Teza Skrevet 27. oktober 2013 Del Skrevet 27. oktober 2013 Var litt for uoppmerksom i natt og klarte å få et virus som låser/krypterer foldere. Ser ut som jeg fikk stoppet det før det spredde seg for mye, så mistet heldigvis ikke viktige filer, men mange kataloger er ikke lengre tilgjengelig. Dog for å unngå denne problemstillingen i fremtiden, er det mulig å kjøre internett programmer i en virituell maskin på en enkel måte? Dersom det skulle skje igjen vil det vel da kun gå ut over denne virituelle maskinen, som enkelt kan startes opp på nytt? Kan denne kjøres i et vindu ved å starte en snarvei på skrivebordet, på lik linje som en browser? Vet ikke hvordan dette fungerer, men ser behovet dersom det er mulig. Lenke til kommentar
mobile999 Skrevet 27. oktober 2013 Del Skrevet 27. oktober 2013 (endret) Er det selve mappen som er kryptert slik at du ikke får åpnet mappen? Alternativt, er det filene som er kryptert (du får åpnet mappen)? Hvilket operativsystem er det på denne maskinen? Endret 27. oktober 2013 av mobile999 Lenke til kommentar
Teza Skrevet 27. oktober 2013 Forfatter Del Skrevet 27. oktober 2013 Ikke sikker på om filer er låst, det er hengelås på enkelte mapper, noen av disse kommer jeg inn i men de under mappene som er merket med hengelås kommer jeg ikke inn i. Mappen programfiler, Documents and settings samt papirkurv har jeg ikke tilgang på. Heldigvis er programmer installert i andre mapper og viktige dokumenter lagret andre steder. Windows 7 ultimate. Lenke til kommentar
mobile999 Skrevet 27. oktober 2013 Del Skrevet 27. oktober 2013 Det høres ikke ut som mappen er kryptert. Jeg spurte fordi det finnes virus som krypterer filer. Hvis det kun er tilgang til mappene som er låst så skal det ikke være noe problem å få tak i innholdet. Jeg foreslår at du kjører følgende scan: Last ned og kjør OTL. Klikk Quick Scan. Når den er ferdig poster du de to tekstfilene den lager (OTL.txt og Extras.txt). Det er dette forumets policy at logger postes i spoilertekst. Lenke til kommentar
Teza Skrevet 27. oktober 2013 Forfatter Del Skrevet 27. oktober 2013 OTL OTL logfile created on: 27.10.2013 20:35:36 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terje Andersen\Downloads64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16721)Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy63,95 Gb Total Physical Memory | 18,66 Gb Available Physical Memory | 29,17% Memory free127,90 Gb Paging File | 81,48 Gb Available in Paging File | 63,71% Paging File freePaging file location(s): e:\pagefile.sys 0 0 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 223,50 Gb Total Space | 154,75 Gb Free Space | 69,24% Space Free | Partition Type: NTFSDrive E: | 931,51 Gb Total Space | 717,33 Gb Free Space | 77,01% Space Free | Partition Type: NTFSDrive F: | 931,51 Gb Total Space | 669,40 Gb Free Space | 71,86% Space Free | Partition Type: NTFSDrive K: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFSDrive Z: | 39,06 Gb Total Space | 38,52 Gb Free Space | 98,61% Space Free | Partition Type: NTFSComputer Name: 2P-MAIN | User Name: Terje Andersen | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2013.10.27 20:30:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Terje Andersen\Downloads\OTL.exePRC - [2013.10.15 16:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exePRC - [2013.10.14 16:33:01 | 004,752,384 | ---- | M] (Spotify Ltd) -- C:\Users\Terje Andersen\AppData\Roaming\Spotify\spotify.exePRC - [2013.10.14 16:32:51 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\Terje Andersen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exePRC - [2013.10.14 16:32:51 | 000,521,216 | ---- | M] () -- C:\Users\Terje Andersen\AppData\Roaming\Spotify\Data\SpotifyHelper.exePRC - [2013.09.30 12:41:10 | 010,057,216 | ---- | M] () -- C:\Users\Terje Andersen\AppData\Roaming\FAHClient\cores\www.stanford.edu\~pande\Win32\AMD64\beta\Core_a4.fah\FahCore_a4.exePRC - [2013.09.29 21:02:59 | 008,889,344 | ---- | M] () -- C:\Users\Terje Andersen\AppData\Roaming\FAHClient\cores\www.stanford.edu\~pande\Win32\AMD64\NVIDIA\Fermi\beta\Core_17.fah\FahCore_17.exePRC - [2013.09.27 21:15:22 | 007,417,944 | ---- | M] (SlySoft, Inc.) -- Z:\AnyDVD\AnyDVDtray.exePRC - [2013.09.22 10:56:53 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exePRC - [2013.09.04 08:33:54 | 009,718,472 | ---- | M] (One.com) -- C:\Program Files (x86)\OnecomCloudDrive\Dlls\OnecomCloudDrive.exePRC - [2013.07.12 05:17:27 | 000,517,144 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exePRC - [2013.07.12 05:17:24 | 000,327,432 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exePRC - [2013.07.12 05:17:22 | 000,077,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exePRC - [2013.07.08 12:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exePRC - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013.03.09 09:11:32 | 000,036,864 | ---- | M] (Corsair Components, Inc.) -- C:\Program Files (x86)\Corsair\CorsairLINK2\CorsairLINK_HardwareMonitor.exePRC - [2013.02.19 00:28:08 | 014,800,896 | ---- | M] () -- C:\Program Files (x86)\FAHClient\FAHClient.exePRC - [2013.02.18 23:43:36 | 002,755,072 | ---- | M] () -- C:\Program Files (x86)\FAHClient\FAHCoreWrapper.exePRC - [2013.02.01 13:50:22 | 001,641,368 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exePRC - [2013.01.26 06:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Terje Andersen\AppData\Local\Akamai\netsession_win.exePRC - [2012.08.07 10:42:32 | 000,007,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exePRC - [2012.08.07 10:42:26 | 000,286,720 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exePRC - [2012.06.13 03:34:12 | 001,213,952 | ---- | M] () -- C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exePRC - [2012.05.14 12:53:04 | 000,313,192 | ---- | M] (Marvell) -- C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exePRC - [2011.11.22 03:48:18 | 000,024,645 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exePRC - [2010.11.20 13:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe========== Modules (No Company Name) ==========MOD - [2013.10.14 19:50:41 | 001,227,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\decc12017394d466b473669f85b31b5d\System.WorkflowServices.ni.dllMOD - [2013.10.14 19:50:17 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c8823408f21cc24f6add84812f1caaaf\System.ServiceModel.Routing.ni.dllMOD - [2013.10.14 19:50:16 | 001,142,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0aa6ae92cf58fb9d614d00132c439b39\System.ServiceModel.Discovery.ni.dllMOD - [2013.10.14 19:50:15 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\53b16e9e500081433b043c3148d10239\System.ServiceModel.Channels.ni.dllMOD - [2013.10.14 19:50:07 | 001,089,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\593b48b531c3445e6dae067cc6879cdd\System.ServiceModel.Web.ni.dllMOD - [2013.10.14 19:48:55 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\00711a4bc1014a1b22c16e62c1cce557\System.Data.DataSetExtensions.ni.dllMOD - [2013.10.14 19:48:26 | 001,837,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ce9a2e0e508484f2ccc43194945cfae4\Microsoft.VisualBasic.ni.dllMOD - [2013.10.14 19:48:20 | 001,394,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5b0f72f144945b19324f94884e1e8699\System.ServiceModel.Activities.ni.dllMOD - [2013.10.14 19:48:16 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dllMOD - [2013.10.14 19:48:15 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dllMOD - [2013.10.14 19:47:57 | 000,027,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\2b647e792719aeed5471a22cc0929aa3\IAStorDataMgrSvcInterfaces.ni.dllMOD - [2013.10.14 19:47:50 | 012,177,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\d359d3a18707ee1c64074240cc73a1bf\System.Web.ni.dllMOD - [2013.10.14 19:47:40 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dllMOD - [2013.10.14 19:47:39 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dllMOD - [2013.10.14 16:32:51 | 034,604,032 | ---- | M] () -- C:\Users\Terje Andersen\AppData\Roaming\Spotify\Data\libcef.dllMOD - [2013.10.14 16:32:51 | 000,747,008 | ---- | M] () -- C:\Users\Terje Andersen\AppData\Roaming\Spotify\Data\libglesv2.dllMOD - [2013.10.14 16:32:51 | 000,521,216 | ---- | M] () -- C:\Users\Terje Andersen\AppData\Roaming\Spotify\Data\SpotifyHelper.exeMOD - [2013.10.14 16:32:51 | 000,137,216 | ---- | M] () -- C:\Users\Terje Andersen\AppData\Roaming\Spotify\Data\libegl.dllMOD - [2013.10.13 21:59:31 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dllMOD - [2013.10.13 21:59:15 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dllMOD - [2013.10.13 21:59:13 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\de9e77138e17f0188104c9ec32d375da\System.Data.ni.dllMOD - [2013.10.13 21:59:10 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dllMOD - [2013.10.13 21:59:08 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dllMOD - [2013.10.13 21:59:03 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dllMOD - [2013.10.13 21:59:00 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dllMOD - [2013.09.30 12:41:10 | 010,057,216 | ---- | M] () -- C:\Users\Terje Andersen\AppData\Roaming\FAHClient\cores\www.stanford.edu\~pande\Win32\AMD64\beta\Core_a4.fah\FahCore_a4.exeMOD - [2013.09.29 21:02:59 | 008,889,344 | ---- | M] () -- C:\Users\Terje Andersen\AppData\Roaming\FAHClient\cores\www.stanford.edu\~pande\Win32\AMD64\NVIDIA\Fermi\beta\Core_17.fah\FahCore_17.exeMOD - [2013.09.22 10:56:42 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dllMOD - [2013.09.04 08:22:42 | 001,066,496 | ---- | M] () -- C:\Program Files (x86)\OnecomCloudDrive\Dlls\libcurl.dllMOD - [2013.09.04 08:22:28 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\OnecomCloudDrive\Dlls\LibCurlShim.dllMOD - [2013.08.27 09:16:08 | 000,541,184 | ---- | M] () -- C:\Program Files (x86)\OnecomCloudDrive\Dlls\OneComGracenoteImpl.dllMOD - [2013.08.27 09:13:30 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\OnecomCloudDrive\Dlls\OneComAudioFileUtility.dllMOD - [2013.08.17 20:29:44 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\6a6925ae06bbe4b8e647e203597af47a\WindowsFormsIntegration.ni.dllMOD - [2013.08.17 20:28:45 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dllMOD - [2013.08.17 20:28:40 | 000,289,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\60212088eeb6ddb833242f263536b1fe\IAStorUtil.ni.dllMOD - [2013.08.17 20:28:31 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dllMOD - [2013.08.17 20:28:19 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dllMOD - [2013.08.17 20:28:19 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.Wrapper.dllMOD - [2013.08.17 20:28:18 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dllMOD - [2013.08.17 20:28:16 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dllMOD - [2013.08.17 18:19:17 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dllMOD - [2013.08.17 18:19:14 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dllMOD - [2013.08.17 18:19:14 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dllMOD - [2013.08.17 18:19:13 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dllMOD - [2013.07.21 15:23:01 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\3af3621fb452218af47d2fc12ce72d5e\IAStorCommon.ni.dllMOD - [2013.07.21 15:20:03 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dllMOD - [2013.07.21 15:20:03 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dllMOD - [2013.07.12 05:19:19 | 000,861,960 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD13\common\UNO\UNO.dllMOD - [2013.07.12 05:18:50 | 000,043,272 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DHProcedure\DHProcedure.dllMOD - [2013.05.02 01:06:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\Koan\_ssl.pydMOD - [2013.05.02 01:06:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\koan\_ctypes.pydMOD - [2013.05.02 01:06:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\Koan\_socket.pydMOD - [2013.03.09 09:09:30 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Corsair\CorsairLINK2\SynchronousIO.Native.dllMOD - [2013.02.19 00:28:08 | 014,800,896 | ---- | M] () -- C:\Program Files (x86)\FAHClient\FAHClient.exeMOD - [2013.02.18 23:43:36 | 002,755,072 | ---- | M] () -- C:\Program Files (x86)\FAHClient\FAHCoreWrapper.exeMOD - [2012.06.13 16:55:48 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\OnecomCloudDrive\Dlls\INETConnection.dllMOD - [2012.06.13 03:34:12 | 001,213,952 | ---- | M] () -- C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe========== Services (SafeList) ==========SRV:64bit: - [2012.09.06 00:53:46 | 000,170,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV - [2013.10.15 16:54:02 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)SRV - [2013.10.14 16:32:02 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013.09.22 10:56:53 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2013.08.12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programfiler\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV - [2013.08.12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programfiler\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV - [2013.07.12 05:17:24 | 000,327,432 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe -- (CyberLink PowerDVD 13 Media Server Service)SRV - [2013.07.12 05:17:22 | 000,077,576 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe -- (CyberLink PowerDVD 13 Media Server Monitor Service)SRV - [2013.07.08 12:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)SRV - [2013.06.02 17:57:53 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Programfiler\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)SRV - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2012.08.07 10:42:32 | 000,007,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2012.05.14 12:53:04 | 000,313,192 | ---- | M] (Marvell) [Auto | Running] -- C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe -- (Marvell Storage Management)SRV - [2012.01.23 15:30:22 | 000,233,328 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Programfiler\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc)SRV - [2011.11.22 03:48:18 | 000,024,645 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe -- (MSUWebService)SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2013.07.31 12:23:57 | 000,139,352 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)DRV:64bit: - [2013.06.18 20:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2013.06.16 13:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)DRV:64bit: - [2013.03.04 13:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)DRV:64bit: - [2012.11.21 21:44:00 | 000,019,456 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiUSBXp.sys -- (SIUSBXP)DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2012.08.20 09:38:12 | 000,416,072 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)DRV:64bit: - [2012.08.20 09:38:12 | 000,138,568 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)DRV:64bit: - [2012.08.07 10:45:40 | 000,575,448 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)DRV:64bit: - [2012.08.07 10:45:34 | 000,649,688 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorS.sys -- (iaStorS)DRV:64bit: - [2012.08.07 10:45:32 | 000,026,072 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)DRV:64bit: - [2012.06.25 09:27:46 | 000,028,008 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)DRV:64bit: - [2012.04.05 16:08:42 | 000,139,056 | ---- | M] (OCZ Technology Group, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ocz10xx.sys -- (ocz10xx)DRV:64bit: - [2012.04.02 07:29:34 | 000,511,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1q62x64.sys -- (e1qexpress)DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2009.11.24 01:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)DRV:64bit: - [2009.11.24 01:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV - [2013.07.31 12:23:57 | 000,139,352 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)DRV - [2013.07.12 10:45:44 | 000,130,320 | ---- | M] (CyberLink Corp.) [2013/09/28 22:37:44] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl -- ({09F57980-3432-4AFC-957D-27AC45FAE1F5})DRV - [2013.06.08 11:55:18 | 000,253,432 | ---- | M] () [Kernel | System | Running] -- C:\Programfiler\SoftPerfect RAM Disk\vv.sys -- (vvramd)DRV - [2011.11.22 03:48:04 | 000,014,376 | ---- | M] () [Kernel | On_Demand | Running] -- c:\Windows\SysWOW64\Mv_Process.sys -- (Mv_Process)DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1209271551-159017677-4167509731-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.no/IE - HKU\S-1-5-21-1209271551-159017677-4167509731-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1209271551-159017677-4167509731-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SRIE - HKU\S-1-5-21-1209271551-159017677-4167509731-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1209271551-159017677-4167509731-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ========== FireFox ==========FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.2.1FF - prefs.js..extensions.enabledAddons: %7B2d3fbcf7-be69-4433-8858-c621a8d0e58d%7D:6.0.0.12442FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: Z:\VideoLan VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\pluginsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.08 17:11:46 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\pluginsFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins[2013.06.01 21:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terje Andersen\AppData\Roaming\mozilla\Extensions[2013.10.10 19:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terje Andersen\AppData\Roaming\mozilla\Firefox\Profiles\m8gvogo4.default\extensions[2013.09.22 10:59:11 | 000,000,000 | ---D | M] (Widevine Media Optimizer) -- C:\Users\Terje Andersen\AppData\Roaming\mozilla\Firefox\Profiles\m8gvogo4.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}[2013.09.28 18:48:30 | 000,000,000 | ---D | M] (uTorrentControl_v6) -- C:\Users\Terje Andersen\AppData\Roaming\mozilla\Firefox\Profiles\m8gvogo4.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}[2013.06.01 21:59:33 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Terje Andersen\AppData\Roaming\mozilla\Firefox\Profiles\m8gvogo4.default\extensions\[email protected][2013.10.10 19:17:14 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Terje Andersen\AppData\Roaming\mozilla\firefox\profiles\m8gvogo4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi[2013.08.17 10:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions[2013.09.22 10:56:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programfiler\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [RAMDiskForWorkstations] C:\Program Files\SoftPerfect RAM Disk\RAMDiskWS.exe (SoftPerfect Research)O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)O4 - HKLM..\Run: [MSUTray] C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe ()O4 - HKLM..\Run: [PowerDVD13Agent] C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe (CyberLink Corp.)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1209271551-159017677-4167509731-1000..\Run: [Akamai NetSession Interface] C:\Users\Terje Andersen\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)O4 - HKU\S-1-5-21-1209271551-159017677-4167509731-1000..\Run: [AnyDVD] Z:\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)O4 - HKU\S-1-5-21-1209271551-159017677-4167509731-1000..\Run: [HFM.NET] C:\Program Files (x86)\HFM.NET\HFM.exe (harlam357)O4 - HKU\S-1-5-21-1209271551-159017677-4167509731-1000..\Run: [One.com] C:\Program Files (x86)\OnecomCloudDrive\Dlls\AppLauncher.exe ()O4 - HKU\S-1-5-21-1209271551-159017677-4167509731-1000..\Run: [spotify] C:\Users\Terje Andersen\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)O4 - HKU\S-1-5-21-1209271551-159017677-4167509731-1000..\Run: [spotify Web Helper] C:\Users\Terje Andersen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)O4 - HKU\.DEFAULT..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not foundO4 - HKU\S-1-5-18..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\Terje Andersen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\[email protected] = C:\Program Files (x86)\FAHClient\HideConsole.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O8:64bit: - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not foundO8:64bit: - Extra context menu item: Se&nd til OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not foundO8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not foundO8 - Extra context menu item: Se&nd til OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not foundO9:64bit: - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : Se&nd til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra Button: &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programfiler\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programfiler\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-1209271551-159017677-4167509731-1000\..Trusted Ranges: Range1 ([http] in Trusted sites)O15 - HKU\S-1-5-21-1209271551-159017677-4167509731-1000\..Trusted Ranges: Range1 ([https] in Trusted sites)O15 - HKU\S-1-5-21-1209271551-159017677-4167509731-1000\..Trusted Ranges: Range2 ([http] in Trusted sites)O15 - HKU\S-1-5-21-1209271551-159017677-4167509731-1000\..Trusted Ranges: Range2 ([https] in Trusted sites)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.50.100O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{325DC431-A1BB-41CE-ABB0-F1B371962980}: DhcpNameServer = 192.168.50.100O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAB9AC87-B76D-4272-88CD-E9CA50B13987}: DhcpNameServer = 192.168.50.100O18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2013.06.02 17:48:03 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]O32 - AutoRun File - [2001.10.02 12:13:06 | 000,299,008 | R--- | M] () - K:\Autorun.exe -- [ CDFS ]O32 - AutoRun File - [2001.09.12 18:18:08 | 000,000,040 | R--- | M] () - K:\autorun.inf -- [ CDFS ]O32 - AutoRun File - [2001.08.30 19:55:46 | 000,189,819 | R--- | M] () - K:\autorun.pcx -- [ CDFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2013.10.27 14:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation[2013.10.26 23:32:30 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\AppData\Roaming\FastStone[2013.10.26 23:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer[2013.10.26 23:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Image Viewer[2013.10.16 19:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle[2013.10.16 19:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java[2013.10.16 19:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java[2013.10.16 16:51:57 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\Cloud Drive[2013.10.16 16:51:42 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\AppData\Roaming\OnecomCloudDrive[2013.10.16 16:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnecomCloudDrive[2013.10.16 16:51:42 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\One.com Cloud Drive[2013.10.03 17:34:23 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\AppData\Local\Spotify[2013.10.03 17:34:13 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\AppData\Roaming\Spotify[2013.09.28 21:39:06 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\AppData\Local\Cyberlink SoftDMA[2013.09.28 21:38:58 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\Documents\CyberLink[2013.09.28 21:38:58 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\AppData\Roaming\CyberLink[2013.09.28 21:37:41 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\AppData\Local\MediaServer[2013.09.28 21:37:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink[2013.09.28 21:37:11 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\AppData\Local\CyberLink[2013.09.28 21:37:10 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 13[2013.09.28 21:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD[2013.09.28 21:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink[2013.09.28 21:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp[2013.09.28 21:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap[2013.09.28 21:20:28 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\AppData\Roaming\Media Player Classic[2013.09.28 21:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64[2013.09.28 21:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft[2013.09.28 21:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft[2013.09.28 21:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink[2013.09.28 20:50:06 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\Application Data[2013.09.28 20:49:25 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\AppData\Roaming\Digiarty[2013.09.28 20:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAPlayer[2013.09.28 17:57:18 | 000,000,000 | ---D | C] -- C:\Users\Terje Andersen\AppData\Roaming\uTorrent========== Files - Modified Within 30 Days ==========[2013.10.27 20:38:35 | 000,000,021 | ---- | M] () -- C:\Users\Terje Andersen\AppData\Roaming\config_data.dat[2013.10.27 20:38:34 | 000,000,512 | ---- | M] () -- C:\Windows\SysWow64\za_mv_raid.ev[2013.10.27 20:37:53 | 000,070,656 | ---- | M] () -- C:\Windows\SysWow64\freqdb.db[2013.10.27 20:16:47 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013.10.27 20:16:47 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013.10.27 20:14:57 | 001,358,044 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013.10.27 20:14:57 | 000,652,976 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013.10.27 20:14:57 | 000,493,320 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat[2013.10.27 20:14:57 | 000,121,406 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013.10.27 20:14:57 | 000,094,608 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat[2013.10.27 20:09:46 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib[2013.10.27 20:09:42 | 000,001,004 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013.10.27 20:09:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013.10.27 14:49:47 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013.10.27 14:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013.10.27 00:02:08 | 000,365,724 | ---- | M] () -- C:\Users\Terje Andersen\Desktop\_MG_6750.jpg[2013.10.26 23:59:30 | 000,504,063 | ---- | M] () -- C:\Users\Terje Andersen\Desktop\_MG_6800.jpg[2013.10.26 23:58:31 | 000,439,193 | ---- | M] () -- C:\Users\Terje Andersen\Desktop\_MG_6766.jpg[2013.10.26 23:41:10 | 004,244,901 | ---- | M] () -- C:\Users\Terje Andersen\Desktop\rex.jpg[2013.10.26 23:31:44 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk[2013.10.16 01:48:05 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll[2013.10.16 01:48:05 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll[2013.10.16 01:48:05 | 000,023,287 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb[2013.10.14 16:29:44 | 000,574,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013.10.13 22:00:14 | 001,336,880 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2013.10.13 21:52:53 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif[2013.10.13 13:52:25 | 000,000,062 | ---- | M] () -- C:\Users\Terje Andersen\Desktop\The Hooters – 500 Miles.url[2013.10.08 20:14:15 | 003,398,914 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin========== Files Created - No Company Name ==========[2013.10.27 00:02:08 | 000,365,724 | ---- | C] () -- C:\Users\Terje Andersen\Desktop\_MG_6750.jpg[2013.10.26 23:59:30 | 000,504,063 | ---- | C] () -- C:\Users\Terje Andersen\Desktop\_MG_6800.jpg[2013.10.26 23:58:31 | 000,439,193 | ---- | C] () -- C:\Users\Terje Andersen\Desktop\_MG_6766.jpg[2013.10.26 23:53:55 | 005,068,562 | ---- | C] () -- C:\Users\Terje Andersen\Desktop\IMG_6914.JPG[2013.10.26 23:41:09 | 004,244,901 | ---- | C] () -- C:\Users\Terje Andersen\Desktop\rex.jpg[2013.10.26 23:31:44 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk[2013.10.14 16:29:59 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib[2013.10.13 13:52:25 | 000,000,062 | ---- | C] () -- C:\Users\Terje Andersen\Desktop\The Hooters – 500 Miles.url[2013.10.03 17:34:23 | 000,001,847 | ---- | C] () -- C:\Users\Terje Andersen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk[2013.07.09 20:22:15 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat[2013.06.07 21:38:57 | 000,007,605 | ---- | C] () -- C:\Users\Terje Andersen\AppData\Local\resmon.resmoncfg[2013.06.02 12:50:44 | 000,000,021 | ---- | C] () -- C:\Users\Terje Andersen\AppData\Roaming\config_data.dat[2013.06.02 12:28:39 | 001,336,880 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2013.06.02 11:52:26 | 000,035,912 | ---- | C] () -- C:\Windows\Ascd_log.ini[2013.06.02 11:50:42 | 000,028,681 | ---- | C] () -- C:\Windows\Ascd_tmp.ini[2013.06.02 00:21:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\mvcli.ini[2013.06.02 00:20:46 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini[2012.04.06 04:08:14 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\eventshare.dll[2011.11.22 03:48:04 | 000,014,376 | ---- | C] () -- C:\Windows\SysWow64\Mv_Process.sys[2011.11.22 03:47:40 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini========== ZeroAccess Check ==========[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]========== LOP Check ==========[2013.06.02 19:42:08 | 000,000,000 | ---D | M] -- C:\Users\Terje Andersen\AppData\Roaming\Autodesk[2013.06.02 12:53:49 | 000,000,000 | ---D | M] -- C:\Users\Terje Andersen\AppData\Roaming\Corsair[2013.09.28 20:49:25 | 000,000,000 | ---D | M] -- C:\Users\Terje Andersen\AppData\Roaming\Digiarty[2013.08.04 08:48:39 | 000,000,000 | ---D | M] -- C:\Users\Terje Andersen\AppData\Roaming\eLink2[2013.08.04 08:48:40 | 000,000,000 | ---D | M] -- C:\Users\Terje Andersen\AppData\Roaming\eLink2.A4C40D0331460AD6DFB01907E401C080FC0E8F88.1[2013.10.27 20:09:52 | 000,000,000 | ---D | M] -- C:\Users\Terje Andersen\AppData\Roaming\FAHClient[2013.09.26 07:35:12 | 000,000,000 | ---D | M] -- C:\Users\Terje Andersen\AppData\Roaming\HFM[2013.07.27 22:05:46 | 000,000,000 | ---D | M] -- C:\Users\Terje Andersen\AppData\Roaming\Leadertech[2013.10.27 20:09:52 | 000,000,000 | ---D | M] -- C:\Users\Terje Andersen\AppData\Roaming\OnecomCloudDrive[2013.10.27 20:28:42 | 000,000,000 | ---D | M] -- C:\Users\Terje Andersen\AppData\Roaming\Spotify[2013.06.08 17:12:04 | 000,000,000 | ---D | M] -- C:\Users\Terje Andersen\AppData\Roaming\Thunderbird[2013.09.28 20:52:18 | 000,000,000 | ---D | M] -- C:\Users\Terje Andersen\AppData\Roaming\uTorrent========== Purity Check ==========< End of report > EXTRAS OTL Extras logfile created on: 27.10.2013 20:35:37 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Terje Andersen\Downloads64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16721)Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy63,95 Gb Total Physical Memory | 18,66 Gb Available Physical Memory | 29,17% Memory free127,90 Gb Paging File | 81,48 Gb Available in Paging File | 63,71% Paging File freePaging file location(s): e:\pagefile.sys 0 0 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 223,50 Gb Total Space | 154,75 Gb Free Space | 69,24% Space Free | Partition Type: NTFSDrive E: | 931,51 Gb Total Space | 717,33 Gb Free Space | 77,01% Space Free | Partition Type: NTFSDrive F: | 931,51 Gb Total Space | 669,40 Gb Free Space | 71,86% Space Free | Partition Type: NTFSDrive K: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFSDrive Z: | 39,06 Gb Total Space | 38,52 Gb Free Space | 98,61% Space Free | Partition Type: NTFSComputer Name: 2P-MAIN | User Name: Terje Andersen | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)[HKEY_USERS\S-1-5-21-1209271551-159017677-4167509731-1000\SOFTWARE\Classes\].ini [@ = UltraEdit.ini] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.).txt [@ = UltraEdit.txt] -- C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe (IDM Computer Solutions, Inc.)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "Z:\VideoLan VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "Z:\VideoLan VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "Z:\VideoLan VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "Z:\VideoLan VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1========== Authorized Applications List ==================== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0EF53F8B-5259-4BA6-B044-AE253DA01428}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{1E1913EE-9DC7-4F37-9BAA-A15A29CEF098}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{201A76B7-E3B1-423C-8B5F-D08B637A8FDC}" = rport=137 | protocol=17 | dir=out | app=system |"{2D252DE9-A00F-42D2-B8A7-C554D3349300}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{2F4FF3BD-085F-49DB-AE8D-BE0B15E78182}" = rport=445 | protocol=6 | dir=out | app=system |"{3E2183D8-F4C2-43D3-A57F-767FF43B5FD6}" = lport=10243 | protocol=6 | dir=in | app=system |"{445AA786-6FE0-4F85-A703-1E713946E8AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{465BC5AA-D8EC-427A-A5F0-D33AFA7B5A2B}" = rport=10243 | protocol=6 | dir=out | app=system |"{4CD1EEEF-6432-4715-AF62-100E7CB767CF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{77C790B4-4822-4251-AA78-3AB027576D2B}" = lport=138 | protocol=17 | dir=in | app=system |"{82569A0F-4302-4878-B0AD-55DDCF186DE2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{8316E6F9-27E7-43EF-A1AC-A00E65A654B5}" = lport=139 | protocol=6 | dir=in | app=system |"{8D76797F-4914-4410-90DC-8B51494C82B8}" = lport=2869 | protocol=6 | dir=in | app=system |"{99E9C103-861E-48DB-98D0-BBD719E339F6}" = lport=445 | protocol=6 | dir=in | app=system |"{A3FAD451-4880-4678-B854-C88D70A8435F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{B1CE2B00-D2BE-44C3-8376-6B674CAB3E6B}" = rport=138 | protocol=17 | dir=out | app=system |"{CA6F5073-D06F-4376-82D2-F0D3F4CE31C6}" = lport=137 | protocol=17 | dir=in | app=system |"{D33E88B8-0B8B-4ADB-A65D-5E5751757E56}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |"{E0B53B34-30D8-4EB4-A5A3-CFDEE474F06A}" = rport=139 | protocol=6 | dir=out | app=system |"{F738D8CC-3D30-4E7A-B173-139F8CD5B32C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{F7E8B8A7-5115-4402-814F-8707D702167E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0443C209-3410-4D26-AF34-57FB072BD1C7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\powerdvd13ml.exe |"{0F55F95C-94F1-4344-88A0-8D8A105DC747}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\powerdvd13agent.exe |"{16E906B3-3A6B-4886-B953-FA73C29C80A7}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |"{28A2C86F-8FBB-48F5-96EC-BD41DA3BCE44}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{2FD60D26-EA52-462E-9B5A-46556500C142}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |"{395EE799-E4D5-4B52-84D9-04C5C25261A4}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |"{3BC172AE-1A03-4C8B-8C01-8AB40FDF88C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{3D9E9552-6041-4C93-8B3C-CF5C69DCC97E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{40F36293-FB8B-4EF8-87E8-41989E7F5C50}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |"{45C436FE-2835-44AD-9FC1-CFF1C05B8136}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\kernel\dms\clmsserverpdvd13.exe |"{4EE9D0B7-BF6C-4CC8-A76C-A05D28B06E56}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |"{528196CD-F886-48D2-8997-39B486E66748}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{54696AE8-F70F-484E-A61C-53863AD5DDF3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |"{61555E0E-B617-4C69-8A26-6755B6AD939D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\powerdvd13.exe |"{646E6E2C-873F-46EF-96A9-63E7BB8329D4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\kernel\dmr\powerdvd13dmrengine.exe |"{661A2E2B-CB94-4EC6-B9A8-925C969F3088}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |"{6E431A43-262F-4166-8D42-431D5C65368E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\movie\powerdvd cinema\powerdvdcinema13.exe |"{72771D20-26B3-4852-AE75-37D289C57367}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |"{78E453FB-5336-460D-A079-2E367F016747}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |"{7BEAE200-A91A-454A-8747-FB9FFA70B6BF}" = protocol=6 | dir=in | app=c:\users\terje andersen\appdata\roaming\utorrent\utorrent.exe |"{81912F36-7578-4344-B783-6C4E021E95F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{8341FEFC-DF71-4C53-8E8E-79806D97CD80}" = protocol=17 | dir=in | app=c:\users\terje andersen\appdata\roaming\utorrent\utorrent.exe |"{841D2644-2E7A-4047-AD5D-E271892FB3E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{85E82F3E-17DB-4198-8EB4-1636666BC66D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd13\movie\powerdvd.exe |"{88382550-3EC7-49AE-806E-AEE93BF8AC1A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |"{8E63AA39-996D-48BC-A411-920A3D803E8C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{90989458-03E5-449F-9550-CE0F716ACEC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{9F580134-7D66-4E28-9E3C-B4DC6522A587}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |"{A88507B9-0414-4D6D-8D46-02ECD85FD7A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{A897E3C3-87BD-42B8-9768-01B3A2A33FF6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{BB452D68-4DF1-4CD2-937E-827C39B5F90B}" = protocol=1 | dir=out | [email protected],-28544 |"{C6C2BB0D-1C2D-42E7-BDF2-A8F88ED94EE8}" = protocol=6 | dir=out | app=system |"{C703E61A-60EE-446D-BE7B-F7B63343869E}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |"{C94DF5A4-AF5D-4FD0-8694-6DCF3A82A3C5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |"{CC1F1C1B-03B3-4DC8-9BD1-1B3EBCA5472F}" = protocol=1 | dir=in | [email protected],-28543 |"{CCA221CF-F9B6-4284-BB26-14B8F5887C26}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |"{CDCE3DC1-BC11-4515-AAAF-DF6DF174AA7C}" = protocol=58 | dir=out | [email protected],-28546 |"{CE088B1D-05C7-4B22-9E0E-6A72083E15F1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{D1155483-5992-40D1-A1BC-DC4D9E11DBFD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{D40D95F3-C53A-4151-AECC-9FB583221595}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |"{D755490A-C75B-4044-9E2A-61CA5802725D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{E3CA6D86-FD75-4CB1-999A-EB09B920C674}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |"{EA05B836-FD8E-4477-AADD-A726DE591BA7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |"{EC194C07-F863-41C4-949C-18C0EB95EA6E}" = protocol=58 | dir=in | [email protected],-28545 |"{F3EDF08D-DB21-4648-AFA4-BFD205646405}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"TCP Query User{04B883AA-6A80-4911-B2BE-EF561D2D0320}C:\users\terje andersen\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\terje andersen\appdata\local\akamai\netsession_win.exe |"TCP Query User{253E7967-FE4D-4E72-8FF6-AAC0C916D101}C:\program files (x86)\d-link smartconsole utility\d-link smartconsole utility.exe" = protocol=6 | dir=in | app=c:\program files (x86)\d-link smartconsole utility\d-link smartconsole utility.exe |"TCP Query User{36CEBF6C-3386-49EA-938B-BEF5E574A8DC}C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\marvell\storage\apache2\bin\httpd.exe |"TCP Query User{4FCB1120-8C72-438C-8AC3-09C398361BA9}C:\program files\autodesk\maya2014\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2014\bin\maya.exe |"TCP Query User{6A892D78-3CA6-4CB0-B26A-DC05AC411B9B}C:\users\terje andersen\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\terje andersen\appdata\roaming\spotify\spotify.exe |"TCP Query User{C3751C7B-F0D6-4170-A81C-C99E486F9DB7}C:\program files (x86)\fahclient\fahclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fahclient\fahclient.exe |"UDP Query User{5E8063EF-82D8-4A9D-9E40-D356AD421A6E}C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\marvell\storage\apache2\bin\httpd.exe |"UDP Query User{60359D55-2BDF-4C7E-A503-17039281393F}C:\users\terje andersen\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\terje andersen\appdata\local\akamai\netsession_win.exe |"UDP Query User{6BF20CEF-E2C0-4EEE-AB4C-9C6106B4731D}C:\program files (x86)\d-link smartconsole utility\d-link smartconsole utility.exe" = protocol=17 | dir=in | app=c:\program files (x86)\d-link smartconsole utility\d-link smartconsole utility.exe |"UDP Query User{939C9D12-0232-4690-838C-CB7437106B9F}C:\program files (x86)\fahclient\fahclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fahclient\fahclient.exe |"UDP Query User{D611B86B-7702-439A-9BDA-C9B0E124C8EA}C:\users\terje andersen\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\terje andersen\appdata\roaming\spotify\spotify.exe |"UDP Query User{E42C253D-BB48-4E5B-A732-8D0C0020EACD}C:\program files\autodesk\maya2014\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2014\bin\maya.exe |========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{1BCB688A-3C46-4973-A4A0-06DB612B8BC7}" = Kruptos 2 Professional"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.6.8 (64-bit)"{2D698270-17B8-45E7-9D26-0A43FC93C39A}" = OCZ 10xx Driver"{33A14ED9-0340-4193-BEDB-B95BC8196182}_is1" = SoftPerfect RAM Disk 3.3.3"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{4F5AD3FF-38C6-43FB-BB6F-8EF830DEDF16}" = mental ray renderer for Autodesk Maya 2014"{5AAB972C-FF31-4B01-8445-50C42860EC02}" = Autodesk Composite 2014"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)"{6D9DCF92-F8A3-33A2-897A-9C379448E0D8}" = Microsoft .NET Framework 4 Client Profile NOR Language Pack"{7FA8BC5D-7CE4-42F3-8EAE-32DF5BAB53A7}" = Autodesk Maya 2014"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended"{8FC7C2B2-0F64-4B35-AA3D-2B051D009243}" = Autodesk DirectConnect 2014 64-bit"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0414-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2010"{A64EBD98-D9FB-4014-8658-F61C0EFFB87C}" = Scanjet 5590"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B151ECD3-2DBE-45E9-816E-F8AA6238F6A8}" = Autodesk MatchMover 2014"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision-driver 331.58"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA kontrollpanel 331.58"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafikkdriver 331.58"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Driver til 3D Vision-kontroller 331.58"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systemprogramvare 9.13.0725"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver for HD-lyd 1.3.26.4"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{D54ADF6B-2164-4394-AF70-2778422E9DD8}" = Intel® Network Connections 17.4.95.0"{DBDD570E-0952-475f-9453-AB88F3DD565a}" = Python 2.7.5 (64-bit)"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"Autodesk Composite 2014" = Autodesk Composite 2014"Autodesk DirectConnect 2014 64-bit" = Autodesk DirectConnect 2014 64-bit"Autodesk Maya 2014" = Autodesk Maya 2014"HP Imaging Device Functions" = HP Imaging Device Functions 14.5"HPOCR" = OCR Software by I.R.I.S. 14.5"Logitech Gaming Software" = Logitech Gaming Software 8.46"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Client Profile NOR Language Pack" = Microsoft .NET Framework 4 Client Profile NOR Language Pack"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"Microsoft Security Client" = Microsoft Security Essentials"PROSetDX" = Intel® Network Connections 17.4.95.0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III"{10B58EAF-76E3-4382-95B2-4B6C6CB5B49E}" = hpg5590"{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}" = UltraCompare"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45"{2C1235B3-4E2B-44E3-8EB1-2D4025974A5B}" = HFM.NET 0.9.1.595"{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}" = Autodesk Download Manager"{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}" = CyberLink PowerDVD 13"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2014"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{51436F33-0743-4C11-807C-C876CB9CEC84}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple-programsupport"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit"{658EFB3F-8606-4576-8FEC-B0CED48F1E68}" = CorsairLINK2"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}" = Intel® Rapid Storage Technology enterprise"{8EB62C87-AAA6-4850-A5BC-64155884B973}" = SketchUp 8"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg"{90140000-0015-0414-0000-0000000FF1CE}" = Microsoft Office Access MUI (Norwegian (Bokmål)) 2010"{90140000-0016-0414-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010"{90140000-0018-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010"{90140000-0019-0414-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010"{90140000-001A-0414-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010"{90140000-001B-0414-0000-0000000FF1CE}" = Microsoft Office Word MUI (Norwegian (Bokmål)) 2010"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010"{90140000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010"{90140000-002C-0414-0000-0000000FF1CE}" = Microsoft Office Proofing (Norwegian (Bokmål)) 2010"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010"{90140000-006E-0414-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010"{90140000-00A1-0414-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9E960988-8388-40C9-B77E-882AAD9D1384}" = DGS-1210-16"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9CC8D58-397F-4241-86C7-5463274E9B08}" = Scan"{AC76BA86-7AD7-1044-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Norsk"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update"{B562C735-BAB2-473D-AF3C-80D1C8284020}" = D-Link SmartConsole Utility"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX"{D0DFDFA8-1C04-407B-9CB2-A25AB20DD54D}" = Destinations"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm"Adobe AIR" = Adobe AIR"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"AnyDVD" = AnyDVD"ASUS_Server" = ASUS_Server Screen Saver"CMIUSB&1B1C&1C00" = Corsair Link USB Dongle (Driver Removal)"DAPlayer_is1" = DAPlayer 1.0.1.7"eLink_is1" = eLink 2.1"FAHClient" = FAHClient"FastStone Image Viewer" = FastStone Image Viewer 4.8"InstallShield_{11EF223E-CCCB-4BCC-918D-EA4E59FD05EF}" = UltraCompare"InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}" = CyberLink PowerDVD 13"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit"MagniDriver" = marvell 91xx driver"Mozilla Firefox 24.0 (x86 nb-NO)" = Mozilla Firefox 24.0 (x86 nb-NO)"Mozilla Thunderbird 17.0.6 (x86 nb-NO)" = Mozilla Thunderbird 17.0.6 (x86 nb-NO)"MozillaMaintenanceService" = Mozilla Maintenance Service"mvMSU" = Marvell Storage Utility V4"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"Office14.SingleImage" = Microsoft Office Home and Student 2010"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)"TeamViewer 8" = TeamViewer 8"VLC media player" = VLC media player 2.1.0========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-1209271551-159017677-4167509731-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Akamai" = Akamai NetSession Interface"OnecomCloudDrive" = One.com Cloud Drive 0.3.38.36584"Spotify" = Spotify"uTorrent" = µTorrent========== Last 20 Event Log Errors ==========[ Application Events ]Error - 11.09.2013 12:32:51 | Computer Name = 2P-Main | Source = MsiInstaller | ID = 11310Description =Error - 11.09.2013 12:33:15 | Computer Name = 2P-Main | Source = MsiInstaller | ID = 11310Description =Error - 11.09.2013 13:13:10 | Computer Name = 2P-Main | Source = Application Hang | ID = 1002Description = Programmet firefox.exe versjon 23.0.1.4974 sluttet å samhandle medWindows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengeligom problemet, ser du i problemloggen i kontrollpanelet for Handlingssenter. Prosess-ID:3ddc Starttidspunkt: 01ceae3a2a6d587f Avslutningstidspunkt: 96 Programbane: C:\ProgramFiles (x86)\Mozilla Firefox\firefox.exe Rapport-ID: 6c5a9efd-1b05-11e3-8123-60a44c041427Error - 11.09.2013 17:18:37 | Computer Name = 2P-Main | Source = MsiInstaller | ID = 11310Description =Error - 11.09.2013 17:19:00 | Computer Name = 2P-Main | Source = MsiInstaller | ID = 11310Description =Error - 11.09.2013 18:30:18 | Computer Name = 2P-Main | Source = SideBySide | ID = 16842785Description = Generering av aktiveringskontekst mislyktes for C:\Program Files\Autodesk\Composite2014\python\lib\distutils\command\wininst-8_d.exe.Finnerikke den avhengige samlingen Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".Bruksxstrace.exe for detaljert diagnostisering.Error - 11.09.2013 22:07:01 | Computer Name = 2P-Main | Source = MsiInstaller | ID = 11310Description =Error - 11.09.2013 22:07:24 | Computer Name = 2P-Main | Source = MsiInstaller | ID = 11310Description =Error - 12.09.2013 02:10:55 | Computer Name = 2P-Main | Source = MsiInstaller | ID = 11310Description =Error - 12.09.2013 02:11:19 | Computer Name = 2P-Main | Source = MsiInstaller | ID = 11310Description =[ System Events ]Error - 01.08.2013 18:33:33 | Computer Name = 2P-Main | Source = SCardSvr | ID = 610Description =Error - 01.08.2013 19:34:42 | Computer Name = 2P-Main | Source = EventLog | ID = 6008Description = Forrige avslutning av systemet klokken 01:23:30 den ?02.?08.?2013var uventet.Error - 01.08.2013 19:35:10 | Computer Name = 2P-Main | Source = BugCheck | ID = 1001Description =Error - 07.08.2013 10:24:42 | Computer Name = 2P-Main | Source = EventLog | ID = 6008Description = Forrige avslutning av systemet klokken 16:05:21 den ?07.?08.?2013var uventet.Error - 02.09.2013 17:07:28 | Computer Name = 2P-Main | Source = nvlddmkm | ID = 11141134Description =Error - 03.09.2013 18:42:15 | Computer Name = 2P-Main | Source = nvlddmkm | ID = 11141134Description =Error - 11.09.2013 12:37:07 | Computer Name = 2P-Main | Source = Microsoft Antimalware | ID = 2001Description = %%860 har oppdaget feil ved forsøk på å oppdatere signaturer. Ny signaturversjon:Forrige signaturversjon: 1.157.1620.0 Oppdateringskilde: %%859 Oppdateringsstadium:%%852 Kildebane: http://www.microsoft.com Signaturtype: %%800 Oppdateringstype: %%803Bruker:NT-MYNDIGHET\SYSTEM Aktuell motorversjon: Forrige motorversjon: 1.1.9800.0 Feilkode:0x80072ee2 Feilbeskrivelse: Operasjonen ble tidsavbruttError - 20.09.2013 09:35:40 | Computer Name = 2P-Main | Source = nvlddmkm | ID = 11141134Description =Error - 26.09.2013 20:36:11 | Computer Name = 2P-Main | Source = Microsoft Antimalware | ID = 2001Description = %%860 har oppdaget feil ved forsøk på å oppdatere signaturer. Ny signaturversjon:Forrige signaturversjon: 1.159.688.0 Oppdateringskilde: %%859 Oppdateringsstadium:%%852 Kildebane: http://www.microsoft.com Signaturtype: %%800 Oppdateringstype: %%803Bruker:NT-MYNDIGHET\SYSTEM Aktuell motorversjon: Forrige motorversjon: 1.1.9901.0 Feilkode:0x8024402f Feilbeskrivelse: Det oppstod et uventet problem da det ble sett etternye oppdateringer. Se Hjelp og støtte hvis du vil ha informasjon om installeringeller feilsøking av oppdateringer.Error - 27.09.2013 15:30:03 | Computer Name = 2P-Main | Source = volmgr | ID = 262189Description = Kan ikke laste inn krasjdumpfil.< End of report > Lenke til kommentar
mobile999 Skrevet 28. oktober 2013 Del Skrevet 28. oktober 2013 Installerte du Faststone Image Viewer ca 23.30 den 26.10? Var det da problemene begynte?Du skriver at du "fikk stoppet det før det spredde seg for mye". Kan du beskrive nærmere hva du gjorde for å stoppe problemet?Høyreklikk en av problemmappene og velg Egenskaper. I vinduet som dukker opp velger du Sikkerhet-fanen og klikker Brukere under Grupper og brukernavn. Hva er det huket av for her? Lenke til kommentar
Teza Skrevet 28. oktober 2013 Forfatter Del Skrevet 28. oktober 2013 Helt fantastiskt, takker så mye! Var kommet noe som het spesialtillatelser, men ved å sette min bruker som eier av mappene fikk jeg i allefall tilgang igjen, men det er fremdeles bilde av en hengelås over disse. Er nok noen eier/tilatelse settings som fremdeles ikke er rett. Har du en god fremgangsmåte for å rette på dette? Lenke til kommentar
mobile999 Skrevet 28. oktober 2013 Del Skrevet 28. oktober 2013 Gruppen Brukere skal ha følgende tillatelser i "Program Files*" mappene: Read & Execute List folder contents Read Jeg vet dessverre ikke noen enkel måte å rette det opp på. Lenke til kommentar
Chavalito Skrevet 17. november 2013 Del Skrevet 17. november 2013 Du er sikker på at du fikk virus? Mapper med hengelås er faktisk noe Windows selv styrer med, blie innført i Windows 7 RC. Les om dette på denne siden og se om det hjelper deg. Det er faktisk en gammel sak, men mulg den er til hjelp. Lenke til kommentar
Teza Skrevet 17. november 2013 Forfatter Del Skrevet 17. november 2013 Er ikke sikker på hva som er skjedd, men har utelukket virus. Virker som noe er blitt endret men vet ikke hvordan. Reinstallerte windows på maskinen, og selv da klaget sketchup på at det ikke fikk tilgang til filene sine. Har også vert sterkt plaget i det siste med at maskinen til stadighet låser seg. Mistenker det siste kan være temperatur, så har satt viftene til maks, og foreløpig ser det ut til å være bedre. Angående det opprinnelige problemet med programmer som er låst og ikke tilgang til mine dokumenter og andre filer er dette ansett som løst ved reinstallasjon. Eneste jeg stusser over er at sketchup ikke fungerer som det skal på nyinstallert maskin... Så har foreløpig ventet med å installere flere programmer. F@H er oppe igjen, heldigvis:) Lenke til kommentar
mobile999 Skrevet 20. november 2013 Del Skrevet 20. november 2013 Dog for å unngå denne problemstillingen i fremtiden, er det mulig å kjøre internett programmer i en virituell maskin på en enkel måte? Dersom det skulle skje igjen vil det vel da kun gå ut over denne virituelle maskinen, som enkelt kan startes opp på nytt? Kan denne kjøres i et vindu ved å starte en snarvei på skrivebordet, på lik linje som en browser? Vet ikke hvordan dette fungerer, men ser behovet dersom det er mulig. Ser at dette ikke er blitt besvart. Sjekk ut sandboxie(.com). Dette programmet lager en "sandkasse" som du kan kjøre et hvilket som helst program i. Sandboxie kan settes opp til å "tømme"/"kaste innholdet i" sandkassen etter bruk. Jeg vet ikke hva Sketchup tuller med hos deg. Det fungerer utmerket på mine tre datamaskiner. Lenke til kommentar
Teza Skrevet 21. november 2013 Forfatter Del Skrevet 21. november 2013 Det fungerte utmerket på min maskin også, helt til jeg reinstallerte. Har installert det både på systemdisk og ramdisk og begge steder klager det over manglende tilgang til å oppdatere egne filer. Ett eller annet med prøvetid og oppdatering av dato mener jeg å huske... Skal sjekke ut sandboxie.com ved første anledning. Takker Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå