart venligst din computer. Jeg lukker pænt efter os igen. Signatur Sund Computer fornuft