Hej          

Du skal helst downloade fra en anden PC.

———

Til 32 bit Windows, hent Farbar Recovery Scan Tool og gem den på en USB nøgle.
Til 64 bit Windows, hent Farbar Recovery Scan Tool x64 og gem den på en USB nøgle.

Sæt USB nøglen i den inficerede PC.

Start PCen op med “Advanced Boot Options” (Tryk F8 flere gange under opstart)
Vælg “Repair Your Computer”
Vælg sprog.
Vælg Bruger konto.

Så skal du vælge Kommando Prompt.

Der skriver du notepad, og trykker <Enter>

Vælg Fil menu -> Åbn og vælg “Computer”. Find drevbogstavet til din USB nøgle. Luk Notesblok.

Ved Kommando prompten skriver du e:\frst.exe (64 bit Windows e:\frst64)
Erstat e med det rigtige bogstav.

Når Farbar Recovery Scan Tool er startet, klikker du på Scan.

Den laver FRST.txt på USB nøglen. Kopier den herind i dit næste indlæg.

God morgen Emeritus, her er resultatet:

Scan result of Farbar Recovery Scan Tool Version: 10-07-01
Ran by SYSTEM at 11-07-01 07:18:6
Running from G:\
Windows 7 Home Premium Service Pack 1 (X6) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system\igfxtray.exe [167960 010-1-9] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system\hkcmd.exe [9170 010-1-9] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system\igfxpers.exe [188 010-1-9] (Intel Corporation)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo “C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs” [56 010-11-9] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [516 010-1-16] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl6.exe -s [1186007 011-06-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg6.exe /FORPCEE [680 011-06-0] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [18158 011-05-10] (Acer Incorporated)
HKLM\...\Run: [BCSSync] “C:\Program Files\Microsoft Office\Office1\BCSSync.exe” /DelayServices [1151 010-0-1] (Microsoft Corporation)
HKLM\...\Run: [MSC] “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey [171168 01-0-6] (Microsoft Corporation)
HKLM-x\...\Run: [SuiteTray] “C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe” [088 011-0-0] (Egis Technology Inc.)
HKLM-x\...\Run: [EgisTecPMMUpdate] “C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe” [08 011-0-8] (Egis Technology Inc.)
HKLM-x\...\Run: [EgisUpdate] “C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe” -d [0608 011-0-8] (Egis Technology Inc.)
HKLM-x\...\Run: [BackupManagerTray] “C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe” -h -k [9780 011-0-] (NTI Corporation)
HKLM-x\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1100 011-06-0] (Dritek System Inc.)
HKLM-x\...\Run: [Dolby Advanced Audio v] “C:\Dolby PCEE\pcee.exe” -autostart [50671 011-0-0] (Dolby Laboratories Inc.)
HKLM-x\...\Run: [ArcadeMovieService] “C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe” [1778 011-05-09] (CyberLink Corp.)
HKLM-x\...\Run: [Google Desktop Search] “C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe” /startup [019 011-10-0] (Google)
HKLM-x\...\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe” [5696 011-06-09] (Sun Microsystems, Inc.)
HKLM-x\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [61896 010-06-07] ()
HKLM-x\...\Run: [CLX180_ScanPc] C:\Windows\Twain_\Samsung\CLX180\Scanpc.exe [19901 011-0-8] ()
HKLM-x\...\Run: [180 ScanPC] “C:\Windows\twain_\Samsung\CLX180\ScanPc.exe” [19901 011-0-8] ()
HKLM-x\...\Run: [APSDaemon] “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe” [590 011-09-6] (Apple Inc.)
HKLM-x\...\Run: [iTunesHelper] “C:\Program Files (x86)\iTunes\iTunesHelper.exe” [176 011-11-1] (Apple Inc.)
HKLM-x\...\Run: [Adobe ARM] “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [871 01-01-0] (Adobe Systems Incorporated)
HKLM-x\...\Run: [pgfagftpcslzcrg] C:\ProgramData\pgfagftp.exe [6556 01-07-10] ()
HKU\Kim\...\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe [189116 008-08-1] (GARMIN Corp.)
HKU\Kim\...\Run: [Skype] “C:\Program Files (x86)\Skype\Phone\Skype.exe” /minimized /regrun [17179 01-07-0] (Skype Technologies S.A.)
HKU\Kim\...\Run: [Google Update] “C:\Users\Kim\AppData\Local\Google\Update\GoogleUpdate.exe” /c [11668 01-0-0] (Google Inc.)
HKU\Kim\...\Run: [pgfagftpcslzcrg] C:\ProgramData\pgfagftp.exe [6556 01-07-10] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.5.1.1 8.8.8.8
AppInit_DLLs: C:\Windows\system\nvinitx.dll
Startup: C:\Users\Kim\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) ======

DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [560 011-06-0] (Dritek System Inc.)
ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [8755 011-05-10] (Acer Incorporated)
GoogleDesktopManager-05110-111108; “C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe” [019 011-10-0] (Google)
GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [9696 011-05-5] (Acer Incorporated)
IISADMIN; C:\Windows\system\inetsrv\inetinfo.exe [1587 010-11-0] (Microsoft Corporation)
Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [6 011-0-] (Acer Incorporated)
MsDtsServer100; “C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe” [1078 011-06-17] (Microsoft Corporation)
MsMpSvc; “C:\Program Files\Microsoft Security Client\MsMpEng.exe” [1600 01-0-6] (Microsoft Corporation)
MSSQLSERVER; “C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe” -sMSSQLSERVER [611107 011-06-17] (Microsoft Corporation)
NisSrv; “C:\Program Files\Microsoft Security Client\NisSrv.exe” [91696 01-0-6] (Microsoft Corporation)
NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [568 011-0-] (NTI Corporation)
SQLSERVERAGENT; “C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE” -i MSSQLSERVER [156 011-06-17] (Microsoft Corporation)
UNS; “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe” [65680 010-1-0] (Intel Corporation)
WSVC; C:\Windows\system\inetsrv\iiswadm.dll [510 010-11-0] (Microsoft Corporation)
WSVC; C:\Windows\SysWow6\inetsrv\iiswadm.dll [978 010-11-0] (Microsoft Corporation)
MSSQLFDLauncher; “C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe” -s MSSQL10_50.MSSQLSERVER [x]

========================== Drivers (Whitelisted) =============

19ohci; C:\Windows\System\Drivers\19ohci.sys [9888 010-11-0] (Microsoft Corporation)
0 ACPI; C:\Windows\System\Drivers\ACPI.sys [08 010-11-0] (Microsoft Corporation)
AcpiPmi; C:\Windows\System\Drivers\AcpiPmi.sys [1800 010-11-0] (Microsoft Corporation)
adp9xx; C:\Windows\System\Drivers\adp9xx.sys [91088 009-07-1] (Adaptec, Inc.)
adpahci; C:\Windows\System\Drivers\adpahci.sys [956 009-07-1] (Adaptec, Inc.)
adpu0; C:\Windows\System\Drivers\adpu0.sys [1886 009-07-1] (Adaptec, Inc.)
1 AFD; C:\Windows\System\Drivers\AFD.sys [98688 011-1-7] (Microsoft Corporation)
agp0; C:\Windows\System\Drivers\agp0.sys [61008 009-07-1] (Microsoft Corporation)
amdide; C:\Windows\System\Drivers\amdide.sys [150 009-07-1] (Microsoft Corporation)
AmdK8; C:\Windows\System\Drivers\AmdK8.sys [651 009-07-1] (Microsoft Corporation)
AmdPPM; C:\Windows\System\Drivers\AmdPPM.sys [6098 009-07-1] (Microsoft Corporation)
amdsata; C:\Windows\System\Drivers\amdsata.sys [10790 011-07-1] (Advanced Micro Devices)
0 amdxata; C:\Windows\System\Drivers\amdxata.sys [7008 011-07-1] (Advanced Micro Devices)
AppID; C:\Windows\System\Drivers\AppID.sys [610 010-11-0] (Microsoft Corporation)
arc; C:\Windows\System\Drivers\arc.sys [876 009-07-1] (Adaptec, Inc.)
arcsas; C:\Windows\System\Drivers\arcsas.sys [97856 009-07-1] (Adaptec, Inc.)
AsyncMac; C:\Windows\System\Drivers\AsyncMac.sys [00 009-07-1] (Microsoft Corporation)
0 atapi; C:\Windows\System\Drivers\atapi.sys [18 009-07-1] (Microsoft Corporation)
b06bdrv; C:\Windows\system\drivers\bxvbda.sys [6880 009-06-10] (Broadcom Corporation)
b57nd60a; C:\Windows\System\Drivers\b57nd60a.sys [7088 009-06-10] (Broadcom Corporation)
1 Beep; C:\Windows\System\Drivers\Beep.sys [6656 009-07-1] (Microsoft Corporation)
1 blbdrive; C:\Windows\System\Drivers\blbdrive.sys [5056 009-07-1] (Microsoft Corporation)
bowser; C:\Windows\System\Drivers\bowser.sys [906 011-07-1] (Microsoft Corporation)
BrFiltLo; C:\Windows\System\Drivers\BrFiltLo.sys [18 009-06-10] (Brother Industries, Ltd.)
BrFiltUp; C:\Windows\System\Drivers\BrFiltUp.sys [870 009-06-10] (Brother Industries, Ltd.)
Brserid; C:\Windows\System\Drivers\Brserid.sys [8670 009-07-1] (Brother Industries Ltd.)
BrSerWdm; C:\Windows\System\Drivers\BrSerWdm.sys [710 009-06-10] (Brother Industries Ltd.)
BrUsbMdm; C:\Windows\System\Drivers\BrUsbMdm.sys [1976 009-06-10] (Brother Industries Ltd.)
BrUsbSer; C:\Windows\System\Drivers\BrUsbSer.sys [170 009-06-10] (Brother Industries Ltd.)
BTHMODEM; C:\Windows\System\Drivers\BTHMODEM.sys [719 009-07-1] (Microsoft Corporation)
BTHPORT; C:\Windows\System\Drivers\BTHPORT.sys [55960 011-0-7] (Microsoft Corporation)
BTHUSB; C:\Windows\System\Drivers\BTHUSB.sys [808 011-0-7] (Microsoft Corporation)
cdfs; C:\Windows\System\Drivers\cdfs.sys [9160 009-07-1] (Microsoft Corporation)
1 cdrom; C:\Windows\System\Drivers\cdrom.sys [1756 010-11-0] (Microsoft Corporation)
circlass; C:\Windows\System\Drivers\circlass.sys [5568 009-07-1] (Microsoft Corporation)
CmBatt; C:\Windows\System\Drivers\CmBatt.sys [1766 009-07-1] (Microsoft Corporation)
0 CNG; C:\Windows\System\Drivers\CNG.sys [59 011-11-16] (Microsoft Corporation)
0 Compbatt; C:\Windows\System\Drivers\Compbatt.sys [158 009-07-1] (Microsoft Corporation)
CompositeBus; C:\Windows\System\Drivers\CompositeBus.sys [891 010-11-0] (Microsoft Corporation)
crcdisk; C:\Windows\System\Drivers\crcdisk.sys [1 009-07-1] (Microsoft Corporation)
1 DfsC; C:\Windows\System\Drivers\DfsC.sys [1000 010-11-0] (Microsoft Corporation)
DgiVecp; C:\Windows\System\Drivers\DgiVecp.sys [5816 009-07-1] (Samsung Electronics Co., Ltd.)
1 discache; C:\Windows\System\Drivers\discache.sys [08 009-07-1] (Microsoft Corporation)
0 Disk; C:\Windows\System\Drivers\Disk.sys [780 009-07-1] (Microsoft Corporation)
Dot; C:\Windows\System\Drivers\Dot.sys [1590 009-07-1] (Microsoft Corporation)
DotPrint; C:\Windows\System\DRIVERS\DotPrt.sys [19968 010-11-0] (Microsoft Corporation)
dotusb; C:\Windows\System\Drivers\dotusb.sys [008 009-07-1] (Microsoft Corporation)
drmkaud; C:\Windows\System\Drivers\drmkaud.sys [56 009-07-1] (Microsoft Corporation)
DXGKrnl; C:\Windows\System\Drivers\DXGKrnl.sys [9891 010-11-0] (Microsoft Corporation)
ebdrv; C:\Windows\system\drivers\evbda.sys [86016 009-06-10] (Broadcom Corporation)
ErrDev; C:\Windows\System\Drivers\ErrDev.sys [978 009-07-1] (Microsoft Corporation)
exfat; C:\Windows\System\Drivers\exfat.sys [19507 009-07-1] (Microsoft Corporation)
fastfat; C:\Windows\System\Drivers\fastfat.sys [0800 009-07-1] (Microsoft Corporation)
fdc; C:\Windows\System\Drivers\fdc.sys [9696 009-07-1] (Microsoft Corporation)
0 FileInfo; C:\Windows\System\Drivers\FileInfo.sys [70 009-07-1] (Microsoft Corporation)
Filetrace; C:\Windows\System\Drivers\Filetrace.sys [0 009-07-1] (Microsoft Corporation)
flpydisk; C:\Windows\System\Drivers\flpydisk.sys [576 009-07-1] (Microsoft Corporation)
0 FltMgr; C:\Windows\System\Drivers\FltMgr.sys [8966 010-11-0] (Microsoft Corporation)
FsDepends; C:\Windows\System\Drivers\FsDepends.sys [5576 009-07-1] (Microsoft Corporation)
0 Fs_Rec; C:\Windows\System\Drivers\Fs_Rec.sys [08 01-0-9] (Microsoft Corporation)
0 fvevol; C:\Windows\System\Drivers\fvevol.sys [8 010-11-0] (Microsoft Corporation)
gagp0kx; C:\Windows\System\Drivers\gagp0kx.sys [65088 009-07-1] (Microsoft Corporation)
HdAudAddService; C:\Windows\System\drivers\HdAudio.sys [5008 010-11-0] (Microsoft Corporation)
HDAudBus; C:\Windows\System\Drivers\HDAudBus.sys [168 010-11-0] (Microsoft Corporation)
HidBatt; C:\Windows\System\Drivers\HidBatt.sys [66 009-07-1] (Microsoft Corporation)
HidBth; C:\Windows\System\Drivers\HidBth.sys [10086 009-07-1] (Microsoft Corporation)
HidIr; C:\Windows\System\Drivers\HidIr.sys [659 009-07-1] (Microsoft Corporation)
HidUsb; C:\Windows\System\Drivers\HidUsb.sys [008 010-11-0] (Microsoft Corporation)
HpSAMD; C:\Windows\System\Drivers\HpSAMD.sys [7870 010-11-0] (Hewlett-Packard Company)
HTTP; C:\Windows\System\Drivers\HTTP.sys [7566 010-11-0] (Microsoft Corporation)
hwdatacard; C:\Windows\System\DRIVERS\ewusbmdm.sys [1158 008-0-17] (Huawei Technologies Co., Ltd.)
0 hwpolicy; C:\Windows\System\Drivers\hwpolicy.sys [170 010-11-0] (Microsoft Corporation)
i80prt; C:\Windows\System\Drivers\i80prt.sys [1057 009-07-1] (Microsoft Corporation)
0 iaStor; C:\Windows\System\Drivers\iaStor.sys [8808 010-11-05] (Intel Corporation)
iaStorV; C:\Windows\System\Drivers\iaStorV.sys [1096 011-07-1] (Intel Corporation)
igfx; C:\Windows\System\DRIVERS\igdkmd6.sys [160000 010-1-] (Intel Corporation)
iirsp; C:\Windows\System\Drivers\iirsp.sys [11 009-07-1] (Intel Corp./ICP vortex GmbH)
IntcAzAudAddService; C:\Windows\System\drivers\RTKVHD6.sys [899176 011-06-1] (Realtek Semiconductor Corp.)
IntcDAud; C:\Windows\System\Drivers\IntcDAud.sys [170 010-10-1] (Intel(R) Corporation)
intelide; C:\Windows\System\Drivers\intelide.sys [16960 009-07-1] (Microsoft Corporation)
intelppm; C:\Windows\System\Drivers\intelppm.sys [66 009-07-1] (Microsoft Corporation)
IpFilterDriver; C:\Windows\System\DRIVERS\ipfltdrv.sys [89 010-11-0] (Microsoft Corporation)
IPMIDRV; C:\Windows\System\Drivers\IPMIDRV.sys [7888 010-11-0] (Microsoft Corporation)
IPNAT; C:\Windows\System\Drivers\IPNAT.sys [116 009-07-1] (Microsoft Corporation)
IRENUM; C:\Windows\System\Drivers\IRENUM.sys [1790 009-07-1] (Microsoft Corporation)
isapnp; C:\Windows\System\Drivers\isapnp.sys [05 009-07-1] (Microsoft Corporation)
iScsiPrt; C:\Windows\system\drivers\msiscsi.sys [779 010-11-0] (Microsoft Corporation)
kbdclass; C:\Windows\System\Drivers\kbdclass.sys [50768 009-07-1] (Microsoft Corporation)
kbdhid; C:\Windows\System\Drivers\kbdhid.sys [80 010-11-0] (Microsoft Corporation)
0 KSecDD; C:\Windows\System\Drivers\KSecDD.sys [95600 011-11-16] (Microsoft Corporation)
0 KSecPkg; C:\Windows\System\Drivers\KSecPkg.sys [15 011-11-16] (Microsoft Corporation)
ksthunk; C:\Windows\System\Drivers\ksthunk.sys [099 009-07-1] (Microsoft Corporation)
lltdio; C:\Windows\System\Drivers\lltdio.sys [6098 009-07-1] (Microsoft Corporation)
LSI_FC; C:\Windows\System\Drivers\LSI_FC.sys [1175 009-07-1] (LSI Corporation)
LSI_SAS; C:\Windows\System\Drivers\LSI_SAS.sys [106560 009-07-1] (LSI Corporation)
LSI_SAS; C:\Windows\System\Drivers\LSI_SAS.sys [65600 009-07-1] (LSI Corporation)
LSI_SCSI; C:\Windows\System\Drivers\LSI_SCSI.sys [115776 009-07-1] (LSI Corporation)
1 luafv; C:\Windows\System\Drivers\luafv.sys [1115 009-07-1] (Microsoft Corporation)
megasas; C:\Windows\System\Drivers\megasas.sys [59 009-07-1] (LSI Corporation)
MegaSR; C:\Windows\System\Drivers\MegaSR.sys [876 009-07-1] (LSI Corporation, Inc.)
MEIx6; C:\Windows\system\drivers\HECIx6.sys [56 010-10-19] (Intel Corporation)
Modem; C:\Windows\System\Drivers\Modem.sys [08 009-07-1] (Microsoft Corporation)
monitor; C:\Windows\System\Drivers\monitor.sys [008 009-07-1] (Microsoft Corporation)
mouclass; C:\Windows\System\Drivers\mouclass.sys [916 009-07-1] (Microsoft Corporation)
mouhid; C:\Windows\System\Drivers\mouhid.sys [1 009-07-1] (Microsoft Corporation)
0 mountmgr; C:\Windows\System\Drivers\mountmgr.sys [959 010-11-0] (Microsoft Corporation)
0 MpFilter; C:\Windows\System\Drivers\MpFilter.sys [0888 01-0-0] (Microsoft Corporation)
mpio; C:\Windows\System\Drivers\mpio.sys [155008 010-11-0] (Microsoft Corporation)
mpsdrv; C:\Windows\System\Drivers\mpsdrv.sys [771 009-07-1] (Microsoft Corporation)
MRxDAV; C:\Windows\System\Drivers\MRxDAV.sys [10800 010-11-0] (Microsoft Corporation)
mrxsmb; C:\Windows\System\Drivers\mrxsmb.sys [15808 011-07-1] (Microsoft Corporation)
mrxsmb10; C:\Windows\System\Drivers\mrxsmb10.sys [88768 011-07-08] (Microsoft Corporation)
mrxsmb0; C:\Windows\System\Drivers\mrxsmb0.sys [18000 011-07-1] (Microsoft Corporation)
msahci; C:\Windows\System\Drivers\msahci.sys [110 010-11-0] (Microsoft Corporation)
msdsm; C:\Windows\System\Drivers\msdsm.sys [1067 010-11-0] (Microsoft Corporation)
1 Msfs; C:\Windows\System\Drivers\Msfs.sys [611 009-07-1] (Microsoft Corporation)
mshidkmdf; C:\Windows\System\Drivers\mshidkmdf.sys [819 009-07-1] (Microsoft Corporation)
0 msisadrv; C:\Windows\System\Drivers\msisadrv.sys [15 009-07-1] (Microsoft Corporation)
MSKSSRV; C:\Windows\System\Drivers\MSKSSRV.sys [1116 009-07-1] (Microsoft Corporation)
MSPCLOCK; C:\Windows\System\Drivers\MSPCLOCK.sys [7168 009-07-1] (Microsoft Corporation)
MSPQM; C:\Windows\System\Drivers\MSPQM.sys [678 009-07-1] (Microsoft Corporation)
MsRPC; C:\Windows\System\Drivers\MsRPC.sys [66976 010-11-0] (Microsoft Corporation)
1 mssmbios; C:\Windows\System\Drivers\mssmbios.sys [0 009-07-1] (Microsoft Corporation)
MSTEE; C:\Windows\System\Drivers\MSTEE.sys [806 009-07-1] (Microsoft Corporation)
MTConfig; C:\Windows\System\Drivers\MTConfig.sys [1560 009-07-1] (Microsoft Corporation)
0 Mup; C:\Windows\System\Drivers\Mup.sys [6096 009-07-1] (Microsoft Corporation)
1 mwlPSDFilter; C:\Windows\System\Drivers\mwlPSDFilter.sys [68 011-08-15] (Egis Technology Inc.)
1 mwlPSDNServ; C:\Windows\System\Drivers\mwlPSDNServ.sys [050 011-08-15] (Egis Technology Inc.)
1 mwlPSDVDisk; C:\Windows\System\Drivers\mwlPSDVDisk.sys [6776 011-08-15] (Egis Technology Inc.)
NativeWifiP; C:\Windows\System\DRIVERS\nwifi.sys [18976 009-07-1] (Microsoft Corporation)
0 NDIS; C:\Windows\System\Drivers\NDIS.sys [951680 010-11-0] (Microsoft Corporation)
NdisCap; C:\Windows\System\Drivers\NdisCap.sys [58 009-07-1] (Microsoft Corporation)
NdisTapi; C:\Windows\System\Drivers\NdisTapi.sys [06 009-07-1] (Microsoft Corporation)
Ndisuio; C:\Windows\System\Drivers\Ndisuio.sys [568 010-11-0] (Microsoft Corporation)
NdisWan; C:\Windows\System\Drivers\NdisWan.sys [165 010-11-0] (Microsoft Corporation)
NDProxy; C:\Windows\System\Drivers\NDProxy.sys [57856 010-11-0] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System\Drivers\NetBIOS.sys [5 009-07-1] (Microsoft Corporation)
1 NetBT; C:\Windows\System\Drivers\NetBT.sys [616 010-11-0] (Microsoft Corporation)
NisDrv; C:\Windows\System\DRIVERS\NisDrvWFP.sys [98688 01-0-0] (Microsoft Corporation)
1 Npfs; C:\Windows\System\Drivers\Npfs.sys [0 009-07-1] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System\Drivers\nsiproxy.sys [576 009-07-1] (Microsoft Corporation)
Ntfs; C:\Windows\System\Drivers\Ntfs.sys [1659776 011-07-1] (Microsoft Corporation)
NTIDrvr; C:\Windows\System\Drivers\NTIDrvr.sys [18 011-0-09] (NTI Corporation)
1 Null; C:\Windows\System\Drivers\Null.sys [61 009-07-1] (Microsoft Corporation)
nvlddmkm; C:\Windows\System\Drivers\nvlddmkm.sys [1066600 011-0-0] (NVIDIA Corporation)
0 nvpciflt; C:\Windows\System\Drivers\nvpciflt.sys [5960 011-0-0] (NVIDIA Corporation)
nvraid; C:\Windows\System\Drivers\nvraid.sys [185 011-07-1] (NVIDIA Corporation)
nvstor; C:\Windows\System\Drivers\nvstor.sys [1667 011-07-1] (NVIDIA Corporation)
nv_agp; C:\Windows\System\Drivers\nv_agp.sys [1960 009-07-1] (Microsoft Corporation)
ohci19; C:\Windows\System\Drivers\ohci19.sys [78 009-07-1] (Microsoft Corporation)
Parport; C:\Windows\System\Drivers\Parport.sys [9780 009-07-1] (Microsoft Corporation)
0 partmgr; C:\Windows\System\Drivers\partmgr.sys [7510 01-0-16] (Microsoft Corporation)
0 pci; C:\Windows\System\Drivers\pci.sys [1870 010-11-0] (Microsoft Corporation)
pciide; C:\Windows\System\Drivers\pciide.sys [15 009-07-1] (Microsoft Corporation)
pcmcia; C:\Windows\System\Drivers\pcmcia.sys [075 009-07-1] (Microsoft Corporation)
0 pcw; C:\Windows\System\Drivers\pcw.sys [50768 009-07-1] (Microsoft Corporation)
PEAUTH; C:\Windows\System\Drivers\PEAUTH.sys [6516 009-07-1] (Microsoft Corporation)
PptpMiniport; C:\Windows\System\DRIVERS\raspptp.sys [11110 010-11-0] (Microsoft Corporation)
Processor; C:\Windows\system\drivers\processr.sys [6016 009-07-1] (Microsoft Corporation)
1 Psched; C:\Windows\System\DRIVERS\pacer.sys [1158 010-11-0] (Microsoft Corporation)
QWAVEdrv; C:\Windows\System\Drivers\QWAVEdrv.sys [659 009-07-1] (Microsoft Corporation)
RasAcd; C:\Windows\System\Drivers\RasAcd.sys [188 009-07-1] (Microsoft Corporation)
RasAgileVpn; C:\Windows\System\DRIVERS\AgileVpn.sys [6016 009-07-1] (Microsoft Corporation)
Rasltp; C:\Windows\System\Drivers\Rasltp.sys [1956 010-11-0] (Microsoft Corporation)
RasPppoe; C:\Windows\System\Drivers\RasPppoe.sys [967 009-07-1] (Microsoft Corporation)
RasSstp; C:\Windows\System\Drivers\RasSstp.sys [8968 009-07-1] (Microsoft Corporation)
1 rdbss; C:\Windows\System\Drivers\rdbss.sys [098 010-11-0] (Microsoft Corporation)
rdpbus; C:\Windows\System\Drivers\rdpbus.sys [06 009-07-1] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System\Drivers\RDPCDD.sys [7680 009-07-1] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System\Drivers\RDPENCDD.sys [7680 009-07-1] (Microsoft Corporation)
1 RDPREFMP; C:\Windows\System\Drivers\RDPREFMP.sys [819 009-07-1] (Microsoft Corporation)
RDPWD; C:\Windows\System\Drivers\RDPWD.sys [109 01-0-7] (Microsoft Corporation)
0 rdyboost; C:\Windows\System\Drivers\rdyboost.sys [1888 010-11-0] (Microsoft Corporation)
RsFx0151; C:\Windows\System\Drivers\RsFx0151.sys [1696 011-06-17] (Microsoft Corporation)
RSPCIESTOR; C:\Windows\System\DRIVERS\RtsPStor.sys [6760 010-10-9] (Realtek Semiconductor Corp.)
rspndr; C:\Windows\System\Drivers\rspndr.sys [76800 009-07-1] (Microsoft Corporation)
sbpport; C:\Windows\System\Drivers\sbpport.sys [10808 010-11-0] (Microsoft Corporation)
scfilter; C:\Windows\System\Drivers\scfilter.sys [9696 010-11-0] (Microsoft Corporation)
Serenum; C:\Windows\System\Drivers\Serenum.sys [55 009-07-1] (Microsoft Corporation)
Serial; C:\Windows\System\Drivers\Serial.sys [908 009-07-1] (Microsoft Corporation)
sermouse; C:\Windows\System\Drivers\sermouse.sys [66 009-07-1] (Microsoft Corporation)
sffdisk; C:\Windows\System\Drivers\sffdisk.sys [16 009-07-1] (Microsoft Corporation)
sffp_mmc; C:\Windows\System\Drivers\sffp_mmc.sys [18 009-07-1] (Microsoft Corporation)
sffp_sd; C:\Windows\System\Drivers\sffp_sd.sys [16 010-11-0] (Microsoft Corporation)
sfloppy; C:\Windows\System\Drivers\sfloppy.sys [16896 009-07-1] (Microsoft Corporation)
Smb; C:\Windows\System\Drivers\Smb.sys [918 009-07-1] (Microsoft Corporation)
0 spldr; C:\Windows\System\Drivers\spldr.sys [19008 009-07-1] (Microsoft Corporation)
srv; C:\Windows\System\Drivers\srv.sys [6756 011-07-1] (Microsoft Corporation)
srv; C:\Windows\System\Drivers\srv.sys [1011 011-07-1] (Microsoft Corporation)
srvnet; C:\Windows\System\Drivers\srvnet.sys [1688 011-07-1] (Microsoft Corporation)
swenum; C:\Windows\System\Drivers\swenum.sys [196 009-07-1] (Microsoft Corporation)
0 Tcpip; C:\Windows\System\Drivers\Tcpip.sys [19180 01-0-0] (Microsoft Corporation)
TCPIP6; C:\Windows\System\DRIVERS\tcpip.sys [19180 01-0-0] (Microsoft Corporation)
tcpipreg; C:\Windows\System\Drivers\tcpipreg.sys [5056 010-11-0] (Microsoft Corporation)
TDPIPE; C:\Windows\System\Drivers\TDPIPE.sys [1587 009-07-1] (Microsoft Corporation)
TDTCP; C:\Windows\System\Drivers\TDTCP.sys [55 01-0-16] (Microsoft Corporation)
1 tdx; C:\Windows\System\Drivers\tdx.sys [11996 010-11-0] (Microsoft Corporation)
1 TermDD; C:\Windows\System\Drivers\TermDD.sys [660 010-11-0] (Microsoft Corporation)
tssecsrv; C:\Windows\System\Drivers\tssecsrv.sys [9 010-11-0] (Microsoft Corporation)
TsUsbFlt; C:\Windows\System\Drivers\TsUsbFlt.sys [599 010-11-0] (Microsoft Corporation)
TsUsbGD; C:\Windows\System\Drivers\TsUsbGD.sys [1 010-11-0] (Microsoft Corporation)
tunnel; C:\Windows\System\Drivers\tunnel.sys [150 010-11-0] (Microsoft Corporation)
TurboB; C:\Windows\System\Drivers\TurboB.sys [1610 010-11-9] (Intel(R) Corporation)
uagp5; C:\Windows\System\Drivers\uagp5.sys [6080 009-07-1] (Microsoft Corporation)
UBHelper; C:\Windows\System\Drivers\UBHelper.sys [1708 011-0-09] (NTI Corporation)
udfs; C:\Windows\System\Drivers\udfs.sys [819 010-11-0] (Microsoft Corporation)
uliagpkx; C:\Windows\System\Drivers\uliagpkx.sys [659 009-07-1] (Microsoft Corporation)
umbus; C:\Windows\System\Drivers\umbus.sys [860 010-11-0] (Microsoft Corporation)
UmPass; C:\Windows\System\Drivers\UmPass.sys [978 009-07-1] (Microsoft Corporation)
USBAAPL6; C:\Windows\System\Drivers\USBAAPL6.sys [5171 011-08-0] (Apple, Inc.)
usbaudio; C:\Windows\System\Drivers\usbaudio.sys [109696 010-11-0] (Microsoft Corporation)
usbccgp; C:\Windows\System\Drivers\usbccgp.sys [98816 011-07-1] (Microsoft Corporation)
usbcir; C:\Windows\System\Drivers\usbcir.sys [1005 009-07-1] (Microsoft Corporation)
usbehci; C:\Windows\System\Drivers\usbehci.sys [576 011-07-1] (Microsoft Corporation)
usbhub; C:\Windows\System\Drivers\usbhub.sys [00 011-07-1] (Microsoft Corporation)
usbohci; C:\Windows\System\Drivers\usbohci.sys [5600 011-07-1] (Microsoft Corporation)
usbprint; C:\Windows\System\Drivers\usbprint.sys [5088 009-07-1] (Microsoft Corporation)
usbscan; C:\Windows\System\Drivers\usbscan.sys [198 009-07-1] (Microsoft Corporation)
USBSTOR; C:\Windows\System\Drivers\USBSTOR.sys [9168 011-07-1] (Microsoft Corporation)
usbuhci; C:\Windows\System\Drivers\usbuhci.sys [070 011-07-1] (Microsoft Corporation)
usbvideo; C:\Windows\System\Drivers\usbvideo.sys [18960 010-11-0] (Microsoft Corporation)
0 vdrvroot; C:\Windows\System\Drivers\vdrvroot.sys [6 009-07-1] (Microsoft Corporation)
vga; C:\Windows\System\Drivers\vga.sys [918 009-07-1] (Microsoft Corporation)
1 VgaSave; C:\Windows\System\drivers\vga.sys [918 009-07-1] (Microsoft Corporation)
vhdmp; C:\Windows\System\Drivers\vhdmp.sys [1596 010-11-0] (Microsoft Corporation)
0 volmgr; C:\Windows\System\Drivers\volmgr.sys [7155 010-11-0] (Microsoft Corporation)
0 volmgrx; C:\Windows\System\Drivers\volmgrx.sys [69 010-11-0] (Microsoft Corporation)
vwifibus; C:\Windows\System\Drivers\vwifibus.sys [576 009-07-1] (Microsoft Corporation)
1 vwififlt; C:\Windows\System\Drivers\vwififlt.sys [5990 009-07-1] (Microsoft Corporation)
WacomPen; C:\Windows\System\Drivers\WacomPen.sys [7776 009-07-1] (Microsoft Corporation)
WANARP; C:\Windows\System\Drivers\WANARP.sys [88576 010-11-0] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System\DRIVERS\wanarp.sys [88576 010-11-0] (Microsoft Corporation)
Wd; C:\Windows\System\Drivers\Wd.sys [1056 009-07-1] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System\Drivers\Wdf01000.sys [6598 009-07-1] (Microsoft Corporation)
1 WfpLwf; C:\Windows\System\Drivers\WfpLwf.sys [1800 009-07-1] (Microsoft Corporation)
WIMMount; C:\Windows\System\Drivers\WIMMount.sys [096 009-07-1] (Microsoft Corporation)
WIMMount; C:\Windows\SysWow6\Drivers\WIMMount.sys [19008 009-07-1] (Microsoft Corporation)
WinUsb; C:\Windows\System\Drivers\WinUsb.sys [198 010-11-0] (Microsoft Corporation)
wsifsl; C:\Windows\System\Drivers\wsifsl.sys [150 009-07-1] (Microsoft Corporation)
WudfPf; C:\Windows\System\Drivers\WudfPf.sys [1118 010-11-0] (Microsoft Corporation)
WUDFRd; C:\Windows\System\Drivers\WUDFRd.sys [175 010-11-0] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

01-07-11 07:18 - 01-07-11 07:18 - 00000000 ____D C:\FRST
01-07-10 11:7 - 01-07-10 11:7 - 0006556 ____A C:\Users\Kim\0.6190951891565.exe
01-07-10 11:7 - 01-07-10 11:7 - 0006556 ____A C:\Users\All Users\pgfagftp.exe
01-07-10 11:7 - 01-07-10 11:7 - 00000051 ____A C:\Users\All Users\cdbtnjvlfbqpugu
01-07-10 11:7 - 01-07-10 11:7 - 00000000 ____D C:\Users\All Users\wjbmmjcuxnegisg
01-07-06 06:9 - 01-07-06 06:9 - 00001758 ____A C:\Users\Public\Desktop\Browser Choice.lnk
01-07-06 0: - 010-0- 00:16 - 00991 ____A (Microsoft Corporation) C:\Windows\System\browserchoice.exe
01-07-0 :15 - 01-07-0 :5 - 00000000 ____D C:\Users\Kim\Desktop\PBS betalingsoversigter
01-07-0 11:10 - 01-07-0 11:18 - 00000000 ____D C:\Users\All Users\B7E858A700006A0001B9BEB67
01-06-9 05: - 01-06-9 05: - 00050655 ____A C:\Users\Kim\Desktop\Reson Document Printing V0. 01.06.8.xlsm
01-06-5 0:07 - 01-06-5 0:07 - 00000000 ____D C:\Users\Kim\AppData\Roaming\Mozilla
01-06- 1:7 - 01-06- 1:7 - 00000000 ____D C:\Windows\PCHEALTH
01-06- 11:0 - 01-06- 1:9 - 0000009 ____A C:\Windows\vbaddin.ini
01-06- 07:57 - 01-06- 08:1 - 5987155 ____A (Microsoft Corporation) C:\Users\Kim\Desktop\en_visio_010_x6_51655.exe
01-06- 0:09 - 01-06- 0: - 851056 ____A (Microsoft Corporation) C:\Users\Kim\Desktop\en_project_professional_010_x6_515566.exe
01-06-18 0:10 - 01-06-0 1:19 - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
01-06-18 0:10 - 01-06-0 1:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
01-06-18 0:10 - 01-06-0 1:19 - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06-18 0:10 - 01-06-0 1:15 - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
01-06-18 0:09 - 01-06-0 1:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
01-06-18 0:09 - 01-06-0 1:19 - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06-18 0:09 - 01-06-0 1:15 - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
01-06-18 0:09 - 01-06-0 05:19 - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
01-06-18 0:09 - 01-06-0 05:15 - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
01-06-18 10:11 - 01-06-18 10:0 - 00086 ____A C:\Users\Kim\Desktop\Otsuka Project Plan - 01.06.18. KP.xlsx
01-06-17 1:0 - 01-06-18 10:10 - 000858 ____A C:\Users\Kim\Desktop\Otsuka Project Plan.xlsx
01-06-1 1:9 - 01-05-17 18:7 - 1780760 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
01-06-1 1:9 - 01-05-17 18:16 - 1090 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
01-06-1 1:9 - 01-05-17 18:06 - 011680 ____A (Microsoft Corporation) C:\Windows\System\jscript9.dll
01-06-1 1:9 - 01-05-17 17:59 - 01918 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
01-06-1 1:9 - 01-05-17 17:59 - 01608 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
01-06-1 1:9 - 01-05-17 17:58 - 01958 ____A (Microsoft Corporation) C:\Windows\System\inetcpl.cpl
01-06-1 1:9 - 01-05-17 17:58 - 007056 ____A (Microsoft Corporation) C:\Windows\System\url.dll
01-06-1 1:9 - 01-05-17 17:56 - 0008550 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
01-06-1 1:9 - 01-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
01-06-1 1:9 - 01-05-17 17:55 - 0017056 ____A (Microsoft Corporation) C:\Windows\System\ieUnatt.exe
01-06-1 1:9 - 01-05-17 17:5 - 01768 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
01-06-1 1:9 - 01-05-17 17:51 - 0888 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
01-06-1 1:9 - 01-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
01-06-1 1:9 - 01-05-17 17:7 - 0080 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
01-06-1 1:9 - 01-05-17 15:11 - 116 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
01-06-1 1:9 - 01-05-17 1:8 - 097778 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
01-06-1 1:9 - 01-05-17 1:5 - 0180019 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript9.dll
01-06-1 1:9 - 01-05-17 1:6 - 011087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
01-06-1 1:9 - 01-05-17 1:5 - 017968 ____A (Microsoft Corporation) C:\Windows\SysWOW6\inetcpl.cpl
01-06-1 1:9 - 01-05-17 1:5 - 01197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
01-06-1 1:9 - 01-05-17 1: - 00196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
01-06-1 1:9 - 01-05-17 1:1 - 000650 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
01-06-1 1:9 - 01-05-17 1:9 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll
01-06-1 1:9 - 01-05-17 1:9 - 00188 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieUnatt.exe
01-06-1 1:9 - 01-05-17 1:7 - 01790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
01-06-1 1:9 - 01-05-17 1:5 - 000716 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
01-06-1 1:9 - 01-05-17 1: - 0888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
01-06-1 1:9 - 01-05-17 1:0 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
01-06-1 09:05 - 01-05-0 0:06 - 0555966 ____A (Microsoft Corporation) C:\Windows\System\ntoskrnl.exe
01-06-1 09:05 - 01-05-0 0:0 - 096868 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntkrnlpa.exe
01-06-1 09:05 - 01-05-0 0:0 - 09107 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntoskrnl.exe
01-06-1 0:0 - 01-0-07 0:1 - 0168 ____A (Microsoft Corporation) C:\Windows\System\msi.dll
01-06-1 0:0 - 01-0-07 0:6 - 000 ____A (Microsoft Corporation) C:\Windows\SysWOW6\msi.dll
01-06-1 0:0 - 01-0- 1:7 - 0167 ____A (Microsoft Corporation) C:\Windows\System\crypt.dll
01-06-1 0:0 - 01-0- 1:7 - 00180 ____A (Microsoft Corporation) C:\Windows\System\cryptsvc.dll
01-06-1 0:0 - 01-0- 1:7 - 001088 ____A (Microsoft Corporation) C:\Windows\System\cryptnet.dll
01-06-1 0:0 - 01-0- 0:6 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW6\crypt.dll
01-06-1 0:0 - 01-0- 0:6 - 001088 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptsvc.dll
01-06-1 0:0 - 01-0- 0:6 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptnet.dll
01-06-1 0:8 - 01-05-1 17: - 01675 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
01-06-1 0:00 - 01-0-7 19:55 - 00109 ____A (Microsoft Corporation) C:\Windows\System\Drivers\rdpwd.sys
01-06-1 01:1 - 01-0-5 1:1 - 001950 ____A (Microsoft Corporation) C:\Windows\System\rdpcorekmts.dll
01-06-1 01:1 - 01-0-5 1:1 - 000771 ____A (Microsoft Corporation) C:\Windows\System\rdpwsx.dll
01-06-1 01:1 - 01-0-5 1: - 0000916 ____A (Microsoft Corporation) C:\Windows\System\rdrmemptylst.exe
01-06-1 01:1 - 01-0-0 1:0 - 000990 ____A (Microsoft Corporation) C:\Windows\System\profsvc.dll
01-06-11 0: - 01-07-01 0:8 - 00008 ____A C:\Users\Public\Desktop\Google Chrome.lnk
01-06-11 0: - 01-06-11 0: - 00000 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
01-06-11 01:8 - 01-07-10 1:11 - 000009 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
01-06-11 01:8 - 01-07-10 0:58 - 0000096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
01-06-11 01:8 - 01-06-11 01:8 - 00000000 ____D C:\Users\All Users\Google
01-06-11 01:8 - 01-06-11 01:8 - 00000000 ____D C:\Program Files\Google

============  Months Modified Files ========================

01-07-10 1:11 - 01-06-11 01:8 - 000009 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
01-07-10 1:11 - 009-07-1 1:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
01-07-10 1:11 - 009-07-1 0:51 - 0007166 ____A C:\Windows\setupact.log
01-07-10 1:10 - 011-09-19 11:5 - 015791 ____A C:\Windows\WindowsUpdate.log
01-07-10 0:58 - 01-06-11 01:8 - 0000096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
01-07-10 0:56 - 009-07-1 0:5 - 00016976 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-5P-1.C7856-A89-9d-8115-6016D005A0
01-07-10 0:56 - 009-07-1 0:5 - 00016976 ___AH C:\Windows\System\7B96FB0-76B-97e-B01-9C50E1B77-5P-0.C7856-A89-9d-8115-6016D005A0
01-07-10 1: - 01-0-0 0:7 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-1-868598-11896980-805166-1001UA.job
01-07-10 11:7 - 01-07-10 11:7 - 0006556 ____A C:\Users\Kim\0.6190951891565.exe
01-07-10 11:7 - 01-07-10 11:7 - 0006556 ____A C:\Users\All Users\pgfagftp.exe
01-07-10 11:7 - 01-07-10 11:7 - 00000051 ____A C:\Users\All Users\cdbtnjvlfbqpugu
01-07-10 11: - 01-0-0 0:7 - 0000088 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-1-868598-11896980-805166-1001Core.job
01-07-10 11:1 - 009-07-1 1:1 - 009790 ____A C:\Windows\System\PerfStringBackup.INI
01-07-07 15:0 - 011-10-05 :16 - 0060017 ____A C:\Users\Kim\danid.log
01-07-06 06:9 - 01-07-06 06:9 - 00001758 ____A C:\Users\Public\Desktop\Browser Choice.lnk
01-07-01 0:8 - 01-06-11 0: - 00008 ____A C:\Users\Public\Desktop\Google Chrome.lnk
01-06-9 05: - 01-06-9 05: - 00050655 ____A C:\Users\Kim\Desktop\Reson Document Printing V0. 01.06.8.xlsm
01-06-9 01:56 - 011-10-6 0:9 - 0000007 ____A C:\Users\Public\LMDebug.log
01-06- 1:9 - 01-06- 11:0 - 0000009 ____A C:\Windows\vbaddin.ini
01-06- 05: - 011-10-05 :16 - 0106078 ____A C:\Users\Kim\danid.log.1
01-06- 08:1 - 01-06- 07:57 - 5987155 ____A (Microsoft Corporation) C:\Users\Kim\Desktop\en_visio_010_x6_51655.exe
01-06- 07:9 - 01-01-0 09:1 - 0000008 ____A C:\Windows\ODBC.INI
01-06- 0: - 01-06- 0:09 - 851056 ____A (Microsoft Corporation) C:\Users\Kim\Desktop\en_project_professional_010_x6_515566.exe
01-06- 08:59 - 01-0-1 0:1 - 0000178 ____A C:\Users\Public\Desktop\CDBurnerXP.lnk
01-06-18 10:0 - 01-06-18 10:11 - 00086 ____A C:\Users\Kim\Desktop\Otsuka Project Plan - 01.06.18. KP.xlsx
01-06-18 10:10 - 01-06-17 1:0 - 000858 ____A C:\Users\Kim\Desktop\Otsuka Project Plan.xlsx
01-06-15 1:16 - 011-10-0 05:0 - 589578 ____A (Microsoft Corporation) C:\Windows\System\MRT.exe
01-06-1 08:5 - 009-07-1 0:5 - 0987 ____A C:\Windows\System\FNTCACHE.DAT
01-06-11 1: - 010-11-0 19:7 - 0005878 ____A C:\Windows\PFRO.log
01-06-11 0: - 01-06-11 0: - 00000 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
01-06-11 01:1 - 011-10-0 10: - 001118 ____A C:\Users\Kim\AppData\Local\GDIPFONTCACHEV1.DAT
01-06-0 0:8 - 009-07-1 1:08 - 000608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
01-06-0 00:1 - 011-10-0 06:7 - 0000101 ____A C:\Users\Kim\Desktop\Dropbox.lnk
01-06-0 1:19 - 01-06-18 0:10 - 0895 ____A (Microsoft Corporation) C:\Windows\System\wuaueng.dll
01-06-0 1:19 - 01-06-18 0:10 - 00057880 ____A (Microsoft Corporation) C:\Windows\System\wuauclt.exe
01-06-0 1:19 - 01-06-18 0:10 - 000056 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06-0 1:19 - 01-06-18 0:09 - 00701976 ____A (Microsoft Corporation) C:\Windows\System\wuapi.dll
01-06-0 1:19 - 01-06-18 0:09 - 0008 ____A (Microsoft Corporation) C:\Windows\System\wups.dll
01-06-0 1:15 - 01-06-18 0:10 - 066 ____A (Microsoft Corporation) C:\Windows\System\wucltux.dll
01-06-0 1:15 - 01-06-18 0:09 - 0009980 ____A (Microsoft Corporation) C:\Windows\System\wudriver.dll
01-06-0 05:19 - 01-06-18 0:09 - 0018675 ____A (Microsoft Corporation) C:\Windows\System\wuwebv.dll
01-06-0 05:15 - 01-06-18 0:09 - 000686 ____A (Microsoft Corporation) C:\Windows\System\wuapp.exe
01-05-17 18:7 - 01-06-1 1:9 - 1780760 ____A (Microsoft Corporation) C:\Windows\System\mshtml.dll
01-05-17 18:16 - 01-06-1 1:9 - 1090 ____A (Microsoft Corporation) C:\Windows\System\ieframe.dll
01-05-17 18:06 - 01-06-1 1:9 - 011680 ____A (Microsoft Corporation) C:\Windows\System\jscript9.dll
01-05-17 17:59 - 01-06-1 1:9 - 01918 ____A (Microsoft Corporation) C:\Windows\System\wininet.dll
01-05-17 17:59 - 01-06-1 1:9 - 01608 ____A (Microsoft Corporation) C:\Windows\System\urlmon.dll
01-05-17 17:58 - 01-06-1 1:9 - 01958 ____A (Microsoft Corporation) C:\Windows\System\inetcpl.cpl
01-05-17 17:58 - 01-06-1 1:9 - 007056 ____A (Microsoft Corporation) C:\Windows\System\url.dll
01-05-17 17:56 - 01-06-1 1:9 - 0008550 ____A (Microsoft Corporation) C:\Windows\System\jsproxy.dll
01-05-17 17:55 - 01-06-1 1:9 - 00818688 ____A (Microsoft Corporation) C:\Windows\System\jscript.dll
01-05-17 17:55 - 01-06-1 1:9 - 0017056 ____A (Microsoft Corporation) C:\Windows\System\ieUnatt.exe
01-05-17 17:5 - 01-06-1 1:9 - 01768 ____A (Microsoft Corporation) C:\Windows\System\iertutil.dll
01-05-17 17:51 - 01-06-1 1:9 - 0888 ____A (Microsoft Corporation) C:\Windows\System\mshtml.tlb
01-05-17 17:51 - 01-06-1 1:9 - 00096768 ____A (Microsoft Corporation) C:\Windows\System\mshtmled.dll
01-05-17 17:7 - 01-06-1 1:9 - 0080 ____A (Microsoft Corporation) C:\Windows\System\ieui.dll
01-05-17 15:11 - 01-06-1 1:9 - 116 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.dll
01-05-17 1:8 - 01-06-1 1:9 - 097778 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieframe.dll
01-05-17 1:5 - 01-06-1 1:9 - 0180019 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript9.dll
01-05-17 1:6 - 01-06-1 1:9 - 011087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\urlmon.dll
01-05-17 1:5 - 01-06-1 1:9 - 017968 ____A (Microsoft Corporation) C:\Windows\SysWOW6\inetcpl.cpl
01-05-17 1:5 - 01-06-1 1:9 - 01197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\wininet.dll
01-05-17 1: - 01-06-1 1:9 - 00196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\url.dll
01-05-17 1:1 - 01-06-1 1:9 - 000650 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jsproxy.dll
01-05-17 1:9 - 01-06-1 1:9 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW6\jscript.dll
01-05-17 1:9 - 01-06-1 1:9 - 00188 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieUnatt.exe
01-05-17 1:7 - 01-06-1 1:9 - 01790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\iertutil.dll
01-05-17 1:5 - 01-06-1 1:9 - 000716 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtmled.dll
01-05-17 1: - 01-06-1 1:9 - 0888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\mshtml.tlb
01-05-17 1:0 - 01-06-1 1:9 - 0017660 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ieui.dll
01-05-1 17: - 01-06-1 0:8 - 01675 ____A (Microsoft Corporation) C:\Windows\System\wink.sys
01-05-0 0:06 - 01-06-1 09:05 - 0555966 ____A (Microsoft Corporation) C:\Windows\System\ntoskrnl.exe
01-05-0 0:0 - 01-06-1 09:05 - 096868 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntkrnlpa.exe
01-05-0 0:0 - 01-06-1 09:05 - 09107 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ntoskrnl.exe
01-05-0 :06 - 011-10-0 11:00 - 0098007 ____A C:\Windows\SysWOW6\PerfStringBackup.INI
01-05-0 :06 - 011-10-0 11:00 - 0000195 ____A C:\Windows\epplauncher.mif
01-0-0 1:0 - 01-06-1 01:1 - 000990 ____A (Microsoft Corporation) C:\Windows\System\profsvc.dll
01-0-7 19:55 - 01-06-1 0:00 - 00109 ____A (Microsoft Corporation) C:\Windows\System\Drivers\rdpwd.sys
01-0-5 1:1 - 01-06-1 01:1 - 001950 ____A (Microsoft Corporation) C:\Windows\System\rdpcorekmts.dll
01-0-5 1:1 - 01-06-1 01:1 - 000771 ____A (Microsoft Corporation) C:\Windows\System\rdpwsx.dll
01-0-5 1: - 01-06-1 01:1 - 0000916 ____A (Microsoft Corporation) C:\Windows\System\rdrmemptylst.exe
01-0- 1:7 - 01-06-1 0:0 - 0167 ____A (Microsoft Corporation) C:\Windows\System\crypt.dll
01-0- 1:7 - 01-06-1 0:0 - 00180 ____A (Microsoft Corporation) C:\Windows\System\cryptsvc.dll
01-0- 1:7 - 01-06-1 0:0 - 001088 ____A (Microsoft Corporation) C:\Windows\System\cryptnet.dll
01-0- 0:6 - 01-06-1 0:0 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW6\crypt.dll
01-0- 0:6 - 01-06-1 0:0 - 001088 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptsvc.dll
01-0- 0:6 - 01-06-1 0:0 - 001096 ____A (Microsoft Corporation) C:\Windows\SysWOW6\cryptnet.dll
01-0-0 0:57 - 011-09-19 1:18 - 00015817 ____A C:\Users\All Users\ArcadeDeluxe5.log
01-0-1 0:1 - 011-10-10 0:50 - 0000515 ____A C:\Users\Public\Desktop\Skype.lnk

========================= Known DLLs (Whitelisted) ============

[009-07-1 16:00] - [009-07-1 17:0] - 06077 ____A (Microsoft Corporation) C:\Windows\System\clbcatq.dll
[009-07-1 15:] - [009-07-1 17:15] - 050 ____A (Microsoft Corporation) C:\Windows\SysWOW6\clbcatq.dll
[010-11-0 19:] - [010-11-0 19:] - 08691 ____A (Microsoft Corporation) C:\Windows\System\ole.dll
[010-11-0 19:] - [010-11-0 19:] - 111 ____A (Microsoft Corporation) C:\Windows\SysWOW6\ole.dll
[009-07-1 16:1] - [009-07-1 17:0] - 0877056 ____A (Microsoft Corporation) C:\Windows\System\advapi.dll
[010-11-0 19:] - [010-11-0 19:] - 06051 ____A (Microsoft Corporation) C:\Windows\SysWOW6\advapi.dll
[010-11-0 19:] - [010-11-0 19:] - 059 ____A (Microsoft Corporation) C:\Windows\System\COMDLG.dll
[010-11-0 19:] - [010-11-0 19:] - 085888 ____A (Microsoft Corporation) C:\Windows\SysWOW6\COMDLG.dll
[010-11-0 19:] - [010-11-0 19:] - 00968 ____A (Microsoft Corporation) C:\Windows\System\gdi.dll
[010-11-0 19:] - [010-11-0 19:] - 01196 ____A (Microsoft Corporation) C:\Windows\SysWOW6\gdi.dll
[01-06-1 1:9] - [01-05-17 17:5] - 1768 ____A (Microsoft Corporation) C:\Windows\System\IERTUTIL.dll
[01-06-1 1:9] - [01-05-17 1:7] - 1790 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IERTUTIL.dll
[01-0-11 01:5] - [01-0-9 :] - 008108 ____A (Microsoft Corporation) C:\Windows\System\IMAGEHLP.dll
[01-0-11 01:5] - [01-0-9 1:] - 0159 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMAGEHLP.dll
[009-07-1 15:8] - [009-07-1 17:1] - 0167 ____A (Microsoft Corporation) C:\Windows\System\IMM.dll
[010-11-0 19:] - [010-11-0 19:] - 0119808 ____A (Microsoft Corporation) C:\Windows\SysWOW6\IMM.dll
[011-10-0 05:1] - [011-07-15 1:7] - 11675 ____A (Microsoft Corporation) C:\Windows\System\kernel.dll
[011-10-0 05:1] - [011-07-15 0:] - 11111 ____A (Microsoft Corporation) C:\Windows\SysWOW6\kernel.dll
[009-07-1 15:8] - [009-07-1 17:1] - 00198 ____A (Microsoft Corporation) C:\Windows\System\LPK.dll
[009-07-1 15:5] - [009-07-1 17:11] - 005600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\LPK.dll
[009-07-1 15:0] - [009-07-1 17:1] - 1067008 ____A (Microsoft Corporation) C:\Windows\System\MSCTF.dll
[009-07-1 15:8] - [009-07-1 17:15] - 08898 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSCTF.dll
[01-0-1 :] - [011-1-16 00:6] - 06880 ____A (Microsoft Corporation) C:\Windows\System\MSVCRT.dll
[01-0-1 :] - [011-1-15 :5] - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW6\MSVCRT.dll
[009-07-1 15:6] - [009-07-1 17:1] - 000560 ____A (Microsoft Corporation) C:\Windows\System\NORMALIZ.dll
[009-07-1 15:15] - [009-07-1 17:09] - 00008 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NORMALIZ.dll
[009-07-1 15:1] - [009-07-1 17:1] - 0018 ____A (Microsoft Corporation) C:\Windows\System\NSI.dll
[009-07-1 15:1] - [009-07-1 17:16] - 000870 ____A (Microsoft Corporation) C:\Windows\SysWOW6\NSI.dll
[011-10-1 0:07] - [011-08-6 1:7] - 0861696 ____A (Microsoft Corporation) C:\Windows\System\OLEAUT.dll
[011-10-1 0:07] - [011-08-6 0:6] - 057190 ____A (Microsoft Corporation) C:\Windows\SysWOW6\OLEAUT.dll
[009-07-1 15:6] - [009-07-1 17:1] - 000916 ____A (Microsoft Corporation) C:\Windows\System\PSAPI.dll
[009-07-1 15:15] - [009-07-1 17:16] - 00061 ____A (Microsoft Corporation) C:\Windows\SysWOW6\PSAPI.dll
[010-11-0 19:] - [010-11-0 19:] - 11958 ____A (Microsoft Corporation) C:\Windows\System\rpcrt.dll
[010-11-0 19:] - [010-11-0 19:] - 06600 ____A (Microsoft Corporation) C:\Windows\SysWOW6\rpcrt.dll
[009-07-1 15:0] - [009-07-1 17:1] - 01166 ____A (Microsoft Corporation) C:\Windows\System\sechost.dll
[009-07-1 15:11] - [009-07-1 17:16] - 009160 ____A (Microsoft Corporation) C:\Windows\SysWOW6\sechost.dll
[010-11-0 19:] - [010-11-0 19:] - 19005 ____A (Microsoft Corporation) C:\Windows\System\Setupapi.dll
[010-11-0 19:] - [010-11-0 19:] - 166758 ____A (Microsoft Corporation) C:\Windows\SysWOW6\Setupapi.dll
[01-0-15 00:15] - [01-01-0 0:] - 11767 ____A (Microsoft Corporation) C:\Windows\System\SHELL.dll
[01-0-15 00:15] - [01-01-0 00:59] - 18770 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHELL.dll
[010-11-0 19:] - [010-11-0 19:] - 0851 ____A (Microsoft Corporation) C:\Windows\System\SHLWAPI.dll
[010-11-0 19:] - [010-11-0 19:] - 05008 ____A (Microsoft Corporation) C:\Windows\SysWOW6\SHLWAPI.dll
[01-06-1 1:9] - [01-05-17 17:59] - 1608 ____A (Microsoft Corporation) C:\Windows\System\URLMON.dll
[01-06-1 1:9] - [01-05-17 1:6] - 11087 ____A (Microsoft Corporation) C:\Windows\SysWOW6\URLMON.dll
[010-11-0 19:] - [010-11-0 19:] - 100818 ____A (Microsoft Corporation) C:\Windows\System\user.dll
[010-11-0 19:] - [010-11-0 19:] - 080 ____A (Microsoft Corporation) C:\Windows\SysWOW6\user.dll
[010-11-0 19:] - [010-11-0 19:] - 080056 ____A (Microsoft Corporation) C:\Windows\System\USP10.dll
[010-11-0 19:] - [010-11-0 19:] - 066176 ____A (Microsoft Corporation) C:\Windows\SysWOW6\USP10.dll
[01-06-1 1:9] - [01-05-17 17:59] - 1918 ____A (Microsoft Corporation) C:\Windows\System\WININET.dll
[01-06-1 1:9] - [01-05-17 1:5] - 1197 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WININET.dll
[010-11-0 19:] - [010-11-0 19:] - 018 ____A (Microsoft Corporation) C:\Windows\System\WLDAP.dll
[010-11-0 19:] - [010-11-0 19:] - 0698 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WLDAP.dll
[010-11-0 19:] - [010-11-0 19:] - 09798 ____A (Microsoft Corporation) C:\Windows\System\WS_.dll
[010-11-0 19:] - [010-11-0 19:] - 00688 ____A (Microsoft Corporation) C:\Windows\SysWOW6\WS_.dll
[009-07-1 15:7] - [009-07-1 17:0] - 0500 ____A (Microsoft Corporation) C:\Windows\System\DifxApi.dll
[009-07-1 15:16] - [009-07-1 17:15] - 01590 ____A (Microsoft Corporation) C:\Windows\SysWOW6\DifxApi.dll

========================= Bamital & volsnap Check ============

C:\Windows\System\winlogon.exe => MD5 is legit
C:\Windows\System\wininit.exe => MD5 is legit
C:\Windows\SysWOW6\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW6\explorer.exe => MD5 is legit
C:\Windows\System\svchost.exe => MD5 is legit
C:\Windows\SysWOW6\svchost.exe => MD5 is legit
C:\Windows\System\services.exe => MD5 is legit
C:\Windows\System\User.dll => MD5 is legit
C:\Windows\SysWOW6\User.dll => MD5 is legit
C:\Windows\System\userinit.exe => MD5 is legit
C:\Windows\SysWOW6\userinit.exe => MD5 is legit
C:\Windows\System\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: “%1” %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3946.73 MB
Available physical RAM: 3194.53 MB
Total Pagefile: 3944.93 MB
Available Pagefile: 3193.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:286.9 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:0.73 GB) NTFS
4 Drive g: () (Removable) (Total:1.86 GB) (Free:1.8 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status       Size   Free   Dyn Gpt
——————————- ———- ———- —- —-
  Disk 0   Online       465 GB     0 B      
  Disk 1   Online       1900 MB     0 B      

Partitions of Disk 0:
===============

  Partition ###  Type         Size   Offset
——————- ———————————- ———-
  Partition 1   Recovery         15 GB 1024 KB
  Partition 2   Primary         100 MB   15 GB
  Partition 3   Primary         450 GB   15 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

  Volume ###  Ltr Label     Fs   Type     Size   Status   Info
——————- —————- ——- ————————- ————- ————
* Volume 3   E   PQSERVICE   NTFS   Partition   15 GB Healthy   Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

  Volume ###  Ltr Label     Fs   Type     Size   Status   Info
——————- —————- ——- ————————- ————- ————
* Volume 1   Y   SYSTEM RESE NTFS   Partition   100 MB Healthy        

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

  Volume ###  Ltr Label     Fs   Type     Size   Status   Info
——————- —————- ——- ————————- ————- ————
* Volume 2   C   Acer       NTFS   Partition   450 GB Healthy        

==================================================================================

Partitions of Disk 1:
===============

  Partition ###  Type         Size   Offset
——————- ———————————- ———-
  Partition 1   Primary       1899 MB   16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

  Volume ###  Ltr Label     Fs   Type     Size   Status   Info
——————- —————- ——- ————————- ————- ————
* Volume 4   G           FAT   Removable   1899 MB Healthy        

==================================================================================

==========================================================

Last Boot: 2012-07-07 23:14

======================= End Of Log ==========================

Hej
Vi har også fået det samme problem på computeren.
Øv

Men godt der er hjælpsomme mennesker herinde

Hvordan foregår det?
Kan man mon se hvordan det skal løses i emeritus svar til kimsen, eller angriber sådan en virus forskellige computere på forskellige måder?

Jeg følger spændt med.

tak folkens

Hej Aarhus - hvor jeg ogsaa selv kommer fra, bare i UK lige nu,

er sikker paa Emeritus kan trylle. Jeg har foer faaet fantastisk hjaelp af disse folk. De er saa dygtige. Men du skal nok aabne din egen traad, saa der bliver kigget paa dine data.
Hilsen
Kim

Vi håber det bedste        

Jeg vedhæfter Fixlist.txt. Gem den på din USB nøgle.

Start PCen op med Kommando prompt. (Som før)

Ved Kommando prompten starter du FRST (Farbar Recovery Scan Tool) og klikker på FIX (og venter til den er færdig)

Den laver Fixlog.txt, som du skal kopiere herind i dit næste indlæg.

Luk Farbar Recovery Scan Tool, og genstart PCen.

Hent Combofix, og gem den på dit skrivebord:
Her

NB -> Deaktiver dit antivirus/antispyware program. Da det/de kan ”forstyrre” og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse.

Kør så combofix.exe, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan også findes her - > C: combofix txt

spændende. ok tak for rådene . jeg prøver at oprette en tråd selv.

Håber det giver held.

Thanks

Hej Emeritus,

her er Fixlog’en:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 10-07-2012
Ran by SYSTEM at 2012-07-12 01:38:56 Run:1
Running from G:\

==============================================

C:\ProgramData\pgfagftp.exe moved successfully.
C:\Users\Kim\0.6190951891565.exe not found.
C:\Users\All Users\pgfagftp.exe not found.
C:\Users\All Users\cdbtnjvlfbqpugu moved successfully.

==== End of Fixlog ====

...og her er combofix.txt’en:

ComboFix 12-07-11.03 - Kim 12-07-2012   2:20.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.45.1033.18.3947.2294 [GMT 2:00]
Kører fra: c:\users\Kim\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kim\0.6244190951891565.exe
c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{30AD120C-78AA-4F41-9FC7-0E80CD2CB317}.xps
c:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\{70DEB340-E94F-4A8E-A434-562AE2BAB900}.xps
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-06-12 til 2012-07-12 )))))))))))))))))))))))))))))))))))
.
.
2012-07-12 00:50 . 2012-07-12 00:50   ————  d——-w-  c:\users\DefaultAppPool\AppData\Local\temp
2012-07-12 00:50 . 2012-07-12 00:50   ————  d——-w-  c:\users\Default\AppData\Local\temp
2012-07-12 00:50 . 2012-07-12 00:50   ————  d——-w-  c:\users\Classic .NET AppPool\AppData\Local\temp
2012-07-11 23:51 . 2012-05-31 04:04   9013136   ——a-w-  c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51F5B5CF-3C56-469A-B887-BB1B89F9F994}\mpengine.dll
2012-07-11 15:18 . 2012-07-11 15:18   ————  d——-w-  C:\FRST
2012-07-10 19:37 . 2012-07-10 19:37   ————  d——-w-  c:\programdata\wjbmmjcuxnegisg
2012-07-09 20:12 . 2012-05-31 04:04   9013136   ——a-w-  c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-06 10:32 . 2010-02-23 08:16   294912   ——a-w-  c:\windows\system32\browserchoice.exe
2012-07-04 05:01 . 2012-02-10 13:31   927800   ———w-  c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50E9D312-9054-413E-815F-E173086DC05F}\gapaengine.dll
2012-07-02 19:10 . 2012-07-02 19:18   ————  d——-w-  c:\programdata\B7E858A7000026A300013B93B4EB2367
2012-06-25 05:47 . 2012-06-25 05:47   ————  d——-w-  c:\windows\PCHEALTH
2012-06-19 04:10 . 2012-06-02 22:19   2428952   ——a-w-  c:\windows\system32\wuaueng.dll
2012-06-19 04:10 . 2012-06-02 22:19   57880   ——a-w-  c:\windows\system32\wuauclt.exe
2012-06-19 04:10 . 2012-06-02 22:19   44056   ——a-w-  c:\windows\system32\wups2.dll
2012-06-19 04:10 . 2012-06-02 22:15   2622464   ——a-w-  c:\windows\system32\wucltux.dll
2012-06-19 04:09 . 2012-06-02 22:19   38424   ——a-w-  c:\windows\system32\wups.dll
2012-06-19 04:09 . 2012-06-02 22:19   701976   ——a-w-  c:\windows\system32\wuapi.dll
2012-06-19 04:09 . 2012-06-02 22:15   99840   ——a-w-  c:\windows\system32\wudriver.dll
2012-06-19 04:09 . 2012-06-02 13:19   186752   ——a-w-  c:\windows\system32\wuwebv.dll
2012-06-19 04:09 . 2012-06-02 13:15   36864   ——a-w-  c:\windows\system32\wuapp.exe
2012-06-14 17:05 . 2012-05-04 11:06   5559664   ——a-w-  c:\windows\system32\ntoskrnl.exe
2012-06-14 17:05 . 2012-05-04 10:03   3968368   ——a-w-  c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 17:05 . 2012-05-04 10:03   3913072   ——a-w-  c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 11:03 . 2012-04-07 12:31   3216384   ——a-w-  c:\windows\system32\msi.dll
2012-06-14 11:03 . 2012-04-07 11:26   2342400   ——a-w-  c:\windows\SysWow64\msi.dll
2012-06-14 11:02 . 2012-04-24 05:37   1462272   ——a-w-  c:\windows\system32\crypt32.dll
2012-06-14 11:02 . 2012-04-24 05:37   184320   ——a-w-  c:\windows\system32\cryptsvc.dll
2012-06-14 11:02 . 2012-04-24 05:37   140288   ——a-w-  c:\windows\system32\cryptnet.dll
2012-06-14 11:02 . 2012-04-24 04:36   140288   ——a-w-  c:\windows\SysWow64\cryptsvc.dll
2012-06-14 11:02 . 2012-04-24 04:36   1158656   ——a-w-  c:\windows\SysWow64\crypt32.dll
2012-06-14 11:02 . 2012-04-24 04:36   103936   ——a-w-  c:\windows\SysWow64\cryptnet.dll
2012-06-14 10:38 . 2012-05-15 01:32   3146752   ——a-w-  c:\windows\system32\win32k.sys
2012-06-14 10:00 . 2012-04-28 03:55   210944   ——a-w-  c:\windows\system32\drivers\rdpwd.sys
2012-06-14 09:31 . 2012-04-26 05:41   77312   ——a-w-  c:\windows\system32\rdpwsx.dll
2012-06-14 09:31 . 2012-04-26 05:41   149504   ——a-w-  c:\windows\system32\rdpcorekmts.dll
2012-06-14 09:31 . 2012-04-26 05:34   9216   ——a-w-  c:\windows\system32\rdrmemptylst.exe
2012-06-14 09:21 . 2012-05-01 05:40   209920   ——a-w-  c:\windows\system32\profsvc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@=”{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ——a-w-  c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@=”{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ——a-w-  c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@=”{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ——a-w-  c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“gStart”=“c:\program files (x86)\Garmin\Training Center\gStart.exe” [2008-08-13 1891416]
“Skype”=“c:\program files (x86)\Skype\Phone\Skype.exe” [2012-07-03 17417392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
“SuiteTray”=“c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe” [2011-04-02 340848]
“EgisTecPMMUpdate”=“c:\program files (x86)\EgisTec IPS\PmmUpdate.exe” [2011-03-29 408432]
“EgisUpdate”=“c:\program files (x86)\EgisTec IPS\EgisUpdate.exe” [2011-03-29 202608]
“BackupManagerTray”=“c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe” [2011-04-24 297280]
“LManager”=“c:\program files (x86)\Launch Manager\LManager.exe” [2011-07-01 1103440]
“Dolby Advanced Audio v2”=“c:\dolby pcee4\pcee4.exe” [2011-02-03 506712]
“ArcadeMovieService”=“c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe” [2011-05-09 177448]
“Google Desktop Search”=“c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe” [2011-10-04 30192]
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2011-06-09 254696]
“Samsung PanelMgr”=“c:\windows\Samsung\PanelMgr\SSMMgr.exe” [2010-06-07 618496]
“CLX3180_Scan2Pc”=“c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe” [2011-04-29 1990144]
“3180 Scan2PC”=“c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe” [2011-04-29 1990144]
“APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe” [2011-09-27 59240]
“iTunesHelper”=“c:\program files (x86)\iTunes\iTunesHelper.exe” [2011-11-12 421736]
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“IsMyWinLockerReboot”=“msiexec.exe” [2010-11-21 73216]
.
c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
“PromptOnSecureDesktop”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\windows\SysWOW64\nvinit.dll c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=”“
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=“Service”
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GoogleDesktopManager-051210-111108;Google Desktop-administrator 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-10-04 30192]
R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-10-29 326760]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-05 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-17 313696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-30 25960]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-08-16 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-08-16 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-08-16 62776]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-06-17 210784]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-30 2009704]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-13 11576]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
.
.
—- Andre Services/Drivers i Hukommelsen—-
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs   REG_MULTI_SZ     w3svc was
apphost   REG_MULTI_SZ     apphostsvc
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 09:48]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 09:48]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868354298-1189698340-2338035166-1001Core.job
- c:\users\Kim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20 12:27]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868354298-1189698340-2338035166-1001UA.job
- c:\users\Kim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20 12:27]
.
.
————- X64 Entries—————-
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@=”{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ——a-w-  c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@=”{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ——a-w-  c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@=”{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ——a-w-  c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@=”{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ——a-w-  c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2010-12-30 167960]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2010-12-30 391704]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2010-12-30 418328]
“IntelTBRunOnce”=“wscript.exe” [2009-07-14 168960]
“RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe” [2011-06-09 11860072]
“RtHDVBg”=“c:\program files\Realtek\Audio\HDA\RAVBg64.exe” [2011-06-03 2226280]
“Power Management”=“c:\program files\Acer\Acer ePower Management\ePowerTray.exe” [2011-05-10 1831528]
“BCSSync”=“c:\program files\Microsoft Office\Office14\BCSSync.exe” [2010-03-13 112512]
“MSC”=“c:\program files\Microsoft Security Client\msseces.exe” [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“LoadAppInit_DLLs”=0x1
“AppInit_DLLs”=c:\windows\System32\nvinitx.dll
.
———- Yderligere scanning———-
.
uStart Page = hxxp://mit.tdc.dk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver; - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport; to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd; to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: Interfaces\{A30C4890-EE8F-4BCE-9FFC-559DDED3BB72}: NameServer = 194.239.134.83 193.162.153.164
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-pgfagftpcslzcrg - c:\programdata\pgfagftp.exe
Wow6432Node-HKLM-Run-pgfagftpcslzcrg - c:\programdata\pgfagftp.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Import - c:\windows\system32\javaws.exe
.
.
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=”@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
“Enabled”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx”
“ThreadingModel”=“Apartment”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@=“0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@=“ShockwaveFlash.ShockwaveFlash.10”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@=“1.0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=“ShockwaveFlash.ShockwaveFlash”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx”
“ThreadingModel”=“Apartment”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@=“FlashFactory.FlashFactory.1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@=“1.0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=“FlashFactory.FlashFactory”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@=”{00020424-0000-0000-C000-000000000046}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
[HKEY_LOCAL_MACHINE\software\McAfee]
“SymbolicLinkValue”=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
————————————Andre kørende processer————————————
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Gennemført tid: 2012-07-12 02:58:40 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-07-12 00:58
.
Pre-Kørsel: 308.368.949.248 bytes free
Post-Kørsel: 313.269.116.928 bytes free
.
- - End Of File - - 6ECD27C649F2131B1E2F588CCE7EFAA4

Nu er det ikke sikkert, at vi er færdige, men jeg er meget imponeret over - og ikke mindst meget taknemmelig for - at jeg nu igen kan bruge min computer.

I kan altså noget helt unikt, som vi andre brugere ikke har en chance for at klare

Tak for roserne    

Nej, vi er ikke helt færdige endnu.

Kopiér indholdet mellem de bølgede linier ind i et notepad/notesblok-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Snapshot::
Folder::
c:\programdata\wjbmmjcuxnegisg
Dirlook::
c:\programdata\B7E858A7000026A300013B93B4EB2367
ClearJavaCache::
SecCenter::

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den CFScript filen med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen, som vist her ->
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Send så en ny combofix log herind. Den kan findes her - C:\combofix

Og nu vi er i gang, foreslår jeg at der bliver kørt et ekstra tjek for at se om der er andre infektioner på computeren.

Hent og installer Ccleaner: Her
Klik på Download Latest Version

Fjern flueben ved -  Installer Yahoo toolbar

Når du åbner programmet for første gang, vil der være flueben i alle felter.
Hvis du ønsker at bevare cookies, kan du fjerne dette flueben.

Klik på Kør Cleaner, for at få renset din computer.

Du vil nu få en advarsel, om at disse filer slettes fuldstændigt fra dit system, og om du ønsker at fortsætte. Klik på Ok for at svare ja til det. Sæt flueben ved ->  Vis mig ikke denne besked igen.

Genstart.

Hent Malwarebytes Anti-Malware:
Her
Installer programmet - NB, du skal sørge for at der er et flueben placeret ved siden af Update Malwarebytes ‘Anti-Malware og Launch Malwarebytes’ Anti-Malware, og klik derefter på Udfør. .
Herefter åbner et vindue, hvor du skal flytte prikken til “Kør et fuldstændigt systemscan” - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på “Vis resultater” knappen efter scanningen - og herefter tryk på “Fjern det valgte” - nu åbnes log’en og du skal gemme den et sted, hvor du kan finde den igen.

NB Hvis Malwarebytes Anti-Malware vil genstarte computeren for at fuldføre rensningen så lad den genstarte.

Hent nyeste version af HijackThis ned til skrivebordet:
Her
2. Dobbeltklik på installationsfilen, og følg installationsvejledningen.
3. Dobbeltklik på det nye HijackThis ikon på skrivebordet.
4. På menuen der kommer op, klikker du på: Do a systemscan and save a logfile.
5. Efter et kort øjeblik åbner en logfil i notesblok, gem den.
5. Sådan kopieres loggen ind i et spørgsmål:
Mens loggen er åben, markeres al teksten med tastekombinationen CTRL + A.
For at kopiere den markerede tekst bruges tastekombinationen CTRL + C, som ”fastgør” det i udklipsholderen i Windows. Gå så ind i dit spørgsmål og klik på kommentér knappen. Her indsættes det kopierede i det hvide felt med tastekombinationen CTRL + V.

Send så hijackthis loggen herind, sammen med malwarebyte loggen.

Hej Emeritus,

her er combofix’en:

ComboFix 12-07-11.03 - Kim 14-07-2012   0:27.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.45.1033.18.3947.2146 [GMT 2:00]
Kører fra: c:\users\Kim\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Kim\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\wjbmmjcuxnegisg
c:\programdata\wjbmmjcuxnegisg\btn-green.png
c:\programdata\wjbmmjcuxnegisg\corners-btn.png
c:\programdata\wjbmmjcuxnegisg\corners1.png
c:\programdata\wjbmmjcuxnegisg\corners2.png
c:\programdata\wjbmmjcuxnegisg\corners3.png
c:\programdata\wjbmmjcuxnegisg\corners4.png
c:\programdata\wjbmmjcuxnegisg\ie6-7.css
c:\programdata\wjbmmjcuxnegisg\jquery.main.js
c:\programdata\wjbmmjcuxnegisg\main.html
c:\programdata\wjbmmjcuxnegisg\McAfee.png
c:\programdata\wjbmmjcuxnegisg\pay20.png
c:\programdata\wjbmmjcuxnegisg\pay21.png
c:\programdata\wjbmmjcuxnegisg\pay23.png
c:\programdata\wjbmmjcuxnegisg\steps-en.png
c:\programdata\wjbmmjcuxnegisg\style.css
c:\programdata\wjbmmjcuxnegisg\tabs.png
c:\programdata\wjbmmjcuxnegisg\uk-flag.png
c:\programdata\wjbmmjcuxnegisg\uk-image.png
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-06-13 til 2012-07-13 )))))))))))))))))))))))))))))))))))
.
.
2012-07-13 22:34 . 2012-07-13 22:34   ————  d——-w-  c:\users\UpdatusUser\AppData\Local\temp
2012-07-13 22:34 . 2012-07-13 22:34   ————  d——-w-  c:\users\DefaultAppPool\AppData\Local\temp
2012-07-13 22:34 . 2012-07-13 22:34   ————  d——-w-  c:\users\Default\AppData\Local\temp
2012-07-13 22:34 . 2012-07-13 22:34   ————  d——-w-  c:\users\Classic .NET AppPool\AppData\Local\temp
2012-07-13 22:34 . 2012-07-13 22:34   ————  d——-w-  c:\users\ASP.NET v4.0\AppData\Local\temp
2012-07-13 05:45 . 2012-05-31 04:04   9013136   ——a-w-  c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B08A95E-D3B7-4C78-B618-8126B2C24837}\mpengine.dll
2012-07-12 01:07 . 2012-06-12 03:08   3148800   ——a-w-  c:\windows\system32\win32k.sys
2012-07-12 01:00 . 2012-06-02 12:07   887296   ——a-w-  c:\program files\Internet Explorer\iedvtool.dll
2012-07-12 01:00 . 2012-06-02 12:06   499200   ——a-w-  c:\program files\Internet Explorer\jsdbgui.dll
2012-07-12 01:00 . 2012-06-02 08:27   678912   ——a-w-  c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-07-12 01:00 . 2012-06-02 08:26   387584   ——a-w-  c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-07-11 15:18 . 2012-07-11 15:18   ————  d——-w-  C:\FRST
2012-07-06 10:32 . 2010-02-23 08:16   294912   ——a-w-  c:\windows\system32\browserchoice.exe
2012-07-04 05:01 . 2012-02-10 13:31   927800   ———w-  c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50E9D312-9054-413E-815F-E173086DC05F}\gapaengine.dll
2012-07-02 19:10 . 2012-07-02 19:18   ————  d——-w-  c:\programdata\B7E858A7000026A300013B93B4EB2367
2012-06-25 05:47 . 2012-06-25 05:47   ————  d——-w-  c:\windows\PCHEALTH
2012-06-19 04:10 . 2012-06-02 22:19   2428952   ——a-w-  c:\windows\system32\wuaueng.dll
2012-06-19 04:10 . 2012-06-02 22:19   57880   ——a-w-  c:\windows\system32\wuauclt.exe
2012-06-19 04:10 . 2012-06-02 22:19   44056   ——a-w-  c:\windows\system32\wups2.dll
2012-06-19 04:10 . 2012-06-02 22:15   2622464   ——a-w-  c:\windows\system32\wucltux.dll
2012-06-19 04:09 . 2012-06-02 22:19   38424   ——a-w-  c:\windows\system32\wups.dll
2012-06-19 04:09 . 2012-06-02 22:19   701976   ——a-w-  c:\windows\system32\wuapi.dll
2012-06-19 04:09 . 2012-06-02 22:15   99840   ——a-w-  c:\windows\system32\wudriver.dll
2012-06-19 04:09 . 2012-06-02 13:19   186752   ——a-w-  c:\windows\system32\wuwebv.dll
2012-06-19 04:09 . 2012-06-02 13:15   36864   ——a-w-  c:\windows\system32\wuapp.exe
2012-06-14 17:05 . 2012-05-04 11:06   5559664   ——a-w-  c:\windows\system32\ntoskrnl.exe
2012-06-14 17:05 . 2012-05-04 10:03   3968368   ——a-w-  c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 17:05 . 2012-05-04 10:03   3913072   ——a-w-  c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 11:03 . 2012-04-07 12:31   3216384   ——a-w-  c:\windows\system32\msi.dll
2012-06-14 11:03 . 2012-04-07 11:26   2342400   ——a-w-  c:\windows\SysWow64\msi.dll
2012-06-14 11:02 . 2012-04-24 05:37   1462272   ——a-w-  c:\windows\system32\crypt32.dll
2012-06-14 11:02 . 2012-04-24 05:37   184320   ——a-w-  c:\windows\system32\cryptsvc.dll
2012-06-14 11:02 . 2012-04-24 05:37   140288   ——a-w-  c:\windows\system32\cryptnet.dll
2012-06-14 11:02 . 2012-04-24 04:36   140288   ——a-w-  c:\windows\SysWow64\cryptsvc.dll
2012-06-14 11:02 . 2012-04-24 04:36   1158656   ——a-w-  c:\windows\SysWow64\crypt32.dll
2012-06-14 11:02 . 2012-04-24 04:36   103936   ——a-w-  c:\windows\SysWow64\cryptnet.dll
2012-06-14 10:00 . 2012-04-28 03:55   210944   ——a-w-  c:\windows\system32\drivers\rdpwd.sys
2012-06-14 09:31 . 2012-04-26 05:41   77312   ——a-w-  c:\windows\system32\rdpwsx.dll
2012-06-14 09:31 . 2012-04-26 05:41   149504   ——a-w-  c:\windows\system32\rdpcorekmts.dll
2012-06-14 09:31 . 2012-04-26 05:34   9216   ——a-w-  c:\windows\system32\rdrmemptylst.exe
2012-06-14 09:21 . 2012-05-01 05:40   209920   ——a-w-  c:\windows\system32\profsvc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
——Directory of c:\programdata\B7E858A7000026A300013B93B4EB2367——
.
2012-07-02 19:10 . 2012-07-02 19:14   848   ——a-w-  c:\programdata\B7E858A7000026A300013B93B4EB2367\B7E858A7000026A300013B93B4EB2367
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@=”{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ——a-w-  c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@=”{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ——a-w-  c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@=”{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ——a-w-  c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“gStart”=“c:\program files (x86)\Garmin\Training Center\gStart.exe” [2008-08-13 1891416]
“Skype”=“c:\program files (x86)\Skype\Phone\Skype.exe” [2012-07-03 17417392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
“SuiteTray”=“c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe” [2011-04-02 340848]
“EgisTecPMMUpdate”=“c:\program files (x86)\EgisTec IPS\PmmUpdate.exe” [2011-03-29 408432]
“EgisUpdate”=“c:\program files (x86)\EgisTec IPS\EgisUpdate.exe” [2011-03-29 202608]
“BackupManagerTray”=“c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe” [2011-04-24 297280]
“LManager”=“c:\program files (x86)\Launch Manager\LManager.exe” [2011-07-01 1103440]
“Dolby Advanced Audio v2”=“c:\dolby pcee4\pcee4.exe” [2011-02-03 506712]
“ArcadeMovieService”=“c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe” [2011-05-09 177448]
“Google Desktop Search”=“c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe” [2011-10-04 30192]
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2011-06-09 254696]
“Samsung PanelMgr”=“c:\windows\Samsung\PanelMgr\SSMMgr.exe” [2010-06-07 618496]
“CLX3180_Scan2Pc”=“c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe” [2011-04-29 1990144]
“3180 Scan2PC”=“c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe” [2011-04-29 1990144]
“APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe” [2011-09-27 59240]
“iTunesHelper”=“c:\program files (x86)\iTunes\iTunesHelper.exe” [2011-11-12 421736]
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“IsMyWinLockerReboot”=“msiexec.exe” [2010-11-21 73216]
.
c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
“PromptOnSecureDesktop”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\windows\SysWOW64\nvinit.dll c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=”“
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=“Service”
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-04-02 173424]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 GoogleDesktopManager-051210-111108;Google Desktop-administrator 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-10-04 30192]
R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-10-29 326760]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-05 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-17 313696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-30 25960]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-08-16 22648]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-08-16 20520]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-08-16 62776]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-06-17 210784]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-30 2009704]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-13 11576]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs   REG_MULTI_SZ     w3svc was
apphost   REG_MULTI_SZ     apphostsvc
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 09:48]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 09:48]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868354298-1189698340-2338035166-1001Core.job
- c:\users\Kim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20 12:27]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868354298-1189698340-2338035166-1001UA.job
- c:\users\Kim\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-20 12:27]
.
.
————- X64 Entries—————-
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@=”{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ——a-w-  c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@=”{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ——a-w-  c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@=”{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ——a-w-  c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@=”{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ——a-w-  c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2010-12-30 167960]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2010-12-30 391704]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2010-12-30 418328]
“IntelTBRunOnce”=“wscript.exe” [2009-07-14 168960]
“SynTPEnh”=“c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe” [BU]
“RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe” [2011-06-09 11860072]
“RtHDVBg”=“c:\program files\Realtek\Audio\HDA\RAVBg64.exe” [2011-06-03 2226280]
“Power Management”=“c:\program files\Acer\Acer ePower Management\ePowerTray.exe” [2011-05-10 1831528]
“BCSSync”=“c:\program files\Microsoft Office\Office14\BCSSync.exe” [2010-03-13 112512]
“MSC”=“c:\program files\Microsoft Security Client\msseces.exe” [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLs”=c:\windows\System32\nvinitx.dll
.
———- Yderligere scanning———-
.
uStart Page = hxxp://mit.tdc.dk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver; - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport; to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd; to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=”@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
“Enabled”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx”
“ThreadingModel”=“Apartment”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@=“0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@=“ShockwaveFlash.ShockwaveFlash.10”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@=“1.0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=“ShockwaveFlash.ShockwaveFlash”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx”
“ThreadingModel”=“Apartment”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@=“FlashFactory.FlashFactory.1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@=“1.0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=“FlashFactory.FlashFactory”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@=”{00020424-0000-0000-C000-000000000046}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
[HKEY_LOCAL_MACHINE\software\McAfee]
“SymbolicLinkValue”=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
————————————Andre kørende processer————————————
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Gennemført tid: 2012-07-14 00:42:39 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-07-13 22:42
ComboFix2.txt 2012-07-12 00:58
.
Pre-Kørsel: 313.553.793.024 bytes free
Post-Kørsel: 313.417.314.304 bytes free
.
- - End Of File - - FA4A6D52BFA44BA025CEFB5D974CA899

Fint, så mangler jeg loggene fra malwarebyte og hijackthis…..........

Hej Emeritius,

jeg kan ikke se mit eget svar til dig, saa jeg ved ikke, om det kom igennem, derfor proever jeg igen….

Du var til stor hjaelp i sommers, men nu har jeg desvaerre igen faaet samme problem, hvor nogen - denne gang paa dansk - har haft held til at laase min computer og kun mod betaling vil laase den op igen. Det er naturligvis fup og svindel. Jeg haaber du kan hjaelpe. Jeg kender jo steps’ene fra i sommers, saa her er resultatet af FRST scanningen:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2013
Ran by SYSTEM at 20-01-2013 14:35:10
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo “C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs” [4526 2010-11-29] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11860072 2011-06-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2226280 2011-06-02] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [BCSSync] “C:\Program Files\Microsoft Office\Office14\BCSSync.exe” /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] “c:\Program Files\Microsoft Security Client\msseces.exe” -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [SuiteTray] “C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe” [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] “C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe” [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] “C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe” -d [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] “C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe” -h -k [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] “C:\Dolby PCEE4\pcee4.exe” -autostart [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] “C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe” [177448 2011-05-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Google Desktop Search] “C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe” /startup [30192 2011-10-04] (Google)
HKLM-x32\...\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe” [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [618496 2010-06-07] ()
HKLM-x32\...\Run: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-28] ()
HKLM-x32\...\Run: [3180 Scan2PC] “C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe” [1990144 2011-04-28] ()
HKLM-x32\...\Run: [APSDaemon] “C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe” [59240 2011-09-26] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] “C:\Program Files (x86)\iTunes\iTunesHelper.exe” [421736 2011-11-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [946352 2012-12-02] (Adobe Systems Incorporated)
HKU\AGR\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\ASP.NET v4.0\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Classic .NET AppPool\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\DefaultAppPool\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Kim\...\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\Kim\...\Run: [Google Update] “C:\Users\Kim\AppData\Local\Google\Update\GoogleUpdate.exe” /c [116648 2012-04-20] (Google Inc.)
HKU\Kim\...\Winlogon: [Shell] explorer.exe,C:\Users\Kim\AppData\Roaming\skype.dat [65536 2011-11-16] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
AppInit_DLLs: C:\Windows\System32\nvinitx.dll
Startup: C:\Users\Kim\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) ===================

3 GoogleDesktopManager-051210-111108; “C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe” [30192 2011-10-04] (Google)
2 HWDeviceService64.exe; “C:\ProgramData\DatacardService\HWDeviceService64.exe” -/service [346976 2011-03-14] ()
2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
2 MsDtsServer100; “C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe” [210784 2011-06-17] (Microsoft Corporation)
2 MsMpSvc; “C:\Program Files\Microsoft Security Client\MsMpEng.exe” [22072 2012-09-12] (Microsoft Corporation)
2 MSSQLSERVER; “C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe” -sMSSQLSERVER [62111072 2011-06-17] (Microsoft Corporation)
3 NisSrv; “C:\Program Files\Microsoft Security Client\NisSrv.exe” [368896 2012-09-12] (Microsoft Corporation)
2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
3 SQLSERVERAGENT; “C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE” -i MSSQLSERVER [431456 2011-06-17] (Microsoft Corporation)
2 TrueMove hi-speed connection. RunOuc; C:\Program Files (x86)\TrueMove hi-speed connection\UpdateDog\ouc.exe [655712 2011-08-23] ()
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)
3 wifimansvc; C:\Program Files (x86)\TrueMove hi-speed connection\eap\wifimansvc.exe [598528 2011-09-26] ()
3 MSSQLFDLauncher; “C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe” -s MSSQL10_50.MSSQLSERVER [x]

==================== Drivers (Whitelisted) =====================

2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [53816 2009-07-13] (Samsung Electronics Co., Ltd.)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2011-09-21] (CACE Technologies, Inc.)
3 NPF; C:\Windows\SysWow64\Drivers\NPF.sys [35344 2011-09-21] (CACE Technologies, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-01-17 08:16 - 2013-01-17 08:16 - 00509185 ____A C:\Users\Kim\Desktop\AGR screenshots.pptx
2013-01-17 08:12 - 2013-01-17 08:13 - 00236544 ____A C:\Users\Kim\Desktop\AGR screenshot.ppt
2013-01-16 12:46 - 2013-01-16 12:46 - 00013768 ____A C:\Users\Kim\Desktop\Book1.xlsx
2013-01-16 10:37 - 2013-01-16 10:57 - 00013444 ____A C:\Users\Kim\Desktop\Rest fakturering 2012 Nilec - KP.xlsx
2013-01-11 07:13 - 2013-01-14 08:24 - 00000000 ____D C:\Users\Kim\Desktop\New folder (2)
2013-01-09 13:39 - 2013-01-09 13:39 - 00012487 ____A C:\Users\Kim\Desktop\Costs december 2012 - Palmi.xlsx
2013-01-09 09:19 - 2013-01-17 02:10 - 00013177 ____A C:\Users\Kim\Desktop\Otsuka calendar JAN2013.xlsx
2013-01-09 06:22 - 2012-12-07 05:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-01-09 06:22 - 2012-12-07 05:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-01-09 06:22 - 2012-12-07 04:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-01-09 06:22 - 2012-12-07 04:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-01-09 06:22 - 2012-12-07 03:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-01-09 06:22 - 2012-12-07 03:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-01-09 06:22 - 2012-12-07 03:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-01-09 06:22 - 2012-12-07 03:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-01-09 06:22 - 2012-12-07 03:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-01-09 06:22 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-01-09 06:22 - 2012-12-07 03:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-01-09 06:22 - 2012-12-07 03:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-01-09 06:22 - 2012-12-07 03:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-01-09 06:22 - 2012-12-07 03:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-01-09 06:22 - 2012-12-07 03:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-01-09 06:22 - 2012-12-07 03:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-01-09 06:22 - 2012-12-07 03:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-01-09 06:22 - 2012-12-07 03:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-01-09 06:22 - 2012-12-07 02:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-01-09 06:22 - 2012-12-07 02:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-01-09 06:22 - 2012-12-07 02:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-01-09 06:22 - 2012-12-07 02:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-01-09 06:22 - 2012-12-07 02:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-01-09 06:22 - 2012-12-07 02:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-01-09 06:22 - 2012-12-07 02:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-01-09 06:22 - 2012-12-07 02:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-01-09 06:22 - 2012-12-07 02:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-01-09 06:22 - 2012-12-07 02:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-01-09 06:22 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-01-09 06:22 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-01-09 06:22 - 2012-12-07 02:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-01-09 06:22 - 2012-12-07 02:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-01-09 06:22 - 2012-11-21 21:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-01-09 06:22 - 2012-11-21 20:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-01-09 06:22 - 2012-11-19 21:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-01-09 06:22 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-01-09 06:22 - 2012-11-08 21:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-01-09 06:22 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-01-09 06:22 - 2012-10-31 21:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-01-09 06:22 - 2012-10-31 21:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-01-09 06:22 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-01-09 06:22 - 2012-10-31 20:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-01-09 06:21 - 2012-11-29 21:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-01-09 06:21 - 2012-11-29 21:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-01-09 06:21 - 2012-11-29 21:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-01-09 06:21 - 2012-11-29 21:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-01-09 06:21 - 2012-11-29 21:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-01-09 06:21 - 2012-11-29 21:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-01-09 06:21 - 2012-11-29 21:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:54 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-01-09 06:21 - 2012-11-29 20:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-01-09 06:21 - 2012-11-29 20:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 20:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 19:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-01-09 06:21 - 2012-11-29 18:44 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-01-09 06:21 - 2012-11-29 18:44 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-01-09 06:21 - 2012-11-29 18:44 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-01-09 06:21 - 2012-11-29 18:44 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-01-09 06:21 - 2012-11-29 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 06:21 - 2012-11-29 15:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-01-09 06:21 - 2012-11-29 15:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-01-09 06:21 - 2012-11-22 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-01-09 06:21 - 2012-11-22 19:13 - 00068608 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2013-01-07 00:06 - 2013-01-07 12:44 - 00000000 ____D C:\Users\Kim\Desktop\CPA
2012-12-21 05:32 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-21 05:32 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 05:32 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-21 05:32 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-21 02:10 - 2012-12-21 02:39 - 00013441 ____A C:\Users\Kim\Desktop\Rest fakturering 2012 Nilec.xlsx

==================== One Month Modified Files and Folders =======

2013-01-20 05:23 - 2013-01-20 05:04 - 00000004 ____A C:\Users\Kim\AppData\Roaming\skype.ini
2013-01-20 05:23 - 2011-09-19 11:52 - 01838960 ____A C:\Windows\WindowsUpdate.log
2013-01-20 05:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\inetsrv
2013-01-20 05:19 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-01-20 05:19 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-01-20 05:15 - 2012-06-11 01:48 - 00000926 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-01-20 05:13 - 2011-10-04 06:44 - 00000000 ____D C:\Users\Kim\AppData\Roaming\Dropbox
2013-01-20 05:11 - 2011-10-04 10:44 - 00000000 ____D C:\Users\All Users\clear.fi
2013-01-20 05:09 - 2011-10-04 06:47 - 00000000 ___RD C:\Users\Kim\Dropbox
2013-01-20 05:08 - 2012-06-11 01:48 - 00000922 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-01-20 05:07 - 2012-07-13 14:56 - 00056561 ____A C:\Windows\setupact.log
2013-01-20 05:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-01-20 05:00 - 2012-04-20 04:27 - 00000934 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868354298-1189698340-2338035166-1001UA.job
2013-01-20 04:34 - 2011-10-04 10:48 - 00000000 ____D C:\Users\Kim\AppData\Roaming\Skype
2013-01-20 04:27 - 2012-08-12 22:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-01-20 03:05 - 2009-07-13 21:13 - 00970790 ____A C:\Windows\System32\PerfStringBackup.INI
2013-01-18 14:00 - 2012-04-20 04:27 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2868354298-1189698340-2338035166-1001Core.job
2013-01-18 03:35 - 2011-10-05 22:16 - 00613731 ____A C:\Users\Kim\danid.log
2013-01-18 00:13 - 2011-11-03 02:59 - 00000000 ____D C:\Users\Kim\AppData\Local\CutePDF Writer
2013-01-17 08:27 - 2012-11-05 23:08 - 00000000 ____D C:\Users\Kim\Desktop\Kronans
2013-01-17 08:16 - 2013-01-17 08:16 - 00509185 ____A C:\Users\Kim\Desktop\AGR screenshots.pptx
2013-01-17 08:13 - 2013-01-17 08:12 - 00236544 ____A C:\Users\Kim\Desktop\AGR screenshot.ppt
2013-01-17 02:10 - 2013-01-09 09:19 - 00013177 ____A C:\Users\Kim\Desktop\Otsuka calendar JAN2013.xlsx
2013-01-16 12:46 - 2013-01-16 12:46 - 00013768 ____A C:\Users\Kim\Desktop\Book1.xlsx
2013-01-16 10:57 - 2013-01-16 10:37 - 00013444 ____A C:\Users\Kim\Desktop\Rest fakturering 2012 Nilec - KP.xlsx
2013-01-14 08:24 - 2013-01-11 07:13 - 00000000 ____D C:\Users\Kim\Desktop\New folder (2)
2013-01-11 13:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-01-10 07:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-01-10 04:35 - 2012-09-12 08:16 - 00000000 ____D C:\Users\Kim\AppData\Local\join.me
2013-01-09 23:32 - 2009-07-13 20:45 - 04986544 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-09 23:15 - 2011-10-04 06:29 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-09 23:14 - 2011-10-04 11:00 - 00956702 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-01-09 23:08 - 2011-10-04 05:20 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-09 13:39 - 2013-01-09 13:39 - 00012487 ____A C:\Users\Kim\Desktop\Costs december 2012 - Palmi.xlsx
2013-01-09 09:54 - 2012-08-14 01:37 - 00010286 ____A C:\Windows\PFRO.log
2013-01-09 06:28 - 2012-08-12 22:16 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-01-09 06:28 - 2011-08-15 23:27 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-01-07 22:31 - 2012-12-20 09:21 - 00015795 ____A C:\Users\Kim\Desktop\JCH bonusmodel.xlsx
2013-01-07 12:44 - 2013-01-07 00:06 - 00000000 ____D C:\Users\Kim\Desktop\CPA
2013-01-06 23:22 - 2012-11-18 09:45 - 00000000 ____D C:\Users\Kim\Desktop\Anja kontrakt
2013-01-02 19:58 - 2011-10-04 06:47 - 00001013 ____A C:\Users\Kim\Desktop\Dropbox.lnk
2012-12-21 02:39 - 2012-12-21 02:10 - 00013441 ____A C:\Users\Kim\Desktop\Rest fakturering 2012 Nilec.xlsx

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: “%1” %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-21 05:32:42
Restore point made on: 2012-12-24 07:56:51
Restore point made on: 2012-12-28 02:52:00
Restore point made on: 2013-01-02 17:48:20
Restore point made on: 2013-01-06 08:17:39
Restore point made on: 2013-01-09 23:00:09
Restore point made on: 2013-01-13 22:32:13
Restore point made on: 2013-01-17 23:28:20

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3946.73 MB
Available physical RAM: 3198.79 MB
Total Pagefile: 3944.93 MB
Available Pagefile: 3193.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:255.72 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:0.73 GB) NTFS
4 Drive g: () (Removable) (Total:1.87 GB) (Free:1.41 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status       Size   Free   Dyn Gpt
——————————- ———- ———- —- —-
  Disk 0   Online       465 GB     0 B      
  Disk 1   Online       1911 MB     0 B      

Partitions of Disk 0:
===============

  Partition ###  Type         Size   Offset
——————- ———————————- ———-
  Partition 1   Recovery         15 GB 1024 KB
  Partition 2   Primary         100 MB   15 GB
  Partition 3   Primary         450 GB   15 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

  Volume ###  Ltr Label     Fs   Type     Size   Status   Info
——————- —————- ——- ————————- ————- ————
* Volume 3   E   PQSERVICE   NTFS   Partition   15 GB Healthy   Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

  Volume ###  Ltr Label     Fs   Type     Size   Status   Info
——————- —————- ——- ————————- ————- ————
* Volume 1   Y   SYSTEM RESE NTFS   Partition   100 MB Healthy        

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

  Volume ###  Ltr Label     Fs   Type     Size   Status   Info
——————- —————- ——- ————————- ————- ————
* Volume 2   C   Acer       NTFS   Partition   450 GB Healthy        

=========================================================

Partitions of Disk 1:
===============

  Partition ###  Type         Size   Offset
——————- ———————————- ———-
  Partition 1   Primary       1910 MB   16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

  Volume ###  Ltr Label     Fs   Type     Size   Status   Info
——————- —————- ——- ————————- ————- ————
* Volume 4   G           FAT   Removable   1910 MB Healthy        

=========================================================

Last Boot: 2013-01-16 11:37

==================== End Of Log =============================

Ser ud til at jeg har samme problem som claus_f.
Skal jeg bare foelge hans steps?

Mvh
Kimsen

Er det bedst, at jeg aabner dette i en ny traad?