Mistet netværksadresse efter trojaner rensning.
  strato
Antal indlæg: 84

Hej!

Efter en onlinescan med Superantispyware, som fandt 6 trojanere og fjernede dem, har jeg pludselig mistet min netværksadresse og kan derfor ikke komme på internettet. Computeren forsøger at hente en adresse, men der sker ikke noget.
Jeg kører xp proffesional (nedgraderet fra vista) med service pack 3, har AVG free og Malwarebytes installeret( de fandt intet ). Har prøvet systemgendannelse på flere datoer men det kan ikke lade sig gøre. Kan I evt. hjælpe? På forhånd tak.

Administrator
Antal indlæg: 8603

Hej smile

Kan du huske hvad SUPERAntiSpyware fandt question

———

Download OTL af OldTimer og gem den på dit skrivebord.

Start OTL

Øverst sætter du flueben i “Scan All Users

I boksen “Custom Scans/Fixes” kopierer du det fremhævede ind.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /rp /s
%systemroot%\*. /mp /s
CREATERESTOREPOINT


Luk alle åbne vinduer og klik på “Quick Scan”  og lad programmet køre.

Det vil give to logfiler på skrivebordet, OTL.txt og Extras.txt.

Så kopier følgende ind i dit næste indlæg (i rækkefølge):

Indholdet af OTL.txt
Indholdet af Extras.txt

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

Signatur

Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !

  strato
Antal indlæg: 84

Desværre kan jeg ikke huske navnene.
Her er OTL teksten:

OTL logfile created on: 30-07-2012 13:44:43 - Run 1
OTL by OldTimer - Version 3.2.55.0   Folder = C:\Documents and Settings\JH\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,75 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 73,32% Memory free
4,59 Gb Paging File | 3,84 Gb Available in Paging File | 83,66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 232,88 Gb Total Space | 70,17 Gb Free Space | 30,13% Space Free | Partition Type: NTFS
Drive E: | 14,91 Gb Total Space | 13,61 Gb Free Space | 91,27% Space Free | Partition Type: FAT32

Computer Name: NYTOSHIBA | User Name: JH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-07-30 13:36:02 | 000,597,504 |——| M] (OldTimer Tools)—C:\Documents and Settings\JH\Skrivebord\OTL.exe
PRC - [2012-07-04 17:25:54 | 005,160,568 |——| M] (AVG Technologies CZ, s.r.o.)—C:\Programmer\AVG\AVG2012\avgidsagent.exe
PRC - [2012-07-03 13:46:44 | 000,655,944 |——| M] (Malwarebytes Corporation)—C:\Programmer\Malwarebytes’ Anti-Malware\mbamservice.exe
PRC - [2012-07-03 13:46:44 | 000,462,920 |——| M] (Malwarebytes Corporation)—C:\Programmer\Malwarebytes’ Anti-Malware\mbamgui.exe
PRC - [2012-06-13 03:48:26 | 000,758,392 |——| M] (AVG Technologies CZ, s.r.o.)—C:\Programmer\AVG\AVG2012\avgrsx.exe
PRC - [2012-06-13 03:48:24 | 001,255,544 |——| M] (AVG Technologies CZ, s.r.o.)—C:\Programmer\AVG\AVG2012\avgnsx.exe
PRC - [2012-04-24 17:32:38 | 001,716,784 |——| M] (Soluto)—C:\Programmer\Soluto\Soluto.exe
PRC - [2012-04-24 17:32:38 | 000,584,224 |——| M] (Soluto)—C:\Programmer\Soluto\SolutoService.exe
PRC - [2012-04-05 05:12:34 | 002,587,008 |——| M] (AVG Technologies CZ, s.r.o.)—C:\Programmer\AVG\AVG2012\avgtray.exe
PRC - [2012-02-14 04:53:38 | 000,193,288 |——| M] (AVG Technologies CZ, s.r.o.)—C:\Programmer\AVG\AVG2012\avgwdsvc.exe
PRC - [2012-02-14 04:52:38 | 000,338,784 |——| M] (AVG Technologies CZ, s.r.o.)—C:\Programmer\AVG\AVG2012\avgcsrvx.exe
PRC - [2012-01-18 15:02:04 | 000,254,696 |——| M] (Sun Microsystems, Inc.)—C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
PRC - [2011-05-01 13:13:56 | 000,059,392 |——| M] ()—C:\Programmer\Activation Assistant for the 2007 Microsoft Office suites\update_check.exe
PRC - [2008-04-15 14:00:00 | 001,034,752 |——| M] (Microsoft Corporation)—C:\WINDOWS\explorer.exe
PRC - [2008-04-14 03:11:12 | 000,450,648 |——| M] (Atheros Communications, Inc.)—C:\Programmer\Atheros\ACU.exe
PRC - [2008-04-14 03:10:52 | 000,467,028 |——| M] (Atheros)—C:\WINDOWS\system32\acs.exe
PRC - [2008-02-06 11:32:18 | 000,046,392 |——| M] (TOSHIBA Corporation)—C:\WINDOWS\system32\TPSBattM.exe
PRC - [2008-02-01 16:40:14 | 000,077,824 |——| M] (TOSHIBA Inc.)—C:\Programmer\Toshiba\Controls\VolumeIndicator.exe
PRC - [2007-11-21 18:23:32 | 000,129,632 |——| M] (TOSHIBA Corporation)—C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007-05-11 11:46:24 | 000,143,360 |——| M] (TOSHIBA Corporation)—C:\Programmer\Toshiba\TOSHIBA-zoomfunktion\SmoothView.exe
PRC - [2007-04-26 11:49:34 | 000,495,616 |——| M] (TOSHIBA Corporation)—C:\Programmer\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007-02-12 16:43:44 | 000,065,536 |——| M] (O2Micro International)—c:\Programmer\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006-09-08 16:10:22 | 000,040,960 |——| M] (Alps Electric Co., Ltd.)—C:\Programmer\Apoint2K\hidfind.exe
PRC - [2006-05-19 12:13:00 | 000,798,720 |——| M] (TOSHIBA CORPORATION)—C:\Programmer\Toshiba\ConfigFree\CFSServ.exe
PRC - [2006-03-16 13:58:00 | 000,974,848 |——| M] (TOSHIBA CORPORATION)—C:\Programmer\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005-07-21 18:38:00 | 000,901,120 |——| M] (TOSHIBA CORPORATION)—C:\Programmer\Toshiba\ConfigFree\CFXFER.exe
PRC - [2005-04-12 10:38:28 | 000,065,536 |——| M] (TOSHIBA)—C:\Programmer\Toshiba\TOSCDSPD\TOSCDSPD.exe


========== Modules (No Company Name) ==========

MOD - [2012-06-16 12:38:51 | 000,750,080 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\98569a819df4107b1ad95cbf3d74f82f\SolutoCleanup.ni.dll
MOD - [2012-06-16 12:38:49 | 000,791,552 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\b0a3bf4e17675feb5b8cee5a38620620\PCGDataAggregation.ni.dll
MOD - [2012-06-16 12:38:47 | 000,886,784 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\f6cb6a3e3ec0c84d1b4aeeaf4be593cf\PCGBrowsersProbe.ni.dll
MOD - [2012-06-16 12:38:44 | 000,888,832 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\336eb0cd6529783c116af1e03a08f3eb\PCGClientCommunication.ni.dll
MOD - [2012-06-16 12:38:23 | 000,645,120 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\125abccde8ee548a6b18a649743804ed\PCGPostBootResources.ni.dll
MOD - [2012-06-16 12:38:21 | 000,061,440 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\cb107c0881041bee4ef50a1c8df236d4\PCGHIDProbe.ni.dll
MOD - [2012-06-16 12:38:19 | 004,219,392 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\a645414fb985143a2ba90dbed0962ce4\PCGClientCommon.ni.dll
MOD - [2012-06-16 12:38:10 | 001,290,752 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\b59a0ce6e441aa9a163ad23e685732a3\PCGCommunication.ni.dll
MOD - [2012-06-16 12:38:07 | 000,212,992 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012-06-16 12:38:05 | 011,817,472 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012-06-16 12:37:52 | 002,665,984 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\7200fed1331d48110bc34e04863c2360\PCGFramework.ni.dll
MOD - [2012-06-16 12:37:45 | 002,020,864 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\4c55a00639619e215eff8272a099be71\Soluto.ni.exe
MOD - [2012-06-16 12:31:13 | 012,433,920 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012-06-16 12:30:55 | 001,592,320 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012-06-16 12:28:04 | 002,933,248 |——| M] ()—C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012-06-16 12:27:49 | 000,113,664 |——| M] ()—C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2012-06-16 12:27:48 | 000,261,632 |——| M] ()—C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012-05-12 00:04:56 | 000,329,216 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\f83ea1dd454cf52293972d2ecdaabc32\PCGBootVisualizingCore.ni.dll
MOD - [2012-05-12 00:04:54 | 000,050,688 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.NetFwTypeLib\052488191aaf9521d39c6169633e93e9\Interop.NetFwTypeLib.ni.dll
MOD - [2012-05-12 00:04:53 | 000,357,376 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\cdb1bb1cc40ebc19a3f313538056dcb8\PCGCatalogItemFootprint.ni.dll
MOD - [2012-05-12 00:04:49 | 000,345,088 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\c44f1b7d8697a23c67a2e7b3921368f7\PCGSAProbe.ni.dll
MOD - [2012-05-12 00:04:46 | 000,111,616 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\511ff4ad088e5e77c2df82659edbe2f7\PCGCatalogItemCache.ni.dll
MOD - [2012-05-12 00:04:44 | 000,049,664 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\5d4ef69cf71b422727b00983f94cbdb5\PCGEntities.ni.dll
MOD - [2012-05-12 00:04:39 | 000,129,024 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\ade8819a1be9dbd34bebdfb7af9575cc\SolutoUpdateService.ni.dll
MOD - [2012-05-12 00:04:38 | 000,150,016 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\c0204abeee26061fb83d38efa8563f28\PCGUpgrader.ni.dll
MOD - [2012-05-12 00:04:36 | 002,080,768 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\8869fd2b3c87e15b6fd9d075d45f4ffc\SolutoService.ni.exe
MOD - [2012-05-12 00:00:44 | 000,044,032 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\ddd58c6512fe7a1512beafca274d542e\PCGRSPProbe.ni.dll
MOD - [2012-05-12 00:00:37 | 002,327,552 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\cb26f18e44d452420f9913fc03408a2c\Community.CsharpSqlite.ni.dll
MOD - [2012-05-12 00:00:35 | 000,202,240 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\95f6f2f79188d4d7c16319829ccc4072\PCGWuInfo.ni.dll
MOD - [2012-05-12 00:00:34 | 000,100,864 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\4d8b81d1add4fa798113e73013e0b90f\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2012-05-12 00:00:34 | 000,067,584 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\56c576561d1558cacd237f8167b38525\PCGUsersCenter.ni.dll
MOD - [2012-05-12 00:00:33 | 000,177,152 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\116fe51e9b2635d9e7de2001da98b978\PCGAppControlPluginLoader.ni.dll
MOD - [2012-05-12 00:00:25 | 000,197,632 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\ce020132476e6b20c3e434d8840433ba\PCGBootVisualizingCommon.ni.dll
MOD - [2012-05-12 00:00:22 | 000,065,024 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\4fe3ef8a73f4cae0053338a7885bbd15\PCGConfiguration.ni.dll
MOD - [2012-05-12 00:00:21 | 000,766,976 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\9db75bb09e5d72de3ed624365cf9df47\System.Data.SqlServerCe.ni.dll
MOD - [2012-05-12 00:00:19 | 003,942,400 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\bed0f1ffd4ee696593712b2a8caf5ade\PCGDatabase.ni.dll
MOD - [2012-05-12 00:00:14 | 000,094,208 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2012-05-12 00:00:13 | 000,048,640 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\4fc04a4ccaa952f645cac776235af370\PCGAzureEntityFramework.ni.dll
MOD - [2012-05-12 00:00:12 | 001,356,800 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\892771fd1e91b39426898becdd6af6b0\PCGAzureShared.ni.dll
MOD - [2012-05-12 00:00:07 | 000,194,048 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\dddf69e0c24d45b4e4a06e6220423dd7\PCGDriverProbe.ni.dll
MOD - [2012-05-12 00:00:04 | 002,845,696 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\aeed6fe9704275bada108824bad77953\PCGPreCompiled.ni.dll
MOD - [2012-05-12 00:00:00 | 000,206,848 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\d4f4b9c85743ba4fe72a057adbbed36d\PCGPrestoSerializer.ni.dll
MOD - [2012-05-11 23:59:59 | 000,596,480 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\60c0c887591f37e0a1e84464b38a71e1\Ionic.Zip.Reduced.ni.dll
MOD - [2012-05-11 23:58:04 | 000,771,584 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012-05-11 23:58:00 | 000,627,712 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012-05-11 23:58:00 | 000,280,064 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
MOD - [2012-05-11 23:57:59 | 000,627,200 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012-05-11 23:57:57 | 001,554,432 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\07f15b31e79ca6397a84231e942c9e05\Newtonsoft.Json.Net35.ni.dll
MOD - [2012-05-11 23:57:54 | 000,400,896 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
MOD - [2012-05-11 23:57:53 | 000,939,008 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll
MOD - [2012-05-11 23:57:34 | 000,971,264 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012-05-11 23:57:11 | 000,256,000 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
MOD - [2012-05-11 23:56:28 | 002,345,472 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
MOD - [2012-05-11 23:54:48 | 005,450,752 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012-05-11 23:54:00 | 002,516,480 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
MOD - [2012-05-11 23:53:51 | 006,616,576 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012-05-11 23:53:42 | 002,295,296 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012-05-11 23:51:23 | 007,953,408 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012-05-11 23:51:08 | 011,492,352 |——| M] ()—C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012-04-24 17:13:38 | 000,071,216 |——| M] ()—C:\Programmer\Soluto\PCGDllExportInspector.dll
MOD - [2011-05-01 13:13:56 | 000,059,392 |——| M] ()—C:\Programmer\Activation Assistant for the 2007 Microsoft Office suites\update_check.exe
MOD - [2009-06-21 00:39:58 | 000,200,704 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_da_b77a5c561934e089\System.resources.dll
MOD - [2009-06-21 00:39:56 | 000,344,064 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_da_b77a5c561934e089\System.Data.resources.dll
MOD - [2009-06-21 00:39:54 | 000,409,600 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_da_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009-06-21 00:39:53 | 000,040,960 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_da_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2009-06-21 00:39:46 | 000,299,008 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009-06-21 00:39:44 | 000,155,648 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_da_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009-02-15 04:37:18 | 000,040,960 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3034.36901__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009-02-15 04:37:17 | 001,679,360 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3034.36909__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009-02-15 04:37:17 | 000,364,544 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3034.37109__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2009-02-15 04:37:17 | 000,253,952 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3034.36868__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009-02-15 04:37:17 | 000,196,608 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3034.36922__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009-02-15 04:37:17 | 000,077,824 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3034.37102__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009-02-15 04:37:17 | 000,036,864 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3034.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009-02-15 04:37:17 | 000,020,480 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3034.36888__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009-02-15 04:37:16 | 000,065,536 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3034.37066__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009-02-15 04:37:14 | 000,483,328 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3034.37132__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009-02-15 04:36:11 | 000,135,168 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3034.37138__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009-02-15 04:36:11 | 000,073,728 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3034.36881__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009-02-15 04:36:10 | 000,352,256 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3034.37074__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009-02-15 04:36:10 | 000,090,112 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3034.37080__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009-02-15 04:36:10 | 000,061,440 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3034.37073__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009-02-15 04:36:09 | 000,139,264 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3034.37144__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll
MOD - [2009-02-15 04:36:09 | 000,045,056 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3034.37144__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll
MOD - [2009-02-15 04:36:07 | 000,802,816 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009-02-15 04:36:07 | 000,401,408 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3034.37094__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009-02-15 04:36:07 | 000,217,088 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3034.36928__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009-02-15 04:36:07 | 000,073,728 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009-02-15 04:36:06 | 000,901,120 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3034.37103__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2009-02-15 04:36:06 | 000,585,728 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3034.36935__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009-02-15 04:36:06 | 000,438,272 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3034.36889__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009-02-15 04:36:06 | 000,307,200 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3034.36941__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009-02-15 04:36:06 | 000,118,784 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3034.37045__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009-02-15 04:36:06 | 000,040,960 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3034.36941__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009-02-15 04:36:06 | 000,036,864 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3034.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009-02-15 04:36:05 | 000,479,232 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3034.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009-02-15 04:36:05 | 000,401,408 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3034.37059__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009-02-15 04:36:05 | 000,061,440 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3034.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009-02-15 04:36:05 | 000,040,960 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3034.37030__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009-02-15 04:36:05 | 000,032,768 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3034.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009-02-15 04:36:04 | 000,020,480 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009-02-15 04:36:04 | 000,020,480 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009-02-15 04:36:04 | 000,016,384 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009-02-15 04:36:03 | 000,016,384 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009-02-15 04:36:03 | 000,016,384 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009-02-15 04:36:03 | 000,006,656 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009-02-15 04:36:02 | 000,024,576 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009-02-15 04:36:01 | 000,045,056 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009-02-15 04:36:01 | 000,032,768 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009-02-15 04:36:01 | 000,020,480 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009-02-15 04:36:01 | 000,016,384 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009-02-15 04:36:01 | 000,016,384 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll
MOD - [2009-02-15 04:36:01 | 000,016,384 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009-02-15 04:36:01 | 000,016,384 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009-02-15 04:36:01 | 000,016,384 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009-02-15 04:36:00 | 000,053,248 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009-02-15 04:36:00 | 000,053,248 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009-02-15 04:36:00 | 000,028,672 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009-02-15 04:36:00 | 000,020,480 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009-02-15 04:36:00 | 000,020,480 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009-02-15 04:36:00 | 000,020,480 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009-02-15 04:36:00 | 000,016,384 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009-02-15 04:36:00 | 000,016,384 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009-02-15 04:36:00 | 000,016,384 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009-02-15 04:35:59 | 000,053,248 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009-02-15 04:35:59 | 000,040,960 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009-02-15 04:35:59 | 000,028,672 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.2939.23766__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll
MOD - [2009-02-15 04:35:58 | 000,049,152 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009-02-15 04:35:58 | 000,020,480 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009-02-15 04:35:57 | 000,065,536 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009-02-15 04:35:57 | 000,053,248 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009-02-15 04:35:57 | 000,045,056 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009-02-15 04:35:57 | 000,040,960 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009-02-15 04:35:57 | 000,032,768 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009-02-15 04:35:57 | 000,028,672 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009-02-15 04:35:57 | 000,028,672 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009-02-15 04:35:57 | 000,024,576 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009-02-15 04:35:57 | 000,024,576 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009-02-15 04:35:56 | 000,024,576 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2009-02-15 04:35:56 | 000,024,576 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009-02-15 04:35:56 | 000,020,480 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009-02-15 04:35:56 | 000,016,384 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009-02-15 04:35:30 | 000,040,960 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3034.37150__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009-02-15 04:35:30 | 000,006,656 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3034.36860__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009-02-15 04:35:29 | 000,016,384 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009-02-15 04:35:28 | 000,102,400 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3034.37123__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009-02-15 04:35:28 | 000,032,768 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009-02-15 04:35:28 | 000,020,480 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009-02-15 04:35:27 | 000,491,520 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3034.36895__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009-02-15 04:35:27 | 000,061,440 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3034.37122__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009-02-15 04:35:27 | 000,040,960 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009-02-15 04:35:27 | 000,024,576 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009-02-15 04:35:26 | 000,045,056 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009-02-15 04:35:25 | 000,073,728 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3034.36861__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009-02-15 04:35:23 | 000,020,480 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009-02-15 04:35:21 | 001,511,424 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3034.36876__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009-02-15 04:35:20 | 000,040,960 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009-02-15 04:35:18 | 000,020,480 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009-02-15 04:35:17 | 000,032,768 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3034.37123__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009-02-15 04:35:16 | 000,065,536 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3034.36861__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009-02-15 04:35:14 | 000,032,768 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009-02-15 04:35:09 | 000,053,248 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3034.36859__90ba9c70f846762e\APM.Server.dll
MOD - [2009-02-15 04:35:09 | 000,045,056 |——| M] ()—C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3034.36860__90ba9c70f846762e\AEM.Server.dll
MOD - [2007-12-14 16:01:30 | 000,151,552 |——| M] ()—C:\WINDOWS\system32\tsbwls.dll
MOD - [2006-08-05 12:34:34 | 000,126,464 |——| M] ()—C:\Programmer\WinRAR\RarExt.dll
MOD - [2004-11-05 18:24:00 | 000,090,112 |——| M] ()—C:\Programmer\Toshiba\ConfigFree\CFShlExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped]——(avg9wd)
SRV - [2012-07-04 17:25:54 | 005,160,568 |——| M] (AVG Technologies CZ, s.r.o.) [Auto | Running]—C:\Programmer\AVG\AVG2012\avgidsagent.exe—(AVGIDSAgent)
SRV - [2012-07-03 13:46:44 | 000,655,944 |——| M] (Malwarebytes Corporation) [Auto | Running]—C:\Programmer\Malwarebytes’ Anti-Malware\mbamservice.exe—(MBAMService)
SRV - [2012-04-24 17:32:38 | 000,584,224 |——| M] (Soluto) [Auto | Running]—C:\Programmer\Soluto\SolutoService.exe—(SolutoService)
SRV - [2012-02-14 04:53:38 | 000,193,288 |——| M] (AVG Technologies CZ, s.r.o.) [Auto | Running]—C:\Programmer\AVG\AVG2012\avgwdsvc.exe—(avgwd)
SRV - [2011-07-20 06:18:24 | 000,440,696 |——| M] (Microsoft Corporation) [On_Demand | Stopped]—C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE—(odserv)
SRV - [2009-08-28 20:42:54 | 000,144,672 |——| M] (Apple Inc.) [On_Demand | Stopped]—C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe—(Apple Mobile Device)
SRV - [2008-04-14 03:10:52 | 000,467,028 |——| M] (Atheros) [Auto | Running]—C:\WINDOWS\system32\acs.exe—(ACS)
SRV - [2008-04-11 11:57:14 | 000,124,264 |——| M] (TOSHIBA CORPORATION) [On_Demand | Stopped]—c:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe—(TOSHIBA Bluetooth Service)
SRV - [2007-11-21 18:23:32 | 000,129,632 |——| M] (TOSHIBA Corporation) [Auto | Running]—C:\WINDOWS\system32\TODDSrv.exe—(TODDSrv)
SRV - [2007-02-12 16:43:44 | 000,065,536 |——| M] (O2Micro International) [Auto | Running]—c:\Programmer\O2Micro Flash Memory Card Driver\o2flash.exe—(o2flash)
SRV - [2006-10-26 13:03:08 | 000,145,184 |——| M] (Microsoft Corporation) [On_Demand | Stopped]—C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE—(ose)
SRV - [2005-04-04 00:41:10 | 000,069,632 |——| M] (Macrovision Corporation) [On_Demand | Stopped]—c:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe—(IDriverT)
SRV - [2005-01-17 16:38:00 | 000,040,960 |——| M] (TOSHIBA CORPORATION) [On_Demand | Stopped]—C:\Programmer\Toshiba\ConfigFree\CFSvcs.exe—(CFSvcs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped]——(WDICA)
DRV - File not found [Kernel | On_Demand | Stopped]——(PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped]——(PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped]——(PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped]——(PDCOMP)
DRV - File not found [Kernel | System | Stopped]——(PCIDump)
DRV - File not found [Kernel | System | Stopped]——(lbrtfdc)
DRV - File not found [Kernel | System | Stopped]——(i2omgmt)
DRV - File not found [Kernel | On_Demand | Running]—C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys—(cpuz135)
DRV - File not found [Kernel | System | Stopped]——(Changer)
DRV - [2012-07-03 13:46:44 | 000,022,344 |——| M] (Malwarebytes Corporation) [File_System | On_Demand | Running]—C:\WINDOWS\system32\drivers\mbam.sys—(MBAMProtector)
DRV - [2012-04-24 17:13:24 | 000,051,144 |——| M] (Soluto LTD.) [File_System | Boot | Running]—C:\WINDOWS\system32\drivers\Soluto.sys—(Soluto)
DRV - [2012-04-19 04:50:26 | 000,024,896 |——| M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running]—C:\WINDOWS\system32\drivers\avgidshx.sys—(AVGIDSHX)
DRV - [2012-03-19 05:17:28 | 000,301,248 |——| M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running]—C:\WINDOWS\system32\drivers\avgtdix.sys—(Avgtdix)
DRV - [2012-02-22 05:25:32 | 000,235,216 |——| M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running]—C:\WINDOWS\system32\drivers\avgldx86.sys—(Avgldx86)
DRV - [2012-01-31 04:46:50 | 000,031,952 |——| M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running]—C:\WINDOWS\system32\drivers\avgrkx86.sys—(Avgrkx86)
DRV - [2011-12-23 13:32:14 | 000,041,040 |——| M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running]—C:\WINDOWS\system32\drivers\avgmfx86.sys—(Avgmfx86)
DRV - [2011-12-23 13:32:08 | 000,017,232 |——| M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\avgidsshimx.sys—(AVGIDSShim)
DRV - [2011-12-23 13:32:06 | 000,024,144 |——| M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\avgidsfilterx.sys—(AVGIDSFilter)
DRV - [2011-12-23 13:32:00 | 000,139,856 |——| M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\avgidsdriverx.sys—(AVGIDSDriver)
DRV - [2011-07-22 18:27:02 | 000,012,880 |——| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running]—C:\Documents and Settings\JH\Lokale indstillinger\temp\SAS_SelfExtract\sasdifsv.sys—(SASDIFSV)
DRV - [2011-07-12 23:55:22 | 000,067,664 |——| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running]—C:\Documents and Settings\JH\Lokale indstillinger\temp\SAS_SelfExtract\saskutil.sys—(SASKUTIL)
DRV - [2010-08-12 19:35:30 | 000,020,480 |——| M] (NT Kernel Resources) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\ndisrd.sys—(Ndisrd)
DRV - [2009-10-14 00:36:38 | 000,215,872 |——| M] (TrueCrypt Foundation) [Kernel | System | Running]—C:\WINDOWS\system32\drivers\truecrypt.sys—(truecrypt)
DRV - [2008-06-16 16:40:20 | 000,172,040 |——| M] (AMD Technologies Inc.) [Kernel | Boot | Running]—C:\WINDOWS\system32\drivers\ahcix86.sys—(ahcix86)
DRV - [2008-04-23 17:15:26 | 000,131,712 |——| M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\tosrfbd.sys—(tosrfbd)
DRV - [2008-04-23 00:34:52 | 002,880,000 |——| M] (ATI Technologies Inc.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\ati2mtag.sys—(ati2mtag)
DRV - [2008-04-15 10:15:30 | 000,051,160 |——| M] (O2Micro ) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\o2media.sys—(O2MDRDR)
DRV - [2008-04-08 19:45:42 | 001,309,504 |——| M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\athw.sys—(AR5416)
DRV - [2008-04-04 10:57:00 | 000,296,320 |——| M] (Marvell) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\yk51x86.sys—(yukonwxp)
DRV - [2008-03-25 15:22:50 | 000,985,472 |——| M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\HSF_DPV.sys—(HSF_DPV)
DRV - [2008-03-25 15:22:10 | 000,210,560 |——| M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\HSFHWAZL.sys—(HSFHWAZL)
DRV - [2008-03-25 15:22:06 | 000,731,264 |——| M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\HSF_CNXT.sys—(winachsf)
DRV - [2008-03-25 13:54:02 | 000,041,472 |——| M] (TOSHIBA Corporation) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\tosporte.sys—(tosporte)
DRV - [2008-03-19 11:38:24 | 000,074,112 |——| M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\Tosrfhid.sys—(Tosrfhid)
DRV - [2008-02-08 10:46:36 | 000,057,408 |——| M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\wsimd.sys—(WSIMD)
DRV - [2008-02-01 13:18:56 | 000,732,160 |——| M] (Conexant Systems Inc.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\CHDAud.sys—(CnxtHdAudAddService)
DRV - [2008-01-22 20:57:48 | 000,054,144 |——| M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\TosRfSnd.sys—(TosRfSnd)
DRV - [2007-12-17 12:45:20 | 000,018,432 |——| M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\UVCFTR_S.SYS—(UVCFTR)
DRV - [2007-11-29 09:45:44 | 000,036,608 |——| M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\tosrfbnp.sys—(tosrfbnp)
DRV - [2007-11-06 16:25:36 | 000,101,888 |——| M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\Apfiltr.sys—(ApfiltrService)
DRV - [2007-10-18 14:25:00 | 000,041,856 |——| M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\tosrfusb.sys—(Tosrfusb)
DRV - [2007-10-02 11:43:22 | 000,064,128 |——| M] (TOSHIBA Corporation) [Kernel | System | Running]—C:\WINDOWS\system32\drivers\tosrfcom.sys—(Tosrfcom)
DRV - [2007-05-29 10:01:50 | 000,006,912 |——| M] (TOSHIBA) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\QIOMem.sys—(QIOMem)
DRV - [2007-04-16 16:46:34 | 000,033,792 |——| M] (Advanced Micro Devices) [Kernel | System | Running]—C:\WINDOWS\system32\drivers\AmdPPM.sys—(AmdPPM)
DRV - [2007-03-26 12:22:18 | 000,105,856 |——| M] (TOSHIBA Corporation) [File_System | Auto | Running]—C:\WINDOWS\system32\drivers\tdudf.sys—(tdudf)
DRV - [2007-02-19 12:15:32 | 000,134,016 |——| M] (TOSHIBA Corporation) [File_System | Auto | Running]—C:\WINDOWS\system32\drivers\trudf.sys—(trudf)
DRV - [2006-10-23 16:32:20 | 000,009,216 |——| M] (TOSHIBA Corporation) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\tosrfec.sys—(tosrfec)
DRV - [2006-10-18 12:50:04 | 000,016,128 |——| M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\tdcmdpst.sys—(tdcmdpst)
DRV - [2006-01-12 16:21:18 | 000,031,872 |——| M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\qkbfiltr.sys—(qkbfiltr)
DRV - [2005-06-10 21:42:00 | 000,005,504 |——| M] (Quanta Computer Corp) [Kernel | On_Demand | Running]—C:\WINDOWS\system32\drivers\BoiHwSetup.sys—(BoiHwsetup)
DRV - [2005-05-05 14:27:38 | 000,007,936 |——| M] (Quanta Computer, Inc.) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\qmofiltr.sys—(qmofiltr)
DRV - [2005-01-07 05:42:00 | 000,018,612 |——| M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped]—C:\WINDOWS\system32\drivers\tosrfnds.sys—(tosrfnds)
DRV - [2003-01-29 14:35:00 | 000,012,032 |——| M] (TOSHIBA Corporation.) [Kernel | Auto | Running]—C:\WINDOWS\system32\drivers\Netdevio.sys—(Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src;={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: “URL” = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0



IE - HKU\S-1-5-21-3277386681-160039827-3421441214-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKU\S-1-5-21-3277386681-160039827-3421441214-1005\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKU\S-1-5-21-3277386681-160039827-3421441214-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q={searchTerms}&src;={referrer:source?}
IE - HKU\S-1-5-21-3277386681-160039827-3421441214-1005\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: “URL” = http://search.avg.com/route/?d=4e03d8dd&v=7.5.30.4&i=27&tp=chrome&q={searchTerms}&lng;={language}&iy;=&ychte=us
IE - HKU\S-1-5-21-3277386681-160039827-3421441214-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-21-3277386681-160039827-3421441214-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programmer\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmer\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmer\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Programmer\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Programmer\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Programmer\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programmer\AVG\AVG2012\Firefox4\ [2012-07-18 00:32:09 | 000,000,000 |—-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Programmer\AVG\AVG2012\Firefox\DoNotTrack\ [2012-07-12 22:20:35 | 000,000,000 |—-D | M]


========== Chrome ==========

CHR - homepage: http://www.google.dk/
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://search.avg.com/?d=4dd6e107&v=7.4.22.4&i=23&tp=ggl-chrome&q={searchTerms}
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?output=chrome&client=chrome&q={searchTerms}
CHR - homepage: http://www.google.dk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programmer\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programmer\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programmer\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programmer\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programmer\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programmer\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programmer\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programmer\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programmer\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Programmer\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmer\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmer\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmer\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Programmer\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programmer\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programmer\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programmer\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmer\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-s\u00F8gning = C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-06-27 20:16:35 | 000,000,025 |——| M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1     localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programmer\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-3277386681-160039827-3421441214-1005\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [ACU] C:\Programmer\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programmer\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [DDWMon] C:\Programmer\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [Malwarebytes’ Anti-Malware] C:\Programmer\Malwarebytes’ Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [SmoothView] C:\Programmer\Toshiba\TOSHIBA-zoomfunktion\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Soluto] C:\Programmer\Soluto\soluto.exe (Soluto)
O4 - HKLM..\Run: [StartCCC] C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmer\Fælles filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Toshiba Controls Utility] C:\Programmer\Toshiba\Controls\VolumeIndicator.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-3277386681-160039827-3421441214-1005..\Run: [TOSCDSPD] C:\Programmer\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3277386681-160039827-3421441214-1005..\Run: [Upgrade_Client] C:\Programmer\Activation Assistant for the 2007 Microsoft Office suites\update_check.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3277386681-160039827-3421441214-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3277386681-160039827-3421441214-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3277386681-160039827-3421441214-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3277386681-160039827-3421441214-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programmer\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\RSLSP.dll (Ratajik Software)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab (e-Safekey)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.upl.skoleintra.dk/Li/_includes/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D20C1668-B559-40BE-A442-2C8B09FBEB25}: DhcpNameServer = 193.162.153.164 194.239.134.83
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JH\Lokale indstillinger\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-07-08 13:24:02 | 000,000,000 |——| M] () - C:\AUTOEXEC.BAT—[ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open]—“%1” %*
O35 - HKLM\..exefile [open]—“%1” %*
O37 - HKLM\...com [@ = ComFile]—“%1” %*
O37 - HKLM\...exe [@ = exefile]—“%1” %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-07-30 13:36:17 | 000,597,504 |——| C] (OldTimer Tools)—C:\Documents and Settings\JH\Skrivebord\OTL.exe
[2012-07-18 00:32:09 | 000,000,000 |—-D | C]—C:\Documents and Settings\All Users\Menuen Start\Programmer\AVG
[2012-07-01 14:37:52 | 000,000,000 | -HSD | C]—C:\RECYCLER
[2009-06-16 22:59:25 | 000,401,720 |——| C] (Trend Micro Inc.)—C:\Programmer\HJTrenamed.exe

========== Files - Modified Within 30 Days ==========

[2012-07-30 13:36:02 | 000,597,504 |——| M] (OldTimer Tools)—C:\Documents and Settings\JH\Skrivebord\OTL.exe
[2012-07-30 12:20:12 | 000,001,012 |——| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3277386681-160039827-3421441214-1005UA.job
[2012-07-30 01:28:11 | 000,001,158 |——| M] ()—C:\WINDOWS\System32\wpa.dbl
[2012-07-30 01:25:26 | 000,002,048 |—S- | M] ()—C:\WINDOWS\bootstat.dat
[2012-07-30 01:25:16 | 2951,065,600 | -HS- | M] ()—C:\hiberfil.sys
[2012-07-30 01:20:00 | 000,000,960 |——| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3277386681-160039827-3421441214-1005Core.job
[2012-07-29 13:19:35 | 102,437,983 |——| M] ()—C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012-07-25 23:13:39 | 000,332,704 |——| M] ()—C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012-07-18 00:32:09 | 000,000,687 |——| M] ()—C:\Documents and Settings\All Users\Skrivebord\AVG 2012.lnk
[2012-07-12 22:59:58 | 000,000,763 |——| M] ()—C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012-07-12 22:54:19 | 000,271,784 |——| M] ()—C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-12 22:30:28 | 000,001,374 |——| M] ()—C:\WINDOWS\imsins.BAK
[2012-07-12 22:20:38 | 000,002,293 |—

  strato
Antal indlæg: 84

Og her er Ekstras:

OTL Extras logfile created on: 30-07-2012 13:44:43 - Run 1
OTL by OldTimer - Version 3.2.55.0   Folder = C:\Documents and Settings\JH\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,75 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 73,32% Memory free
4,59 Gb Paging File | 3,84 Gb Available in Paging File | 83,66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 232,88 Gb Total Space | 70,17 Gb Free Space | 30,13% Space Free | Partition Type: NTFS
Drive E: | 14,91 Gb Total Space | 13,61 Gb Free Space | 91,27% Space Free | Partition Type: FAT32

Computer Name: NYTOSHIBA | User Name: JH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile]—rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
.url [@ = InternetShortcut]—rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3277386681-160039827-3421441214-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML]—Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open]—“%1” %*
cmdfile [open]—“%1” %*
comfile [open]—“%1” %*
cplfile [cplopen]—rundll32.exe shell32.dll,Control_RunDLL “%1”,%*
exefile [open]—“%1” %*
InternetShortcut [open]—rundll32.exe ieframe.dll,OpenURL %l
piffile [open]—“%1” %*
regfile [merge]—Reg Error: Key error.
scrfile [config]—“%1”
scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open]—“%1” /S
txtfile [edit]—Reg Error: Key error.
Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC]—“C:\Programmer\VideoLAN\VLC\vlc.exe”—started-from-file—playlist-enqueue “%1” ()
Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC]—“C:\Programmer\VideoLAN\VLC\vlc.exe”—started-from-file—no-playlist-enqueue “%1” ()
Folder [open]—%SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore]—%SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“FirstRunDisabled” = 1
“AntiVirusDisableNotify” = 0
“FirewallDisableNotify” = 0
“UpdatesDisableNotify” = 0
“AntiVirusOverride” = 0
“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
“DisableSR” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
“Start” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
“Start” = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall” = 1
“DoNotAllowExceptions” = 0
“DisableNotifications” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
“1900:UDP” = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
“2869:TCP” = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\Programmer\Toshiba\ConfigFree\NDSTray.exe” = C:\Programmer\Toshiba\ConfigFree\NDSTray.exe:*:Enabled:ConfigFree(TM) Tray—(TOSHIBA CORPORATION)
“C:\Programmer\Toshiba\ConfigFree\CFXFER.exe” = C:\Programmer\Toshiba\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine—(TOSHIBA CORPORATION)
“C:\Programmer\Ratajik Software\StationRipper\StationRipperConsole.exe” = C:\Programmer\Ratajik Software\StationRipper\StationRipperConsole.exe:*:Enabled:StationRipperConsole—()
“C:\Z\programmer downloaded\solutoinstaller.exe” = C:\Z\programmer downloaded\solutoinstaller.exe:*:Enabled:SolutoInstaller—(Soluto Inc)
“C:\Programmer\Soluto\Soluto.exe” = C:\Programmer\Soluto\Soluto.exe:*:Enabled:Soluto Tray—(Soluto)
“C:\Programmer\Soluto\SolutoService.exe” = C:\Programmer\Soluto\SolutoService.exe:*:Enabled:Soluto Service—(Soluto)
“C:\Programmer\Soluto\SolutoConsole.exe” = C:\Programmer\Soluto\SolutoConsole.exe:*:Enabled:Soluto Console—(Soluto)
“C:\Programmer\Soluto\SolutoUpdateService.exe” = C:\Programmer\Soluto\SolutoUpdateService.exe:*:Enabled:Soluto Update Service—(Soluto)
“C:\Programmer\AVG\AVG2012\avgmfapx.exe” = C:\Programmer\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer—(AVG Technologies CZ, s.r.o.)
“C:\Programmer\AVG\AVG2012\avgnsx.exe” = C:\Programmer\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield—(AVG Technologies CZ, s.r.o.)
“C:\Programmer\AVG\AVG2012\avgdiagex.exe” = C:\Programmer\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012—(AVG Technologies CZ, s.r.o.)
“C:\Programmer\AVG\AVG2012\avgemcx.exe” = C:\Programmer\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner—(AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{0042E2F7-4C32-94AC-2A04-5224FE4BDE20}” = Catalyst Control Center Localization Swedish
“{0213D514-5E15-60A1-83FC-1B31BD6E528F}” = Catalyst Control Center Localization French
“{055EE59D-217B-43A7-ABFF-507B966405D8}” = ATI Catalyst Control Center
“{07287123-B8AC-41CE-8346-3D777245C35B}” = Bonjour
“{0AC84B91-CB8A-9293-20D8-02EE269155EA}” = Catalyst Control Center Localization Greek
“{0C0A2D69-7F51-4B77-B64E-AB405AC446BE}” = Toshiba Controls Utility
“{1140B6A6-032D-60C1-1F82-F88FDA4BB0D6}” = CCC Help Swedish
“{12B3A009-A080-4619-9A2A-C6DB151D8D67}” = TOSHIBA-Assist
“{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}” = QuickTime
“{156E98D0-1AEC-4013-A41A-94A1A01BFD68}” = O2Micro Flash Memory Card Reader Driver (x86)
“{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}” = Atheros Client Utility
“{18118D21-4414-761D-ED5A-2725A18A14E5}” = Catalyst Control Center Graphics Light
“{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
“{2290A680-4083-410A-ADCC-7092C67FC052}” = Toshiba Online Product Information
“{26A24AE4-039D-4CA4-87B4-2F83216033FF}” = Java(TM) 6 Update 33
“{2AB402F9-711A-E3DD-26FC-2CF87692942D}” = CCC Help Japanese
“{2C38F661-26B7-445D-B87D-B53FE2D3BD42}” = TOSHIBA PC Diagnostic Tool
“{3248F0A8-6813-11D6-A77B-00B0D0160060}” = Java(TM) 6 Update 6
“{350C9406-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP
“{36E9F3E0-4E45-DE37-CD53-76CC69516DEA}” = Skins
“{37C866E4-AA67-4725-9E95-A39968DD7960}” = Camera Assistant Software for Toshiba
“{39ECD959-EAF2-4567-95F8-A1DFB81F393C}” = TOSHIBA Brugerhåndbøger
“{3F92ABBB-6BBF-11D5-B229-002078017FBF}” = NetWaiting
“{3FA365DF-2D68-45ED-8F83-8C8A33E65143}” = Apple Application Support
“{400830CA-F056-4BBE-80A3-9DF9CA4FB889}” = TOSHIBA Direct Disc Writer
“{47985AEA-2CA2-3344-851E-BA4DC9101C68}” = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DAN
“{486F299B-6A3B-0266-165A-0B164E12F68B}” = Catalyst Control Center Localization Czech
“{48F33A26-BA95-2739-6923-17C3B401AC4A}” = CCC Help Norwegian
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{4A58AE50-675C-7179-5184-CA9EFC18EB16}” = CCC Help Spanish
“{4B8D97C7-4B92-DE80-8ACB-729F6E76FAF7}” = CCC Help Czech
“{4CAC3700-E7B1-D3DF-B1B1-C9A3F01F51AF}” = CCC Help French
“{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1” = AVG PC Tuneup 2011
“{507E0E95-8996-0BBD-4A87-B3A9571E8ED7}” = CCC Help Korean
“{54080F42-9CDC-5883-CA0D-F9975F76C5DC}” = CCC Help Chinese Traditional
“{5691A25E-C05B-4E0F-87DA-E80869F756C2}” = Toshiba Hotkey Utility
“{56FB9098-4F65-02BD-5FA1-E307B9075A83}” = Catalyst Control Center Localization Chinese Standard
“{576420A5-E1F0-4C09-A07C-F689082E666F}” = Toshiba Touchpad Utility
“{5AC27AFA-7A89-BFE5-4F68-953347905FDA}” = Catalyst Control Center Graphics Full New
“{5C096598-1E73-DF35-2F8F-26C30A4E2F36}” = ccc-core-static
“{5D0A94DD-536D-40B0-D30B-D68BB7B09B1F}” = Catalyst Control Center Localization Finnish
“{5DA0E02F-970B-424B-BF41-513A5018E4C0}” = TOSHIBA Disc Creator
“{5E698E66-2135-CB52-2357-DFB09EAF747C}” = Catalyst Control Center Graphics Full Existing
“{64212898-097F-4F3F-AECA-6D34A7EF82DF}” = TOSHIBA-zoomfunktion
“{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}” = Activation Assistant for the 2007 Microsoft Office suites
“{6956856F-B6B3-4BE0-BA0B-8F495BE32033}” = Apple Software Update
“{6D003AEB-672B-D438-FA2D-E12C46133BAC}” = Catalyst Control Center Localization Spanish
“{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}” = AVG 2012
“{6F2171D1-DD5D-320F-279B-B50DF8A4F9D8}” = CCC Help Hungarian
“{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable
“{7582CF48-84D4-C8D3-2778-A77673DB2F50}” = CCC Help Chinese Standard
“{7975ADDB-1EBB-8B81-18B0-776FA7046662}” = CCC Help Thai
“{7F510409-765B-55BB-64F5-593219062D66}” = Catalyst Control Center Localization Hungarian
“{7FC289F0-81C4-EC13-9AE3-4260D0B62C55}” = CCC Help English
“{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable
“{85ED2BA6-7081-CA16-364A-5EE690FC7B86}” = CCC Help Portuguese
“{86904E68-1B3D-97D3-41C0-266CF4AC2E9F}” = ccc-core-preinstall
“{86F2FBC5-2E57-B140-BEBD-5192A14EA78E}” = Catalyst Control Center Localization Danish
“{87F3E2F5-8C8A-5D7E-ACE5-88D2C3652D50}” = Catalyst Control Center Localization Korean
“{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}” = OLYMPUS ib
“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
“{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}” = MediaPlayer Utilities 4.27
“{8C208B1A-349C-4ABA-B52C-D8A32E503C17}” = Catalyst Control Center - Branding
“{8D5DD995-12F3-72F1-9884-0095AFAED308}” = CCC Help Turkish
“{8E2AC6D8-C457-83D4-2743-A235921D3D32}” = Catalyst Control Center Localization Thai
“{8F7AC250-4D7D-431D-AC4E-94FB78EA3F8B}” = TOSHIBA Power Saver
“{90120000-0010-0406-0000-0000000FF1CE}” = Microsoft Software Update for Web Folders (Danish) 12
“{90120000-0015-0406-0000-0000000FF1CE}” = Microsoft Office Access MUI (Danish) 2007
“{90120000-0015-0406-0000-0000000FF1CE}_PROHYBRIDR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3)
“{90120000-0016-0406-0000-0000000FF1CE}” = Microsoft Office Excel MUI (Danish) 2007
“{90120000-0016-0406-0000-0000000FF1CE}_PROHYBRIDR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3)
“{90120000-0018-0406-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (Danish) 2007
“{90120000-0018-0406-0000-0000000FF1CE}_PROHYBRIDR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3)
“{90120000-0019-0406-0000-0000000FF1CE}” = Microsoft Office Publisher MUI (Danish) 2007
“{90120000-0019-0406-0000-0000000FF1CE}_PROHYBRIDR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3)
“{90120000-001A-0406-0000-0000000FF1CE}” = Microsoft Office Outlook MUI (Danish) 2007
“{90120000-001A-0406-0000-0000000FF1CE}_PROHYBRIDR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3)
“{90120000-001B-0406-0000-0000000FF1CE}” = Microsoft Office Word MUI (Danish) 2007
“{90120000-001B-0406-0000-0000000FF1CE}_PROHYBRIDR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3)
“{90120000-001F-0406-0000-0000000FF1CE}” = Microsoft Office Proof (Danish) 2007
“{90120000-001F-0406-0000-0000000FF1CE}_PROHYBRIDR_{8F771259-9037-4097-AA88-8613F3BE5627}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
“{90120000-001F-0407-0000-0000000FF1CE}” = Microsoft Office Proof (German) 2007
“{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
“{90120000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2007
“{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
“{90120000-002C-0406-0000-0000000FF1CE}” = Microsoft Office Proofing (Danish) 2007
“{90120000-006E-0406-0000-0000000FF1CE}” = Microsoft Office Shared MUI (Danish) 2007
“{90120000-006E-0406-0000-0000000FF1CE}_PROHYBRIDR_{11584158-91C7-4B1B-BFD1-F47D680F13CF}” = Microsoft Office 2007 Service Pack 3 (SP3)
“{90140000-2005-0000-0000-0000000FF1CE}” = Microsoft Office File Validation Add-In
“{91120000-0031-0000-0000-0000000FF1CE}” = Microsoft Office Professional Hybrid 2007
“{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}” = Microsoft Office 2007 Service Pack 3 (SP3)
“{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}” = InterVideo WinDVD for TOSHIBA
“{973F8409-F8DA-4A40-ACB4-12B02F3399D7}” = Microsoft .NET Framework 1.1 Danish Language Pack
“{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
“{9CEFACFF-46DF-BF3F-6775-D2AE82FF079C}” = Catalyst Control Center Localization Dutch
“{9CF0765F-D996-6853-03E4-B8E861AE0A03}” = CCC Help Danish
“{9E36054C-07B4-4B4F-62A6-F7E2724FFE58}” = Catalyst Control Center Localization Chinese Traditional
“{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}” = ALPS Touch Pad Driver
“{9FC8923E-E448-BFD2-AA85-38EBE022FBC2}” = CCC Help German
“{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}” = Cd/dvd-drev - Acoustic Silencer
“{A2F97770-C593-ED41-EEF7-0114025ADDFD}” = Catalyst Control Center Localization German
“{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}” = Microsoft .NET Framework 3.0 Service Pack 2
“{A52C31EC-A8B6-3388-08A2-5B424DAC5A33}” = ccc-utility
“{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}” = iTunes
“{AC76BA86-7AD7-1030-7B44-A81300000003}” = Adobe Reader 8.1.3 - Dansk
“{AC76BA86-7AD7-5464-3428-800000000003}” = Spelling Dictionaries Support For Adobe Reader 8
“{B143D835-EBAF-4A39-8B31-1868FF4166C1}” = AVG 2012
“{B29AFF1C-2038-3698-3700-6F45AED74B65}” = Catalyst Control Center Localization Italian
“{B69349AE-2D41-3708-8BA4-4DC22645CA04}” = Microsoft .NET Framework 3.5 Language Pack SP1 - dan
“{B6B1732B-6C5F-B550-ABE9-4AEDD5A5A581}” = Catalyst Control Center Localization Norwegian
“{BD8CAF36-1249-2F27-7848-2B127C5A1C1C}” = CCC Help Polish
“{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}” = TOSHIBA ConfigFree
“{BED41E60-49EB-E452-BA61-D468EDA95193}” = CCC Help Russian
“{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}” = Microsoft .NET Framework 2.0 Service Pack 2
“{C151CE54-E7EA-4804-854B-F515368B0798}” = AMD Processor Driver
“{C372AFF6-B51C-B6D7-0DED-6D4A4AF058A8}” = CCC Help Greek
“{C3A32068-8AB1-4327-BB16-BED9C6219DC7}” = Atheros Driver Installation Program
“{C852C0FF-CDF5-43F9-A75E-CB99410FF602}” = Toshiba Utility
“{C950420B-4182-49EA-850A-A6A2ABF06C6B}” = Marvell Miniport Driver
“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1
“{CC6CA802-CC88-0BDF-E0CD-54E99A7B16C7}” = CCC Help Finnish
“{CD616D0D-48E4-4B6E-AACA-76ABA3147057}” = Soluto
“{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}” = Microsoft .NET Framework 3.5 SP1
“{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}” = Bluetooth Stack for Windows by Toshiba
“{CF7F68E6-3F8A-11D8-A880-000C29DFB84B}” = SkoleKom FirstClass® Klient 7.112 DK
“{D49B3A92-3893-5D45-2374-EA338C4B72AD}” = CCC Help Italian
“{D7A1BF13-4DA3-4391-855D-D61ADADF74A6}_is1” = Full Video Converter Free 9
“{D9AE0772-833B-45DF-435E-51E9A38B6406}” = Catalyst Control Center Core Implementation
“{DCE5C2DE-3B97-448B-BD08-57933AB9540A}” = Machete Lite 3.8
“{DFCB15E0-969C-3E74-8654-F5978478E876}” = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DAN
“{E095672B-CCCF-B13F-9C86-28CB82B876E9}” = CCC Help Dutch
“{E0B4C820-A674-58B4-D0A3-2D5EB902EB3A}” = Catalyst Control Center Localization Russian
“{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}” = Windows Media Encoder 9 Series
“{E5A6D2DC-FE4F-95E3-0C19-46DEBAD16711}” = Catalyst Control Center Localization Polish
“{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}” = TOSHIBA SD Memory Utilities
“{F2DE4232-0442-9B24-0731-B4F9B20B3177}” = Catalyst Control Center Localization Japanese
“{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}” = Eraser
“{FA9A4942-43E4-7A16-2ECC-4DE76CFB1D11}” = Catalyst Control Center Localization Portuguese
“{FFEC2C25-9AD2-2BA2-BFB0-D79FD96BB94C}” = Catalyst Control Center Localization Turkish
“{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}” = Apple Mobile Device Support
“Activation Assistant for the 2007 Microsoft Office suites” = Activation Assistant for the 2007 Microsoft Office suites
“Adobe Flash Player ActiveX” = Adobe Flash Player 11 ActiveX
“Adobe Flash Player Plugin” = Adobe Flash Player 10 Plugin
“All ATI Software” = ATI - Afinstalleringsværktøj for software
“AsfTools 3.1” = AsfTools 3.1 (remove only)
“ATI Display Driver” = ATI Display Driver
“AVG” = AVG 2012
“BestPractice” = BestPractice (remove only)
“CCleaner” = CCleaner
“CNXT_AUDIO_HDA” = Conexant HD Audio
“CNXT_MODEM_HDAUDIO_HERMOSA_HSF” = HDAUDIO Soft Data Fax Modem with SmartCP
“E77704EF5E71F4F18CADFBFA68595AFE036D5D97” = Windows-driverpakke - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
“Eraser” = Eraser
“Eusing Free Registry Cleaner” = Eusing Free Registry Cleaner
“Free Video Dub_is1” = Free Video Dub version 1.4
“FreeCommander_is1” = FreeCommander 2008.06c
“HijackThis” = HijackThis 2.0.2
“IDNMitigationAPIs” = Microsoft Internationalized Domain Names Mitigation APIs
“ie7” = Windows Internet Explorer 7
“InstallShield_{0C0A2D69-7F51-4B77-B64E-AB405AC446BE}” = Toshiba Controls Utility
“InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}” = TOSHIBA PC Diagnostic Tool
“InstallShield_{5691A25E-C05B-4E0F-87DA-E80869F756C2}” = Toshiba Hotkey Utility
“InstallShield_{576420A5-E1F0-4C09-A07C-F689082E666F}” = Toshiba Touchpad Utility
“InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}” = OLYMPUS ib
“InstallShield_{C852C0FF-CDF5-43F9-A75E-CB99410FF602}” = Toshiba Utility
“IrfanView” = IrfanView (remove only)
“KLiteCodecPack_is1” = K-Lite Codec Pack 4.7.0 (Full)
“Malwarebytes’ Anti-Malware_is1” = Malwarebytes Anti-Malware version 1.62.0.1300
“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1
“Microsoft .NET Framework 3.5 Language Pack SP1 - dan” = Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
“Microsoft .NET Framework 3.5 SP1” = Microsoft .NET Framework 3.5 SP1
“MSCompPackV1” = Microsoft Compression Client Pack 1.0 for Windows XP
“NLSDownlevelMapping” = Microsoft National Language Support Downlevel APIs
“PROHYBRIDR” = 2007 Microsoft Office system
“RealPlayer 6.0” = RealPlayer
“ST5UNST #1” = Chord Pro Manager
“Uninstall_is1” = Uninstall 1.0.0.1
“VLC media player” = VLC media player 1.1.11
“Wdf01007” = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
“Windows Media Encoder 9” = Windows Media Encoder 9 Series
“Windows Media Format Runtime” = Windows Media Format 11 runtime
“WinRAR archiver” = WinRAR archiver
“WMFDist11” = Windows Media Format 11 runtime
“Works” = Microsoft Works 4.5
“Wudf01000” = Microsoft User-Mode Driver Framework Feature Pack 1.0
“XPSEPSCLP” = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3277386681-160039827-3421441214-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“Google Chrome” = Google Chrome
“StationRipper” = StationRipper 2.98.4

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28-06-2012 17:48:35 | Computer Name = NYTOSHIBA | Source = ESENT | ID = 473
Description = Catalog Database (368) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
was partially detached.  Error -1032 encountered updating database headers.

Error - 29-06-2012 07:47:22 | Computer Name = NYTOSHIBA | Source = crypt32 | ID = 131080
Description = Automatisk opdateringshentning af sekvensnummer for tredjepartsrodliste
mislykkedes fra <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
med fejlen Handlingen returnerede fordi timeout-perioden udløb. 

Error - 29-06-2012 07:47:23 | Computer Name = NYTOSHIBA | Source = crypt32 | ID = 131080
Description = Automatisk opdateringshentning af sekvensnummer for tredjepartsrodliste
mislykkedes fra <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
med fejlen Handlingen returnerede fordi timeout-perioden udløb. 

Error - 29-06-2012 07:47:23 | Computer Name = NYTOSHIBA | Source = crypt32 | ID = 131080
Description = Automatisk opdateringshentning af sekvensnummer for tredjepartsrodliste
mislykkedes fra <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
med fejlen Handlingen returnerede fordi timeout-perioden udløb. 

Error - 29-06-2012 07:47:30 | Computer Name = NYTOSHIBA | Source = crypt32 | ID = 131080
Description = Automatisk opdateringshentning af sekvensnummer for tredjepartsrodliste
mislykkedes fra <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
med fejlen Handlingen returnerede fordi timeout-perioden udløb. 

Error - 29-06-2012 21:04:12 | Computer Name = NYTOSHIBA | Source = ESENT | ID = 490
Description = svchost (348) An attempt to open the file “C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb”
for read / write access failed with system error 32 (0x00000020): “Processen kan
ikke få adgang til filen, da den bruges af en anden proces. “.  The open file operation
will fail with error -1032 (0xfffffbf8).

Error - 25-07-2012 06:22:28 | Computer Name = NYTOSHIBA | Source = ESENT | ID = 490
Description = svchost (340) An attempt to open the file “C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb”
for read / write access failed with system error 32 (0x00000020): “Processen kan
ikke få adgang til filen, da den bruges af en anden proces. “.  The open file operation
will fail with error -1032 (0xfffffbf8).

Error - 25-07-2012 06:22:36 | Computer Name = NYTOSHIBA | Source = ESENT | ID = 490
Description = svchost (340) An attempt to open the file “C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb”
for read / write access failed with system error 32 (0x00000020): “Processen kan
ikke få adgang til filen, da den bruges af en anden proces. “.  The open file operation
will fail with error -1032 (0xfffffbf8).

Error - 25-07-2012 17:15:07 | Computer Name = NYTOSHIBA | Source = ESENT | ID = 490
Description = svchost (340) An attempt to open the file “C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb”
for read / write access failed with system error 32 (0x00000020): “Processen kan
ikke få adgang til filen, da den bruges af en anden proces. “.  The open file operation
will fail with error -1032 (0xfffffbf8).

Error - 26-07-2012 19:33:27 | Computer Name = NYTOSHIBA | Source = ESENT | ID = 490
Description = svchost (340) An attempt to open the file “C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb”
for read / write access failed with system error 32 (0x00000020): “Processen kan
ikke få adgang til filen, da den bruges af en anden proces. “.  The open file operation
will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 29-07-2012 19:14:18 | Computer Name = NYTOSHIBA | Source = Service Control Manager | ID = 7026
Description = Følgende boot-start- eller system-start-driver kunne ikke indlæses:
  SASDIFSV SASKUTIL

Error - 29-07-2012 19:21:02 | Computer Name = NYTOSHIBA | Source = Service Control Manager | ID = 7003
Description = Tjenesten DHCP-klientprogram afhænger af følgende ikke-eksisterende
tjeneste: NetBT

Error - 29-07-2012 19:21:02 | Computer Name = NYTOSHIBA | Source = Service Control Manager | ID = 7003
Description = Tjenesten Tjenesten TCP/IP NetBIOS Helper afhænger af følgende ikke-eksisterende
tjeneste: NetBT

Error - 29-07-2012 19:21:02 | Computer Name = NYTOSHIBA | Source = Service Control Manager | ID = 7000
Description = Tjenesten AVG Free WatchDog kunne ikke starte pga. følgende fejl:
  %%3

Error - 29-07-2012 19:21:06 | Computer Name = NYTOSHIBA | Source = Service Control Manager | ID = 7026
Description = Følgende boot-start- eller system-start-driver kunne ikke indlæses:
  SASDIFSV SASKUTIL Soluto

Error - 29-07-2012 19:28:02 | Computer Name = NYTOSHIBA | Source = Service Control Manager | ID = 7003
Description = Tjenesten DHCP-klientprogram afhænger af følgende ikke-eksisterende
tjeneste: NetBT

Error - 29-07-2012 19:28:02 | Computer Name = NYTOSHIBA | Source = Service Control Manager | ID = 7003
Description = Tjenesten Tjenesten TCP/IP NetBIOS Helper afhænger af følgende ikke-eksisterende
tjeneste: NetBT

Error - 29-07-2012 19:28:02 | Computer Name = NYTOSHIBA | Source = Service Control Manager | ID = 7000
Description = Tjenesten AVG Free WatchDog kunne ikke starte pga. følgende fejl:
  %%3

Error - 29-07-2012 19:28:05 | Computer Name = NYTOSHIBA | Source = Service Control Manager | ID = 7026
Description = Følgende boot-start- eller system-start-driver kunne ikke indlæses:
  SASDIFSV SASKUTIL Soluto

Error - 29-07-2012 19:30:51 | Computer Name = NYTOSHIBA | Source = Service Control Manager | ID = 7000
Description = Tjenesten Soluto kunne ikke starte pga. følgende fejl:  %1


< End of report >

Administrator
Antal indlæg: 8603

Vil du godt åbne OTL.txt, finde linien med Files - Modified Within 30 Days og kopiere det under herind.

Signatur

Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !

  strato
Antal indlæg: 84

Her er det ønskede:


========== Files - Modified Within 30 Days ==========

[2012-07-30 13:36:02 | 000,597,504 |——| M] (OldTimer Tools)—C:\Documents and Settings\JH\Skrivebord\OTL.exe
[2012-07-30 12:20:12 | 000,001,012 |——| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3277386681-160039827-3421441214-1005UA.job
[2012-07-30 01:28:11 | 000,001,158 |——| M] ()—C:\WINDOWS\System32\wpa.dbl
[2012-07-30 01:25:26 | 000,002,048 |—S- | M] ()—C:\WINDOWS\bootstat.dat
[2012-07-30 01:25:16 | 2951,065,600 | -HS- | M] ()—C:\hiberfil.sys
[2012-07-30 01:20:00 | 000,000,960 |——| M] ()—C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3277386681-160039827-3421441214-1005Core.job
[2012-07-29 13:19:35 | 102,437,983 |——| M] ()—C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012-07-25 23:13:39 | 000,332,704 |——| M] ()—C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012-07-18 00:32:09 | 000,000,687 |——| M] ()—C:\Documents and Settings\All Users\Skrivebord\AVG 2012.lnk
[2012-07-12 22:59:58 | 000,000,763 |——| M] ()—C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012-07-12 22:54:19 | 000,271,784 |——| M] ()—C:\WINDOWS\System32\FNTCACHE.DAT
[2012-07-12 22:30:28 | 000,001,374 |——| M] ()—C:\WINDOWS\imsins.BAK
[2012-07-12 22:20:38 | 000,002,293 |——| M] ()—C:\Documents and Settings\JH\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-07-12 22:14:34 | 000,491,650 |——| M] ()—C:\WINDOWS\System32\perfh006.dat
[2012-07-12 22:14:34 | 000,444,370 |——| M] ()—C:\WINDOWS\System32\perfh009.dat
[2012-07-12 22:14:34 | 000,099,838 |——| M] ()—C:\WINDOWS\System32\perfc006.dat
[2012-07-12 22:14:34 | 000,072,628 |——| M] ()—C:\WINDOWS\System32\perfc009.dat
[2012-07-03 13:46:44 | 000,022,344 |——| M] (Malwarebytes Corporation)—C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012-05-12 00:09:07 | 008,993,296 |——| C] ()—C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
[2012-02-16 01:32:31 | 000,003,072 |——| C] ()—C:\WINDOWS\System32\iacenc.dll
[2012-02-11 23:45:32 | 000,000,187 |——| C] ()—C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011-12-13 15:31:25 | 000,000,000 |——| C] ()—C:\WINDOWS\ToDisc.INI
[2011-10-31 22:38:23 | 000,000,040 |——| C] ()—C:\WINDOWS\BO5170DN.INI
[2011-10-31 22:38:22 | 000,000,030 |——| C] ()—C:\WINDOWS\System32\brss01a.ini
[2011-10-31 22:38:21 | 000,000,410 |——| C] ()—C:\WINDOWS\BRWMARK.INI
[2011-10-31 22:38:21 | 000,000,026 |——| C] ()—C:\WINDOWS\BRPP2KA.INI
[2011-06-24 02:00:25 | 000,459,208 |——| C] ()—C:\WINDOWS\System32\prfh0406.dat
[2011-06-24 02:00:25 | 000,083,802 |——| C] ()—C:\WINDOWS\System32\prfc0406.dat
[2011-04-20 02:33:50 | 000,000,664 |——| C] ()—C:\WINDOWS\System32\d3d9caps.dat
[2010-11-29 03:41:41 | 000,000,754 |——| C] ()—C:\WINDOWS\WORDPAD.INI
[2010-08-10 19:48:35 | 000,000,000 |——| C] ()—C:\Documents and Settings\JH\ip.tx
[2009-07-18 22:22:03 | 4294,967,271 |——| C] ()—C:\Documents and Settings\JH\USK99
[2009-06-16 00:40:14 | 000,313,344 |——| C] ()—C:\Programmer\hjsplit.exe
[2009-02-17 18:38:01 | 000,085,504 |——| C] ()—C:\Documents and Settings\JH\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-02-15 04:30:06 | 000,000,131 |——| C] ()—C:\Documents and Settings\JH\Lokale indstillinger\Application Data\fusioncache.dat

========== LOP Check ==========

[2009-02-15 11:41:53 | 000,000,000 |—-D | M]—C:\Documents and Settings\Administrator\Application Data\TMP
[2009-02-15 11:42:00 | 000,000,000 |—-D | M]—C:\Documents and Settings\Administrator\Application Data\toshiba
[2011-10-12 19:01:00 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\AVG2012
[2010-11-26 22:41:04 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\avg9
[2010-11-26 22:49:11 | 000,000,000 | -H-D | M]—C:\Documents and Settings\All Users\Application Data\Common Files
[2009-07-09 13:55:23 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\e-Safekey
[2009-12-14 14:40:26 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\F-Secure
[2012-07-29 13:19:47 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\MFAData
[2012-06-22 14:46:38 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\Soluto
[2009-02-15 11:42:04 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009-12-17 01:30:40 | 000,000,000 |—-D | M]—C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009-09-26 22:43:36 | 000,000,000 | -H-D | M]—C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
[2009-02-15 11:41:53 | 000,000,000 |—-D | M]—C:\Documents and Settings\Default User\Application Data\TMP
[2009-02-15 11:42:00 | 000,000,000 |—-D | M]—C:\Documents and Settings\Default User\Application Data\toshiba
[2011-05-25 14:36:24 | 000,000,000 |—-D | M]—C:\Documents and Settings\JH\Application Data\AVG
[2011-10-12 18:45:34 | 000,000,000 |—-D | M]—C:\Documents and Settings\JH\Application Data\AVG2012
[2009-10-13 23:19:57 | 000,000,000 |—-D | M]—C:\Documents and Settings\JH\Application Data\FirstClass
[2011-12-21 18:53:33 | 000,000,000 |—-D | M]—C:\Documents and Settings\JH\Application Data\Full
[2010-01-10 12:16:31 | 000,000,000 |—-D | M]—C:\Documents and Settings\JH\Application Data\InterVideo
[2011-12-16 01:54:53 | 000,000,000 |—-D | M]—C:\Documents and Settings\JH\Application Data\Machete Lite
[2009-02-15 11:41:53 | 000,000,000 |—-D | M]—C:\Documents and Settings\JH\Application Data\TMP
[2009-03-02 14:18:58 | 000,000,000 |—-D | M]—C:\Documents and Settings\JH\Application Data\toshiba
[2010-12-12 02:17:06 | 000,000,000 |—-D | M]—C:\Documents and Settings\JH\Application Data\TrueCrypt

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008-04-15 14:00:00 | 001,034,752 |——| M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D—C:\WINDOWS\ERDNT\cache\explorer.exe
[2008-04-15 14:00:00 | 001,034,752 |——| M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D—C:\WINDOWS\explorer.exe
[2008-04-15 14:00:00 | 001,034,752 |——| M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D—C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES >
[2008-04-15 14:00:00 | 000,007,121 |——| M] () MD5=1E69A758C46292C470ADA77FC147029C—C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2008-04-15 14:00:00 | 000,002,013 |——| M] () MD5=CEDB45EA7828101989AA4E0E9C1B90AE—C:\I386\SERVICES._

< MD5 for: SERVICES.EX_ >
[2008-04-15 14:00:00 | 000,050,007 |——| M] () MD5=6D04D388D0DE36A554B83DFB3756C9B9—C:\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009-02-09 13:25:40 | 000,110,592 |——| M] (Microsoft Corporation) MD5=32F091E3425759B126760F44B5E931C9—C:\WINDOWS\ERDNT\cache\services.exe
[2009-02-09 13:25:40 | 000,110,592 |——| M] (Microsoft Corporation) MD5=32F091E3425759B126760F44B5E931C9—C:\WINDOWS\system32\dllcache\services.exe
[2009-02-09 13:25:40 | 000,110,592 |——| M] (Microsoft Corporation) MD5=32F091E3425759B126760F44B5E931C9—C:\WINDOWS\system32\services.exe
[2009-02-09 13:18:41 | 000,110,592 |——| M] (Microsoft Corporation) MD5=F8BCC407FCB4CDBF17163FAE3C820D80—C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

< MD5 for: SERVICES.MS_ >
[2008-04-15 14:00:00 | 000,003,643 |——| M] () MD5=C6D40763F45373B6723BE7DF65D1E708—C:\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2008-04-15 14:00:00 | 000,033,075 |——| M] () MD5=CF09D7C1F7BC198C080C2603AFF7EAAE—C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008-04-15 14:00:00 | 000,014,336 |——| M] (Microsoft Corporation) MD5=555F8F4CB284FE94059DCACF6074F9EC—C:\WINDOWS\ERDNT\cache\svchost.exe
[2008-04-15 14:00:00 | 000,014,336 |——| M] (Microsoft Corporation) MD5=555F8F4CB284FE94059DCACF6074F9EC—C:\WINDOWS\system32\dllcache\svchost.exe
[2008-04-15 14:00:00 | 000,014,336 |——| M] (Microsoft Corporation) MD5=555F8F4CB284FE94059DCACF6074F9EC—C:\WINDOWS\system32\svchost.exe
[2012-07-03 13:46:42 | 000,217,672 |——| M] () MD5=8A7F34F0BBD076EC3815680A7309114F—C:\Programmer\Malwarebytes’ Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008-04-14 09:06:06 | 000,026,112 |——| M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772—C:\WINDOWS\ERDNT\cache\userinit.exe
[2008-04-14 09:06:06 | 000,026,112 |——| M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772—C:\WINDOWS\system32\dllcache\userinit.exe
[2008-04-14 09:06:06 | 000,026,112 |——| M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772—C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012-07-03 13:46:42 | 000,217,672 |——| M] () MD5=8A7F34F0BBD076EC3815680A7309114F—C:\Programmer\Malwarebytes’ Anti-Malware\Chameleon\winlogon.exe
[2008-04-15 14:00:00 | 000,507,904 |——| M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B—C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008-04-15 14:00:00 | 000,507,904 |——| M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B—C:\WINDOWS\system32\dllcache\winlogon.exe
[2008-04-15 14:00:00 | 000,507,904 |——| M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B—C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemroot%\*. /mp /s >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >

Administrator
Antal indlæg: 8603

Hent og gem Farbar Service Scanner på den “syge” PC.

Start den og sæt flueben i følgende.

Internet Services

Windows Firewall

System Restore

Security Center/Action Center

Windows Update

Windows Defender

Other Services

Klik på Scan.

Den laver en log (FSS.txt). Kopier den herind i dit næste indlæg.

Signatur

Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !

  strato
Antal indlæg: 84

Her er så Farbar loggen:

Farbar Service Scanner Version: 26-07-2012
Ran by JH (administrator) on 30-07-2012 at 20:36:39
Running from “C:\Documents and Settings\JH\Skrivebord”
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

NetBt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open NetBt registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll
[2008-07-08 13:11] - [2008-04-15 14:00] - 0126976 ____A (Microsoft Corporation) A6E52FA9ADA7F92DEF4206C0F64F6784

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

ATTENTION!=====> C:\WINDOWS\system32\Drivers\netbt.sys FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll
[2008-07-08 13:11] - [2009-04-20 19:19] - 0045568 ____A (Microsoft Corporation) 42970873BC779A19C2BAAD3FC0D5833A

C:\WINDOWS\system32\ipnathlp.dll
[2008-07-08 13:11] - [2008-04-15 14:00] - 0331776 ____A (Microsoft Corporation) 27BB7647B600A43147AA2D2C297660F0

C:\WINDOWS\system32\netman.dll
[2008-07-08 13:11] - [2008-04-15 14:00] - 0198144 ____A (Microsoft Corporation) 7B4A4A94389364565C2334A82FCDDF67

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-07-08 13:21] - [2008-04-15 14:00] - 0145408 ____A (Microsoft Corporation) C16C23396F1C1BA7D170C54EC4E78F1B

C:\WINDOWS\system32\srsvc.dll
[2008-07-08 13:22] - [2008-04-15 14:00] - 0171008 ____A (Microsoft Corporation) 1E8F91A7CD08BDB7482746F97365E12E

C:\WINDOWS\system32\Drivers\sr.sys
[2008-07-08 13:22] - [2008-04-15 14:00] - 0073344 ____A (Microsoft Corporation) B3ECB8B07F7991132C71C1B16A82FFE3

C:\WINDOWS\system32\wscsvc.dll
[2008-07-08 13:11] - [2008-04-15 14:00] - 0080896 ____A (Microsoft Corporation) BC71BC51DD57E792851D31795F3EDBF1

C:\WINDOWS\system32\wbem\WMIsvc.dll
[2008-07-08 13:21] - [2008-04-15 14:00] - 0145408 ____A (Microsoft Corporation) C16C23396F1C1BA7D170C54EC4E78F1B

C:\WINDOWS\system32\wuauserv.dll
[2008-07-08 13:22] - [2008-04-15 14:00] - 0006656 ____A (Microsoft Corporation) 2BC349942C6CE07736F78BEC266816CE

C:\WINDOWS\system32\qmgr.dll
[2008-07-08 13:22] - [2008-04-15 14:00] - 0409088 ____A (Microsoft Corporation) 51C84408E87A52187E25D839C58BDC45

C:\WINDOWS\system32\es.dll
[2008-07-08 13:11] - [2008-07-07 22:29] - 0253952 ____A (Microsoft Corporation) 72B9667D6F9FF2A85FCC43FDD7C8ED9F

C:\WINDOWS\system32\cryptsvc.dll
[2008-07-08 13:11] - [2008-04-15 14:00] - 0062464 ____A (Microsoft Corporation) 325D42794A21D1717B98F354ACF499E2

C:\WINDOWS\system32\svchost.exe
[2008-07-08 13:11] - [2008-04-15 14:00] - 0014336 ____A (Microsoft Corporation) 555F8F4CB284FE94059DCACF6074F9EC

C:\WINDOWS\system32\rpcss.dll
[2008-07-08 13:11] - [2009-02-09 12:53] - 0401408 ____A (Microsoft Corporation) 059187B38452A01BB3B397691DDF3552

C:\WINDOWS\system32\services.exe
[2008-07-08 13:11] - [2009-02-09 13:25] - 0110592 ____A (Microsoft Corporation) 32F091E3425759B126760F44B5E931C9


Extra List:
=======
Avgtdix(11) Gpc(6) IPSec(4) PSched(7) Tcpip(3) WSIMD(9)
0x0C00000004000000010000000200000003000000560000000B00000005000000080000000600000007000000090000000A000000
IpSec Tag value is correct.

**** End of log ****

Administrator
Antal indlæg: 8603

Du mangler en systemfil, så jeg vil gerne se hvad ComboFix finder.

Hent og gem ComboFix på dit skrivebord. <- Vigtigt

Kør så ComboFix og følg anvisningerne.

Da ComboFix kan konflikte med dine sikkerhedsprogrammer, er det vigtigt at du deaktiverer dem. <- Vigtigt

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her: C:\ComboFix.txt

Får du noget der ligner denne fejl.

Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning

Så genstart, en gang mere, det burde løse det.

Signatur

Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !

  strato
Antal indlæg: 84

Yes, så lykkedes det, forbindelse til nettet. Herligt.

Under oprettelsen af logfilen blandede AVG sig pludselig med en meddelelse om at den havde opdaget noget malware, som den kaldte “IDP.Trojan.E13F31C”. AVG anbefalede at flytte den til virus vault, så det gjorde jeg. AVG var ellers deaktiveret, men kun til efter genstart. Håber ikke det betyder noget.

Og her er så logfilen:


ComboFix 12-07-30.01 - JH 30-07-2012 23:21:13.15.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.2814.2036 [GMT 2:00]
Kører fra: c:\documents and settings\JH\Skrivebord\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\netbt.sys was missing
Genskabt kopi fra - c:\windows\system32\dllcache\netbt.sys
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-06-28 til 2012-07-30 )))))))))))))))))))))))))))))))))))
.
.
2012-07-30 21:35 . 2008-04-15 12:00   162816   -c—a-w-  c:\windows\system32\dllcache\netbt.sys
2012-07-30 21:35 . 2008-04-15 12:00   162816   ——a-w-  c:\windows\system32\drivers\netbt.sys
2012-07-13 21:08 . 2012-07-13 21:08   476976   ——a-w-  c:\windows\system32\npdeployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 21:08 . 2008-07-08 11:49   73728   ——a-w-  c:\windows\system32\javacpl.cpl
2012-07-13 21:08 . 2011-08-26 16:08   472880   ——a-w-  c:\windows\system32\deployJava1.dll
2012-07-03 11:46 . 2012-06-20 23:57   22344   ——a-w-  c:\windows\system32\drivers\mbam.sys
2012-06-13 13:55 . 2008-07-08 11:11   1866112   ——a-w-  c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-07-08 11:11   1372672   ——a-w-  c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-07-08 11:11   1172480   ——a-w-  c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-07-08 11:11   152576   ——a-w-  c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-10-16 13:07   15384   ——a-w-  c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-07-08 11:22   329240   ——a-w-  c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-07-08 11:22   219160   ——a-w-  c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-07-08 11:22   210968   ——a-w-  c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-10-16 13:09   45080   ——a-w-  c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-07-08 11:22   53784   ——a-w-  c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-07-08 11:22   35864   ——a-w-  c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-07-08 11:11   97304   ——a-w-  c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 13:07   18456   ——a-w-  c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-07-08 11:22   577048   ——a-w-  c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-10-16 13:08   23064   ——a-w-  c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-10-16 13:08   15896   ——a-w-  c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-07-08 11:22   1933848   ——a-w-  c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2011-05-30 09:28   17648   ——a-w-  c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2011-05-30 09:28   275696   ——a-w-  c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-05-30 09:28   214256   ——a-w-  c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2008-07-08 11:11   602112   ——a-w-  c:\windows\system32\crypt32.dll
2012-05-15 15:36 . 2008-07-08 11:11   832512   ——a-w-  c:\windows\system32\wininet.dll
2012-05-05 03:14 . 2008-04-14 08:45   2029056   ——a-w-  c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2008-04-14 08:44   2150912   ——a-w-  c:\windows\system32\ntoskrnl.exe
2012-05-02 13:47 . 2008-07-08 11:21   139656   ——a-w-  c:\windows\system32\drivers\rdpwd.sys
2007-07-06 16:39 . 2009-06-16 20:59   401720   ——a-w-  c:\programmer\HJTrenamed.exe
2007-02-01 16:02 . 2009-06-15 22:40   313344   ——a-w-  c:\programmer\hjsplit.exe
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“TOSCDSPD”=“c:\programmer\TOSHIBA\TOSCDSPD\toscdspd.exe” [2005-04-12 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CFSServ.exe”=“CFSServ.exe -NoClient” [X]
“NDSTray.exe”=“NDSTray.exe” [BU]
“TPSMain”=“TPSMain.exe” [2008-02-06 271672]
“SmoothView”=“c:\programmer\TOSHIBA\TOSHIBA-zoomfunktion\SmoothView.exe” [2007-05-11 143360]
“DDWMon”=“c:\programmer\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe” [2007-04-26 495616]
“StartCCC”=“c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2008-01-21 61440]
“Apoint”=“c:\programmer\Apoint2K\Apoint.exe” [2007-12-15 184320]
“Toshiba Controls Utility”=“c:\programmer\TOSHIBA\Controls\VolumeIndicator.exe” [2008-02-01 77824]
“ACU”=“c:\programmer\Atheros\ACU.exe” [2008-04-14 450648]
“AVG_TRAY”=“c:\programmer\AVG\AVG2012\avgtray.exe” [2012-04-05 2587008]
“Malwarebytes’ Anti-Malware”=“c:\programmer\Malwarebytes’ Anti-Malware\mbamgui.exe” [2012-07-03 462920]
“Soluto”=“c:\programmer\Soluto\soluto.exe” [2012-04-24 1716784]
“SunJavaUpdateSched”=“c:\programmer\Fælles filer\Java\Java Update\jusched.exe” [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“AvgUninstallURL”=“start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctNjYwNDAwMzMyLUJBKzEtS1YzKzctVDMtRlA5KzYtVEI5KzItRkwrOS1GMTBNKzUtWDIwMTArMi1RSVgxKzQtTElDKzc3LVNQMSsxLUZMMTArMS1UVUcrMy1TUDFTMisxLVNVRCsxLVMxSSsxLVNVMysxLUREVCsw&prod=55&ver=10.0.1382” [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@=“Service”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Programmer\\Toshiba\\ConfigFree\\NDSTray.exe”=
“c:\\Programmer\\Bonjour\\mDNSResponder.exe”=
“c:\\Programmer\\iTunes\\iTunes.exe”=
“c:\\Programmer\\Toshiba\\ConfigFree\\CFXFER.exe”=
“c:\\Programmer\\Ratajik Software\\StationRipper\\StationRipperConsole.exe”=
“c:\\Z\\programmer downloaded\\solutoinstaller.exe”=
“c:\\Programmer\\Soluto\\Soluto.exe”=
“c:\\Programmer\\Soluto\\SolutoService.exe”=
“c:\\Programmer\\Soluto\\SolutoConsole.exe”=
“c:\\Programmer\\Soluto\\SolutoUpdateService.exe”=
“c:\\Programmer\\AVG\\AVG2012\\avgmfapx.exe”=
“c:\\Programmer\\AVG\\AVG2012\\avgnsx.exe”=
“c:\\Programmer\\AVG\\AVG2012\\avgdiagex.exe”=
“c:\\Programmer\\AVG\\AVG2012\\avgemcx.exe”=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [08-07-2008 13:11 172040]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-04-2012 04:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16-03-2011 16:03 31952]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [30-04-2012 22:25 51144]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07-01-2011 06:41 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [05-04-2011 00:59 301248]
R2 avgwd;AVG WatchDog;c:\programmer\AVG\AVG2012\avgwdsvc.exe [14-02-2012 04:53 193288]
R2 MBAMService;MBAMService;c:\programmer\Malwarebytes’ Anti-Malware\mbamservice.exe [21-06-2012 01:57 655944]
R2 SolutoService;Soluto PCGenome Core Service;c:\programmer\Soluto\SolutoService.exe [24-04-2012 17:32 584224]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26-03-2007 12:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19-02-2007 12:15 134016]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [08-07-2008 13:33 732160]
R3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys—> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21-06-2012 01:57 22344]
R3 Ndisrd;Ndisrd;c:\windows\system32\drivers\ndisrd.sys [12-08-2010 19:04 20480]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [08-07-2008 13:57 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [29-05-2007 10:01 6912]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\JH\LOKALE~1\Temp\SAS_SelfExtract\SASDIFSV.SYS—> c:\docume~1\JH\LOKALE~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\JH\LOKALE~1\Temp\SAS_SelfExtract\SASKUTIL.SYS—> c:\docume~1\JH\LOKALE~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 avg9wd;AVG Free WatchDog; [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\programmer\AVG\AVG2012\avgidsagent.exe [04-07-2012 17:25 5160568]
.
—- Andre Services/Drivers i Hukommelsen—-
.
*NewlyCreated* - NETBT
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3277386681-160039827-3421441214-1005Core.job
- c:\documents and settings\JH\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2009-11-18 21:49]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3277386681-160039827-3421441214-1005UA.job
- c:\documents and settings\JH\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2009-11-18 21:49]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = <local>
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-30 23:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
——————————- DLLs startet under kørende Processer——————————-
.
- - - - - - - > ‘winlogon.exe’(596)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > ‘explorer.exe’(7892)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
————————————Andre kørende processer————————————
.
c:\windows\system32\Ati2evxx.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\acs.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\system32\TODDSrv.exe
c:\programmer\TOSHIBA\ConfigFree\NDSTray.exe
c:\programmer\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\windows\system32\TPSBattM.exe
c:\programmer\Apoint2K\HidFind.exe
c:\programmer\Apoint2K\Apntex.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\logon.scr
.
**************************************************************************
.
Gennemført tid: 2012-07-30 23:50:26 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-07-30 21:50
.
Pre-Kørsel: 75.281.985.536 byte ledig
Post-Kørsel: 75.380.252.672 byte ledig
.
- - End Of File - - F27737B2F1CE9EFA37C8BD7F0D108239

Administrator
Antal indlæg: 8603

Deaktiver dit sikkerhedprogram, mens du kører disse ->


Download Tdsskiller.zip på dit skrivebord og pak den ud i en mappe.

Start TDSSKiller.exe.

Under “Change parameters” sætter du flueben ved “Detect TDLFS file system”

Klik på “Start Scan”

Hvis en inficeret fil bliver fundet, vil ”Default action” være Cure, klik på Continue
Hvis den finder TDLFS file system, klikker du på Delete.
Hvis en mistænkelig fil opdages, vil ”Default action” være Skip, klik på Continue
Hvis den ikke spørger om ”Reboot” (genstart) så klik på ”Report”, kopier den tekst herind i tråden.

Genstart hvis den kræver det.

Hvis den genstarter kan du finde logfilen her :
C:\TDSSKiller.[Version]_[Dato]_[Tidspunkt]_log.txt.

Kopier den tekst herind I denne tråd. (Den skal nok deles i to)

———

Hent og gem aswMBR på dit Skrivebord.

Start aswMBR og klik på “Scan

Hvis den spørger efter “Avast virus definitioner” klikker du “Yes”

Når den er færdig med at scanne, klikker du på “SAVE LOG” og sender loggen herind.

———

PS Vil du godt gøre det, i den rækkefølge jeg anfører excaim



Signatur

Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !

  strato
Antal indlæg: 84

Hej!

TDSSkiller kørte uden nogen problemer. Her er loggen:


09:53:53.0468 4848   TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:53:53.0750 4848   ============================================================
09:53:53.0750 4848   Current date / time: 2012/07/31 09:53:53.0750
09:53:53.0750 4848   SystemInfo:
09:53:53.0750 4848  
09:53:53.0750 4848   OS Version: 5.1.2600 ServicePack: 3.0
09:53:53.0750 4848   Product type: Workstation
09:53:53.0750 4848   ComputerName: NYTOSHIBA
09:53:53.0750 4848   UserName: JH
09:53:53.0750 4848   Windows directory: C:\WINDOWS
09:53:53.0750 4848   System windows directory: C:\WINDOWS
09:53:53.0750 4848   Processor architecture: Intel x86
09:53:53.0750 4848   Number of processors: 2
09:53:53.0750 4848   Page size: 0x1000
09:53:53.0750 4848   Boot type: Normal boot
09:53:53.0750 4848   ============================================================
09:53:58.0734 4848   Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type ‘K0’, Flags 0x00000058
09:53:58.0734 4848   ============================================================
09:53:58.0734 4848   \Device\Harddisk0\DR0:
09:53:58.0734 4848   MBR partitions:
09:53:58.0734 4848   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
09:53:58.0734 4848   ============================================================
09:53:58.0765 4848   C: <-> \Device\Harddisk0\DR0\Partition0
09:53:58.0765 4848   ============================================================
09:53:58.0765 4848   Initialize success
09:53:58.0765 4848   ============================================================
09:55:09.0265 5052   ============================================================
09:55:09.0265 5052   Scan started
09:55:09.0265 5052   Mode: Manual; TDLFS;
09:55:09.0265 5052   ============================================================
09:55:10.0343 5052   Abiosdsk - ok
09:55:10.0359 5052   abp480n5 - ok
09:55:10.0421 5052   ACPI         (991b6d6fe2a4d70caf76c41334e60926) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:55:10.0437 5052   ACPI - ok
09:55:10.0468 5052   ACPIEC       (6f99fe216de8c4875dbb12937620da0c) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:55:10.0468 5052   ACPIEC - ok
09:55:10.0562 5052   ACS         (2bad567ddba52cc96518b06682e78940) C:\WINDOWS\system32\acs.exe
09:55:10.0578 5052   ACS - ok
09:55:10.0578 5052   adpu160m - ok
09:55:10.0609 5052   aec         (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:55:10.0609 5052   aec - ok
09:55:10.0671 5052   AFD         (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:55:10.0671 5052   AFD - ok
09:55:10.0671 5052   Aha154x - ok
09:55:10.0687 5052   ahcix86       (e9ffaa84d130ec4eaa0f84254bf32da5) C:\WINDOWS\system32\drivers\ahcix86.sys
09:55:10.0703 5052   ahcix86 - ok
09:55:10.0703 5052   aic78u2 - ok
09:55:10.0718 5052   aic78xx - ok
09:55:10.0750 5052   Alerter       (6642db68b97ecb8088fba2d2539fdb7e) C:\WINDOWS\system32\alrsvc.dll
09:55:10.0750 5052   Alerter - ok
09:55:10.0781 5052   ALG         (ab74a1b7500aca7d43d84804cbdf11fb) C:\WINDOWS\System32\alg.exe
09:55:10.0781 5052   ALG - ok
09:55:10.0796 5052   AliIde - ok
09:55:10.0812 5052   AmdPPM       (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
09:55:10.0812 5052   AmdPPM - ok
09:55:10.0828 5052   amsint - ok
09:55:10.0859 5052   ApfiltrService (0e7efa7c472e4643bbf48375a9c94f9b) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
09:55:10.0859 5052   ApfiltrService - ok
09:55:11.0000 5052   Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
09:55:11.0015 5052   Apple Mobile Device - ok
09:55:11.0031 5052   AppMgmt       (e39274e0be87e672211392a4176c4ee6) C:\WINDOWS\System32\appmgmts.dll
09:55:11.0031 5052   AppMgmt - ok
09:55:11.0187 5052   AR5416       (0297af4b89769159058b996c21218421) C:\WINDOWS\system32\DRIVERS\athw.sys
09:55:11.0203 5052   AR5416 - ok
09:55:11.0250 5052   Arp1394       (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:55:11.0250 5052   Arp1394 - ok
09:55:11.0250 5052   asc - ok
09:55:11.0265 5052   asc3350p - ok
09:55:11.0265 5052   asc3550 - ok
09:55:11.0359 5052   aspnet_state   (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:55:11.0359 5052   aspnet_state - ok
09:55:11.0390 5052   AsyncMac     (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:55:11.0390 5052   AsyncMac - ok
09:55:11.0453 5052   atapi       (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:55:11.0453 5052   atapi - ok
09:55:11.0468 5052   Atdisk - ok
09:55:11.0546 5052   Ati HotKey Poller (795b413bee60a410d831946043d228c9) C:\WINDOWS\system32\Ati2evxx.exe
09:55:11.0562 5052   Ati HotKey Poller - ok
09:55:11.0812 5052   ati2mtag     (e168986d07d7c41f63677eea5dd3f95b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:55:11.0875 5052   ati2mtag - ok
09:55:12.0078 5052   Atmarpc       (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:55:12.0078 5052   Atmarpc - ok
09:55:12.0109 5052   AudioSrv     (f6c00138b3f637dde807005b16e61dcc) C:\WINDOWS\System32\audiosrv.dll
09:55:12.0125 5052   AudioSrv - ok
09:55:12.0125 5052   audstub       (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:55:12.0125 5052   audstub - ok
09:55:12.0703 5052   AVGIDSAgent   (d67719bcfde5798f5c30d14efed3bcaf) C:\Programmer\AVG\AVG2012\AVGIDSAgent.exe
09:55:12.0890 5052   AVGIDSAgent - ok
09:55:13.0062 5052   AVGIDSDriver   (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
09:55:13.0078 5052   AVGIDSDriver - ok
09:55:13.0109 5052   AVGIDSFilter   (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
09:55:13.0109 5052   AVGIDSFilter - ok
09:55:13.0140 5052   AVGIDSHX     (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
09:55:13.0140 5052   AVGIDSHX - ok
09:55:13.0156 5052   AVGIDSShim     (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
09:55:13.0171 5052   AVGIDSShim - ok
09:55:13.0218 5052   Avgldx86     (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:55:13.0234 5052   Avgldx86 - ok
09:55:13.0250 5052   Avgmfx86     (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:55:13.0250 5052   Avgmfx86 - ok
09:55:13.0265 5052   Avgrkx86     (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:55:13.0265 5052   Avgrkx86 - ok
09:55:13.0312 5052   Avgtdix       (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:55:13.0328 5052   Avgtdix - ok
09:55:13.0484 5052   avgwd       (ea1145debcd508fd25bd1e95c4346929) C:\Programmer\AVG\AVG2012\avgwdsvc.exe
09:55:13.0484 5052   avgwd - ok
09:55:13.0546 5052   Beep         (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:55:13.0546 5052   Beep - ok
09:55:13.0609 5052   BITS         (51c84408e87a52187e25d839c58bdc45) C:\WINDOWS\system32\qmgr.dll
09:55:13.0671 5052   BITS - ok
09:55:13.0687 5052   BoiHwsetup     (141befbd4f2a84a66e2f54b9e32e40d1) C:\WINDOWS\system32\drivers\BoiHwSetup.sys
09:55:13.0703 5052   BoiHwsetup - ok
09:55:13.0750 5052   Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Programmer\Bonjour\mDNSResponder.exe
09:55:13.0765 5052   Bonjour Service - ok
09:55:13.0812 5052   Brother XP spl Service (cac61bdd786a6928989451871fbcedb8) C:\WINDOWS\system32\brsvc01a.exe
09:55:13.0828 5052   Brother XP spl Service - ok
09:55:13.0859 5052   Browser       (58ad7404c7fee33eb0f3fc2bacd04ff6) C:\WINDOWS\System32\browser.dll
09:55:13.0859 5052   Browser - ok
09:55:13.0875 5052   catchme - ok
09:55:13.0921 5052   cbidf2k       (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:55:13.0921 5052   cbidf2k - ok
09:55:13.0937 5052   CCDECODE     (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:55:13.0937 5052   CCDECODE - ok
09:55:13.0953 5052   cd20xrnt - ok
09:55:13.0968 5052   Cdaudio       (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:55:13.0968 5052   Cdaudio - ok
09:55:14.0000 5052   Cdfs         (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:55:14.0000 5052   Cdfs - ok
09:55:14.0046 5052   Cdrom       (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:55:14.0046 5052   Cdrom - ok
09:55:14.0125 5052   CFSvcs       (3cb0cc8879956c187e87e18634ee5164) C:\Programmer\TOSHIBA\ConfigFree\CFSvcs.exe
09:55:14.0140 5052   CFSvcs - ok
09:55:14.0140 5052   Changer - ok
09:55:14.0203 5052   CiSvc       (1838615c98afa3a0ac1f4b15a113a82f) C:\WINDOWS\system32\cisvc.exe
09:55:14.0203 5052   CiSvc - ok
09:55:14.0218 5052   ClipSrv       (5cea9fbc68fbd66a91e7ef09900ab566) C:\WINDOWS\system32\clipsrv.exe
09:55:14.0218 5052   ClipSrv - ok
09:55:14.0312 5052   clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:55:14.0312 5052   clr_optimization_v2.0.50727_32 - ok
09:55:14.0359 5052   CmBatt       (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:55:14.0375 5052   CmBatt - ok
09:55:14.0375 5052   CmdIde - ok
09:55:14.0468 5052   CnxtHdAudAddService (2d783d33cd64ddbb2171ecfa56249c50) C:\WINDOWS\system32\drivers\CHDAud.sys
09:55:14.0500 5052   CnxtHdAudAddService - ok
09:55:14.0531 5052   Compbatt     (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:55:14.0531 5052   Compbatt - ok
09:55:14.0546 5052   COMSysApp - ok
09:55:14.0562 5052   Cpqarray - ok
09:55:14.0625 5052   cpuz135 - ok
09:55:14.0671 5052   CryptSvc     (325d42794a21d1717b98f354acf499e2) C:\WINDOWS\System32\cryptsvc.dll
09:55:14.0671 5052   CryptSvc - ok
09:55:14.0687 5052   dac2w2k - ok
09:55:14.0703 5052   dac960nt - ok
09:55:14.0781 5052   DcomLaunch     (059187b38452a01bb3b397691ddf3552) C:\WINDOWS\system32\rpcss.dll
09:55:14.0812 5052   DcomLaunch - ok
09:55:14.0875 5052   Dhcp         (a6e52fa9ada7f92def4206c0f64f6784) C:\WINDOWS\System32\dhcpcsvc.dll
09:55:14.0875 5052   Dhcp - ok
09:55:14.0890 5052   Disk         (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:55:14.0890 5052   Disk - ok
09:55:14.0906 5052   dmadmin - ok
09:55:15.0015 5052   dmboot       (8a3088f97b2caa3340bbb068f314e596) C:\WINDOWS\system32\drivers\dmboot.sys
09:55:15.0031 5052   dmboot - ok
09:55:15.0062 5052   dmio         (6d152a2781ffbd6a63a1e58801240e8e) C:\WINDOWS\system32\drivers\dmio.sys
09:55:15.0078 5052   dmio - ok
09:55:15.0093 5052   dmload       (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:55:15.0093 5052   dmload - ok
09:55:15.0125 5052   dmserver     (6428446df3fe5c3b439973fb4c43d38e) C:\WINDOWS\System32\dmserver.dll
09:55:15.0125 5052   dmserver - ok
09:55:15.0140 5052   DMusic       (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:55:15.0156 5052   DMusic - ok
09:55:15.0171 5052   Dnscache     (42970873bc779a19c2baad3fc0d5833a) C:\WINDOWS\System32\dnsrslvr.dll
09:55:15.0187 5052   Dnscache - ok
09:55:15.0218 5052   Dot3svc       (0b8193a12175eae5bc34063a63c49cff) C:\WINDOWS\System32\dot3svc.dll
09:55:15.0218 5052   Dot3svc - ok
09:55:15.0234 5052   dpti2o - ok
09:55:15.0265 5052   drmkaud       (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:55:15.0265 5052   drmkaud - ok
09:55:15.0296 5052   EapHost       (95885ec4562461d3ad78aa6ac714d32f) C:\WINDOWS\System32\eapsvc.dll
09:55:15.0296 5052   EapHost - ok
09:55:15.0312 5052   ERSvc       (396038f82cb672d83e792092319024aa) C:\WINDOWS\System32\ersvc.dll
09:55:15.0312 5052   ERSvc - ok
09:55:15.0375 5052   Eventlog     (32f091e3425759b126760f44b5e931c9) C:\WINDOWS\system32\services.exe
09:55:15.0390 5052   Eventlog - ok
09:55:15.0453 5052   EventSystem   (72b9667d6f9ff2a85fcc43fdd7c8ed9f) C:\WINDOWS\system32\es.dll
09:55:15.0468 5052   EventSystem - ok
09:55:15.0484 5052   Fastfat       (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:55:15.0500 5052   Fastfat - ok
09:55:15.0546 5052   FastUserSwitchingCompatibility (a17d630fabfe7b796cbdbee79f9e6612) C:\WINDOWS\System32\shsvcs.dll
09:55:15.0562 5052   FastUserSwitchingCompatibility - ok
09:55:15.0609 5052   Fdc         (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:55:15.0609 5052   Fdc - ok
09:55:15.0625 5052   Fips         (bb52a20854cf3e8e0474ee7167c7a3a5) C:\WINDOWS\system32\drivers\Fips.sys
09:55:15.0625 5052   Fips - ok
09:55:15.0640 5052   Flpydisk     (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:55:15.0640 5052   Flpydisk - ok
09:55:15.0671 5052   FltMgr       (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:55:15.0671 5052   FltMgr - ok
09:55:15.0765 5052   FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:55:15.0765 5052   FontCache3.0.0.0 - ok
09:55:15.0796 5052   Fs_Rec       (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:55:15.0796 5052   Fs_Rec - ok
09:55:15.0843 5052   Ftdisk       (0a58505b5d0aba661d2ff59cd8cf79b9) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:55:15.0843 5052   Ftdisk - ok
09:55:15.0890 5052   GEARAspiWDM   (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:55:15.0890 5052   GEARAspiWDM - ok
09:55:15.0937 5052   Gpc         (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:55:15.0953 5052   Gpc - ok
09:55:16.0000 5052   HDAudBus     (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:55:16.0000 5052   HDAudBus - ok
09:55:16.0046 5052   helpsvc       (9e256613b0a999ddd2aa889e340cd402) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:55:16.0046 5052   helpsvc - ok
09:55:16.0093 5052   HidServ       (8dbcd76c2a538c26357831dd14cd792f) C:\WINDOWS\System32\hidserv.dll
09:55:16.0093 5052   HidServ - ok
09:55:16.0140 5052   HidUsb       (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:55:16.0140 5052   HidUsb - ok
09:55:16.0187 5052   hkmsvc       (8751c1091af19d3787798da90ffb0902) C:\WINDOWS\System32\kmsvc.dll
09:55:16.0203 5052   hkmsvc - ok
09:55:16.0203 5052   hpn - ok
09:55:16.0265 5052   HSFHWAZL     (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
09:55:16.0281 5052   HSFHWAZL - ok
09:55:16.0390 5052   HSF_DPV       (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
09:55:16.0437 5052   HSF_DPV - ok
09:55:16.0500 5052   HTTP         (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:55:16.0515 5052   HTTP - ok
09:55:16.0562 5052   HTTPFilter     (8e23b6943d42d0be0419f3fffde93a31) C:\WINDOWS\System32\w3ssl.dll
09:55:16.0578 5052   HTTPFilter - ok
09:55:16.0578 5052   i2omgmt - ok
09:55:16.0593 5052   i2omp - ok
09:55:16.0656 5052   i8042prt     (42f890598efb480076558ca3cc151107) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:55:16.0656 5052   i8042prt - ok
09:55:16.0781 5052   IDriverT     (1cf03c69b49acb70c722df92755c0c8c) c:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:55:16.0781 5052   IDriverT - ok
09:55:17.0078 5052   idsvc       (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:55:17.0109 5052   idsvc - ok
09:55:17.0140 5052   Imapi       (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:55:17.0156 5052   Imapi - ok
09:55:17.0203 5052   ImapiService   (f73c9c37d4b7453c2cb7dcfd2640c75f) C:\WINDOWS\system32\imapi.exe
09:55:17.0218 5052   ImapiService - ok
09:55:17.0218 5052   ini910u - ok
09:55:17.0250 5052   IntelIde - ok
09:55:17.0296 5052   Ip6Fw       (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:55:17.0312 5052   Ip6Fw - ok
09:55:17.0343 5052   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:55:17.0343 5052   IpFilterDriver - ok
09:55:17.0375 5052   IpInIp       (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:55:17.0375 5052   IpInIp - ok
09:55:17.0421 5052   IpNat       (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:55:17.0421 5052   IpNat - ok
09:55:17.0578 5052   iPod Service   (7a3611564fce7c8be50b03f58cb3eb7d) C:\Programmer\iPod\bin\iPodService.exe
09:55:17.0593 5052   iPod Service - ok
09:55:17.0625 5052   IPSec       (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:55:17.0640 5052   IPSec - ok
09:55:17.0671 5052   IRENUM       (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:55:17.0671 5052   IRENUM - ok
09:55:17.0718 5052   isapnp       (3ce6ec5903c59223b61f6a0b9b84b022) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:55:17.0718 5052   isapnp - ok
09:55:17.0843 5052   JavaQuickStarterService (28e8a9984ba1297efe44b6138d2ca51e) C:\Programmer\Java\jre6\bin\jqs.exe
09:55:17.0859 5052   JavaQuickStarterService - ok
09:55:17.0875 5052   Kbdclass     (32e823dfd0a7f18cf3b024f78c7aa7dd) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:55:17.0875 5052   Kbdclass - ok
09:55:17.0968 5052   kmixer       (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:55:17.0968 5052   kmixer - ok
09:55:18.0015 5052   KSecDD       (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:55:18.0015 5052   KSecDD - ok
09:55:18.0062 5052   LanmanServer   (f429b46a773ed6b84025c8ea9949188f) C:\WINDOWS\System32\srvsvc.dll
09:55:18.0078 5052   LanmanServer - ok
09:55:18.0140 5052   lanmanworkstation (62d286f1131aad51b6d8d8249a27b8ca) C:\WINDOWS\System32\wkssvc.dll
09:55:18.0156 5052   lanmanworkstation - ok
09:55:18.0171 5052   lbrtfdc - ok
09:55:18.0234 5052   LmHosts       (508c79641eb2256d7b8fd9ed64aa7b53) C:\WINDOWS\System32\lmhsvc.dll
09:55:18.0250 5052   LmHosts - ok
09:55:18.0296 5052   MBAMProtector   (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
09:55:18.0312 5052   MBAMProtector - ok
09:55:18.0406 5052   MBAMService   (43683e970f008c93c9429ef428147a54) C:\Programmer\Malwarebytes’ Anti-Malware\mbamservice.exe
09:55:18.0421 5052   MBAMService - ok
09:55:18.0468 5052   mdmxsdk       (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:55:18.0484 5052   mdmxsdk - ok
09:55:18.0531 5052   Messenger     (6c585d70d270607ff861d762494b25e2) C:\WINDOWS\System32\msgsvc.dll
09:55:18.0546 5052   Messenger - ok
09:55:18.0578 5052   mnmdd       (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:55:18.0578 5052   mnmdd - ok
09:55:18.0640 5052   mnmsrvc       (8184e5463ab9bb8cfb37a28852db16c5) C:\WINDOWS\system32\mnmsrvc.exe
09:55:18.0656 5052   mnmsrvc - ok
09:55:18.0687 5052   Modem       (67ac997db66fdfd07738df58b45cd1b9) C:\WINDOWS\system32\drivers\Modem.sys
09:55:18.0687 5052   Modem - ok
09:55:18.0734 5052   Mouclass     (22774a2ab832972eca2ce227819f5af0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:55:18.0734 5052   Mouclass - ok
09:55:18.0781 5052   mouhid       (39f0a46109b167707018e8889d5fec93) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:55:18.0781 5052   mouhid - ok
09:55:18.0812 5052   MountMgr     (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:55:18.0812 5052   MountMgr - ok
09:55:18.0812 5052   mraid35x - ok
09:55:18.0875 5052   MRxDAV       (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:55:18.0890 5052   MRxDAV - ok
09:55:19.0015 5052   MRxSmb       (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:55:19.0062 5052   MRxSmb - ok
09:55:19.0109 5052   MSDTC       (5375122a1c3abf51a9dbe222398e3a25) C:\WINDOWS\system32\msdtc.exe
09:55:19.0109 5052   MSDTC - ok
09:55:19.0125 5052   Msfs         (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:55:19.0140 5052   Msfs - ok
09:55:19.0140 5052   MSIServer - ok
09:55:19.0218 5052   MSKSSRV       (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:55:19.0218 5052   MSKSSRV - ok
09:55:19.0234 5052   MSPCLOCK     (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:55:19.0234 5052   MSPCLOCK - ok
09:55:19.0250 5052   MSPQM       (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:55:19.0250 5052   MSPQM - ok
09:55:19.0281 5052   mssmbios     (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:55:19.0281 5052   mssmbios - ok
09:55:19.0312 5052   MSTEE       (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:55:19.0328 5052   MSTEE - ok
09:55:19.0375 5052   Mup         (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:55:19.0375 5052   Mup - ok
09:55:19.0406 5052   NABTSFEC     (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:55:19.0421 5052   NABTSFEC - ok
09:55:19.0484 5052   napagent     (8ff76bff355b66e320bc1e4429c22657) C:\WINDOWS\System32\qagentrt.dll
09:55:19.0500 5052   napagent - ok
09:55:19.0546 5052   NDIS         (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:55:19.0562 5052   NDIS - ok
09:55:19.0593 5052   NdisIP       (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:55:19.0593 5052   NdisIP - ok
09:55:19.0625 5052   Ndisrd       (1359b200974395679b092f1d5f63cfa9) C:\WINDOWS\system32\DRIVERS\ndisrd.sys
09:55:19.0640 5052   Ndisrd - ok
09:55:19.0671 5052   NdisTapi     (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:55:19.0671 5052   NdisTapi - ok
09:55:19.0734 5052   Ndisuio       (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:55:19.0734 5052   Ndisuio - ok
09:55:19.0781 5052   NdisWan       (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:55:19.0796 5052   NdisWan - ok
09:55:19.0859 5052   NDProxy       (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:55:19.0859 5052   NDProxy - ok
09:55:19.0937 5052   NetBIOS       (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:55:19.0937 5052   NetBIOS - ok
09:55:19.0984 5052   NetBT       (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\drivers\netbt.sys
09:55:20.0000 5052   NetBT - ok
09:55:20.0046 5052   NetDDE       (1b81d1d833268a82f979cb4cc8f7a4ef) C:\WINDOWS\system32\netdde.exe
09:55:20.0046 5052   NetDDE - ok
09:55:20.0078 5052   NetDDEdsdm     (1b81d1d833268a82f979cb4cc8f7a4ef) C:\WINDOWS\system32\netdde.exe
09:55:20.0078 5052   NetDDEdsdm - ok
09:55:20.0109 5052   Netdevio     (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
09:55:20.0109 5052   Netdevio - ok
09:55:20.0171 5052   Netlogon     (ac9fca8bcd685abdb9928b1964b731a2) C:\WINDOWS\system32\lsass.exe
09:55:20.0171 5052   Netlogon - ok
09:55:20.0203 5052   Netman       (7b4a4a94389364565c2334a82fcddf67) C:\WINDOWS\System32\netman.dll
09:55:20.0218 5052   Netman - ok
09:55:20.0375 5052   NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:55:20.0390 5052   NetTcpPortSharing - ok
09:55:20.0406 5052   NIC1394       (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:55:20.0421 5052   NIC1394 - ok
09:55:20.0468 5052   Nla         (3b0979e9506755266c100f43d3700ca7) C:\WINDOWS\System32\mswsock.dll
09:55:20.0484 5052   Nla - ok
09:55:20.0531 5052   Npfs         (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:55:20.0531 5052   Npfs - ok
09:55:20.0578 5052   Ntfs         (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:55:20.0593 5052   Ntfs - ok
09:55:20.0609 5052   NtLmSsp       (ac9fca8bcd685abdb9928b1964b731a2) C:\WINDOWS\system32\lsass.exe
09:55:20.0609 5052   NtLmSsp - ok
09:55:20.0671 5052   NtmsSvc       (1fe8446399f6044504f569014a2599b3) C:\WINDOWS\system32\ntmssvc.dll
09:55:20.0687 5052   NtmsSvc - ok
09:55:20.0703 5052   Null         (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:55:20.0718 5052   Null - ok
09:55:20.0734 5052   NwlnkFlt     (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:55:20.0734 5052   NwlnkFlt - ok
09:55:20.0765 5052   NwlnkFwd     (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:55:20.0765 5052   NwlnkFwd - ok
09:55:20.0859 5052   o2flash       (d955d5de998db2476bf0892be3a96c26) c:\Programmer\O2Micro Flash Memory Card Driver\o2flash.exe
09:55:20.0859 5052   o2flash - ok
09:55:20.0906 5052   O2MDRDR       (0c95ba8d98c39fba5383461f53254c02) C:\WINDOWS\system32\DRIVERS\o2media.sys
09:55:20.0906 5052   O2MDRDR - ok
09:55:21.0062 5052   odserv       (785f487a64950f3cb8e9f16253ba3b7b) C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE
09:55:21.0078 5052   odserv - ok
09:55:21.0140 5052   ohci1394     (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:55:21.0140 5052   ohci1394 - ok
09:55:21.0187 5052   ose         (5a432a042dae460abe7199b758e8606c) C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE
09:55:21.0203 5052   ose - ok
09:55:21.0265 5052   Parport       (9e048790f33fe5f4fa9d27b5650a1dd5) C:\WINDOWS\system32\drivers\Parport.sys
09:55:21.0281 5052   Parport - ok
09:55:21.0281 5052   PartMgr       (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:55:21.0296 5052   PartMgr - ok
09:55:21.0312 5052   ParVdm       (48e97af5b876301131e9d1b0c43212c3) C:\WINDOWS\system32\drivers\ParVdm.sys
09:55:21.0328 5052   ParVdm - ok
09:55:21.0359 5052   PCI         (5d756da95bd1e2f6e495704715532fdc) C:\WINDOWS\system32\DRIVERS\pci.sys
09:55:21.0359 5052   PCI - ok
09:55:21.0375 5052   PCIDump - ok
09:55:21.0390 5052   PCIIde       (69ce0d409c11347196147ea4c6c02364) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:55:21.0390 5052   PCIIde - ok
09:55:21.0437 5052   Pcmcia       (e980b6d0ca6acba679a0ac810ab9a57c) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:55:21.0437 5052   Pcmcia - ok
09:55:21.0453 5052   PDCOMP - ok
09:55:21.0468 5052   PDFRAME - ok
09:55:21.0468 5052   PDRELI - ok
09:55:21.0484 5052   PDRFRAME - ok
09:55:21.0484 5052   perc2 - ok
09:55:21.0500 5052   perc2hib - ok
09:55:21.0562 5052   PlugPlay     (32f091e3425759b126760f44b5e931c9) C:\WINDOWS\system32\services.exe
09:55:21.0562 5052   PlugPlay - ok
09:55:21.0609 5052   PolicyAgent   (ac9fca8bcd685abdb9928b1964b731a2) C:\WINDOWS\system32\lsass.exe
09:55:21.0609 5052   PolicyAgent - ok
09:55:21.0625 5052   PptpMiniport   (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:55:21.0640 5052   PptpMiniport - ok
09:55:21.0640 5052   Processor     (ed3cc89af43fb4baa963da18f7474681) C:\WINDOWS\system32\DRIVERS\processr.sys
09:55:21.0656 5052   Processor - ok
09:55:21.0656 5052   ProtectedStorage (ac9fca8bcd685abdb9928b1964b731a2) C:\WINDOWS\system32\lsass.exe
09:55:21.0656 5052   ProtectedStorage - ok
09:55:21.0671 5052   PSched       (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:55:21.0671 5052   PSched - ok
09:55:21.0687 5052   Ptilink       (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:55:21.0687 5052   Ptilink - ok
09:55:21.0734 5052   QIOMem       (3267952ec32cce7867dc6ee533f33391) C:\WINDOWS\system32\DRIVERS\QIOMem.sys
09:55:21.0734 5052   QIOMem - ok
09:55:21.0750 5052   qkbfiltr     (7dc7aca4e775e9d823f5773a2f47a2ac) C:\WINDOWS\system32\drivers\qkbfiltr.sys
09:55:21.0750 5052   qkbfiltr - ok
09:55:21.0765 5052   ql1080 - ok
09:55:21.0765 5052   Ql10wnt - ok
09:55:21.0781 5052   ql12160 - ok
09:55:21.0796 5052   ql1240 - ok
09:55:21.0796 5052   ql1280 - ok
09:55:21.0828 5052   qmofiltr     (8652b9e134c3478be948bf089df8ed5e) C:\WINDOWS\system32\drivers\qmofiltr.sys
09:55:21.0828 5052   qmofiltr - ok
09:55:21.0828 5052   RasAcd       (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:55:21.0828 5052   RasAcd - ok
09:55:21.0875 5052   RasAuto       (82c008ec993aba0bbc9d178b25f71746) C:\WINDOWS\System32\rasauto.dll
09:55:21.0890 5052   RasAuto - ok
09:55:21.0906 5052   Rasl2tp       (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:55:21.0906 5052   Rasl2tp - ok
09:55:21.0937 5052   RasMan       (8a18f96203be26ad7e6a4af765610527) C:\WINDOWS\System32\rasmans.dll
09:55:21.0953 5052   RasMan - ok
09:55:21.0968 5052   RasPppoe     (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:55:21.0984 5052   RasPppoe - ok
09:55:22.0000 5052   Raspti       (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:55:22.0000 5052   Raspti - ok
09:55:22.0046 5052   Rdbss       (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:55:22.0062 5052   Rdbss - ok
09:55:22.0078 5052   RDPCDD       (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:55:22.0078 5052   RDPCDD - ok
09:55:22.0109 5052   rdpdr       (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:55:22.0125 5052   rdpdr - ok
09:55:22.0171 5052   RDPWD       (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
09:55:22.0171 5052   RDPWD - ok
09:55:22.0234 5052   RDSessMgr     (2c0ab39d91e3c9118a191a48f7bd67f6) C:\WINDOWS\system32\sessmgr.exe
09:55:22.0234 5052   RDSessMgr - ok
09:55:22.0265 5052   redbook       (d2ea9dae9a9f1bf40c0ea1d1d7c5592c) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:55:22.0265 5052   redbook - ok
09:55:22.0296 5052   RemoteAccess   (bd3ea2fca2d32b003874ba4819f1818c) C:\WINDOWS\System32\mprdim.dll
09:55:22.0312 5052   RemoteAccess - ok
09:55:22.0343 5052   RemoteRegistry (13bcbc0acf9dc7f3192034bd858cc1ad) C:\WINDOWS\system32\regsvc.dll
09:55:22.0359 5052   RemoteRegistry - ok
09:55:22.0406 5052   RpcLocator     (9fabc6add7a3212ea934e62943de252c) C:\WINDOWS\system32\locator.exe
09:55:22.0406 5052   RpcLocator - ok
09:55:22.0484 5052   RpcSs       (059187b38452a01bb3b397691ddf3552) C:\WINDOWS\System32\rpcss.dll
09:55:22.0500 5052   RpcSs - ok
09:55:22.0515 5052   RSVP         (72309905945d7eaab911b376f86b95e6) C:\WINDOWS\system32\rsvp.exe
09:55:22.0531 5052   RSVP - ok
09:55:22.0546 5052   SamSs       (ac9fca8bcd685abdb9928b1964b731a2) C:\WINDOWS\system32\lsass.exe
09:55:22.0546 5052   SamSs - ok
09:55:22.0671 5052   SASDIFSV - ok
09:55:22.0687 5052   SASKUTIL - ok
09:55:22.0718 5052   SCardSvr     (c8bf6ae55768820130ecf35a6e4d64cc) C:\WINDOWS\System32\SCardSvr.exe
09:55:22.0734 5052   SCardSvr - ok
09:55:22.0781 5052   Schedule     (7d53dc5de342af26401a3cbbbc8cafb8) C:\WINDOWS\system32\schedsvc.dll
09:55:22.0796 5052   Schedule - ok
09:55:22.0843 5052   sdbus       (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
09:55:22.0859 5052   sdbus - ok
09:55:22.0875 5052   Secdrv       (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:55:22.0890 5052   Secdrv - ok
09:55:22.0921 5052   seclogon     (31c48478030803c99a050c47c22d4a9d) C:\WINDOWS\System32\seclogon.dll
09:55:22.0921 5052   seclogon - ok
09:55:22.0937 5052   SENS         (1dda52fbbd05d3fa61a209447fa54aef) C:\WINDOWS\system32\sens.dll
09:55:22.0937 5052   SENS - ok
09:55:22.0968 5052   Serial       (680ed46039ebd4c23eb708f1af6b9e5d) C:\WINDOWS\system32\drivers\Serial.sys
09:55:22.0968 5052   Serial - ok
09:55:23.0015 5052   sffdisk       (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
09:55:23.0015 5052   sffdisk - ok
09:55:23.0031 5052   sffp_sd       (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
09:55:23.0031 5052   sffp_sd - ok
09:55:23.0062 5052   Sfloppy       (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:55:23.0062 5052   Sfloppy - ok
09:55:23.0156 5052   SharedAccess   (27bb7647b600a43147aa2d2c297660f0) C:\WINDOWS\System32\ipnathlp.dll
09:55:23.0156 5052   SharedAccess - ok
09:55:23.0203 5052   ShellHWDetection (a17d630fabfe7b796cbdbee79f9e6612) C:\WINDOWS\System32\shsvcs.dll
09:55:23.0203 5052   ShellHWDetection - ok
09:55:23.0218 5052   Simbad - ok
09:55:23.0218 5052   SLIP         (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:55:23.0234 5052   SLIP - ok
09:55:23.0281 5052   Soluto       (ff35c2d01ac36b446a1b997f305f0fc2) C:\WINDOWS\system32\Drivers\Soluto.sys
09:55:23.0328 5052   Soluto - ok
09:55:23.0484 5052   SolutoService   (ed8397986be35c11bfb321636d6991ee) C:\Programmer\Soluto\SolutoService.exe
09:55:23.0515 5052   SolutoService - ok
09:55:23.0531 5052   Sparrow - ok
09:55:23.0578 5052   splitter     (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:55:23.0578 5052   splitter - ok
09:55:23.0625 5052   Spooler       (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:55:23.0640 5052   Spooler - ok
09:55:23.0656 5052   sr         (b3ecb8b07f7991132c71c1b16a82ffe3) C:\WINDOWS\system32\DRIVERS\sr.sys
09:55:23.0671 5052   sr - ok
09:55:23.0718 5052   srservice     (1e8f91a7cd08bdb7482746f97365e12e) C:\WINDOWS\system32\srsvc.dll
09:55:23.0734 5052   srservice - ok
09:55:23.0812 5052   Srv         (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:55:23.0828 5052   Srv - ok
09:55:23.0843 5052   SSDPSRV       (b1d1003d618961eb936a0717e74cb147) C:\WINDOWS\System32\ssdpsrv.dll
09:55:23.0859 5052   SSDPSRV - ok
09:55:23.0953 5052   stisvc       (787e2a34b0be4b102843d0659811c7ac) C:\WINDOWS\system32\wiaservc.dll
09:55:23.0968 5052   stisvc - ok
09:55:24.0015 5052   streamip     (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:55:24.0031 5052   streamip - ok
09:55:24.0062 5052   swenum       (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:55:24.0062 5052   swenum - ok
09:55:24.0093 5052   swmidi       (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:55:24.0093 5052   swmidi - ok
09:55:24.0109 5052   SwPrv - ok
09:55:24.0125 5052   symc810 - ok
09:55:24.0125 5052   symc8xx - ok
09:55:24.0140 5052   sym_hi - ok
09:55:24.0156 5052   sym_u3 - ok
09:55:24.0187 5052   sysaudio     (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:55:24.0203 5052   sysaudio - ok
09:55:24.0250 5052   SysmonLog     (6453945e83873cdc17e81b0e6a71e707) C:\WINDOWS\system32\smlogsvc.exe
09:55:24.0250 5052   SysmonLog - ok
09:55:24.0296 5052   TapiSrv       (dd04ba74cf4d5d223675b1bd8326648e) C:\WINDOWS\System32\tapisrv.dll
09:55:24.0312 5052   TapiSrv - ok
09:55:24.0390 5052   Tcpip       (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:55:24.0406 5052   Tcpip - ok
09:55:24.0421 5052   tdcmdpst     (1825bceb47bf41c5a9f0e44de82fc27a) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
09:55:24.0421 5052   tdcmdpst - ok
09:55:24.0453 5052   TDPIPE       (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:55:24.0453 5052   TDPIPE - ok
09:55:24.0468 5052   TDTCP       (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:55:24.0468 5052   TDTCP - ok
09:55:24.0515 5052   tdudf       (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
09:55:24.0515 5052   tdudf - ok
09:55:24.0531 5052   TermDD       (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:55:24.0546 5052   TermDD - ok
09:55:24.0609 5052   TermService   (14c8ec0aa06a33ccc5407e4324f91312) C:\WINDOWS\System32\termsrv.dll
09:55:24.0625 5052   TermService - ok
09:55:24.0687 5052   Themes       (a17d630fabfe7b796cbdbee79f9e6612) C:\WINDOWS\System32\shsvcs.dll
09:55:24.0703 5052   Themes - ok
09:55:24.0734 5052   TlntSvr       (5ca8ca112235e9178f20422a07135f0e) C:\WINDOWS\system32\tlntsvr.exe
09:55:24.0750 5052   TlntSvr - ok
09:55:24.0796 5052   TODDSrv       (c5ac715b65b01788abc22d10749dddd8) C:\WINDOWS\system32\TODDSrv.exe
09:55:24.0812 5052   TODDSrv - ok
09:55:24.0953 5052   TOSHIBA Bluetooth Service (8e10e654e354cf330ed75882769a0107) c:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
09:55:24.0953 5052   TOSHIBA Bluetooth Service - ok
09:55:24.0968 5052   TosIde - ok
09:55:25.0031 5052   tosporte     (2c15b4856f929ac7dd144044d8334b54) C:\WINDOWS\system32\DRIVERS\tosporte.sys
09:55:25.0046 5052   tosporte - ok
09:55:25.0093 5052   tosrfbd       (cd6e9c27adc6b37b0b3df29cc83e15a7) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
09:55:25.0093 5052   tosrfbd - ok
09:55:25.0140 5052   tosrfbnp     (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
09:55:25.0140 5052   tosrfbnp - ok
09:55:25.0187 5052   Tosrfcom     (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
09:55:25.0203 5052   Tosrfcom - ok
09:55:25.0218 5052   tosrfec       (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
09:55:25.0234 5052   tosrfec - ok
09:55:25.0265 5052   Tosrfhid     (d3f87c46c7c9e5db99fbd3d17121b891) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
09:55:25.0265 5052   Tosrfhid - ok
09:55:25.0296 5052   tosrfnds     (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
09:55:25.0296 5052   tosrfnds - ok
09:55:25.0328 5052   TosRfSnd     (156d63f6898e4d95f2962f2b72862868) C:\WINDOWS\system32\drivers\tosrfsnd.sys
09:55:25.0343 5052   TosRfSnd - ok
09:55:25.0375 5052   Tosrfusb     (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
09:55:25.0375 5052   Tosrfusb - ok
09:55:25.0421 5052   TrkWks       (f9d5ffa46cde05c235ea258c02ba8a66) C:\WINDOWS\system32\trkwks.dll
09:55:25.0437 5052   TrkWks - ok
09:55:25.0500 5052   trudf       (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
09:55:25.0515 5052   trudf - ok
09:55:25.0562 5052   truecrypt     (db0815523ac07445a2f09dcd2acea8c3) C:\WINDOWS\system32\drivers\truecrypt.sys
09:55:25.0578 5052   truecrypt - ok
09:55:25.0609 5052   Udfs         (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:55:25.0625 5052   Udfs - ok
09:55:25.0625 5052   ultra - ok
09:55:25.0703 5052   Update       (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:55:25.0734 5052   Update - ok
09:55:25.0765 5052   upnphost     (d091aa5963c06afec8bfc3d5b1b24647) C:\WINDOWS\System32\upnphost.dll
09:55:25.0781 5052   upnphost - ok
09:55:25.0812 5052   UPS         (925edcae2170355679e1d2d1e638f68e) C:\WINDOWS\System32\ups.exe
09:55:25.0828 5052   UPS - ok
09:55:25.0859 5052   usbccgp       (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:55:25.0859 5052   usbccgp - ok
09:55:25.0906 5052   usbehci       (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:55:25.0921 5052   usbehci - ok
09:55:25.0921 5052   usbhub       (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:55:25.0937 5052   usbhub - ok
09:55:25.0968 5052   usbohci       (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:55:25.0968 5052   usbohci - ok
09:55:26.0015 5052   usbprint     (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:55:26.0031 5052   usbprint - ok
09:55:26.0078 5052   USBSTOR       (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:55:26.0078 5052   USBSTOR - ok
09:55:26.0171 5052   usbvideo     (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:55:26.0187 5052   usbvideo - ok
09:55:26.0234 5052   UVCFTR       (8c5094a8ab24de7496c7c19942f2df04) C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS
09:55:26.0250 5052   UVCFTR - ok
09:55:26.0281 5052   VgaSave       (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:55:26.0281 5052   VgaSave - ok
09:55:26.0296 5052   ViaIde - ok
09:55:26.0312 5052   VolSnap       (69d9e1de5f897580f8b1d1957528b0b2) C:\WINDOWS\system32\drivers\VolSnap.sys
09:55:26.0328 5052   VolSnap - ok
09:55:26.0375 5052   VSS         (3f5d90c4bb1c6a75e264e8d7148eb3ce) C:\WINDOWS\System32\vssvc.exe
09:55:26.0390 5052   VSS - ok
09:55:26.0421 5052   W32Time       (1c398054ba3d3e75e991f548ab8d763f) C:\WINDOWS\system32\w32time.dll
09:55:26.0421 5052   W32Time - ok
09:55:26.0453 5052   Wanarp       (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:55:26.0453 5052   Wanarp - ok
09:55:26.0515 5052   Wdf01000     (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:55:26.0515 5052   Wdf01000 - ok
09:55:26.0531 5052   WDICA - ok
09:55:26.0546 5052   wdmaud       (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:55:26.0546 5052   wdmaud - ok
09:55:26.0593 5052   WebClient     (1a85ad583cd64227203bdc1fe2afa520) C:\WINDOWS\System32\webclnt.dll
09:55:26.0593 5052   WebClient - ok
09:55:26.0687 5052   winachsf     (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:55:26.0703 5052   winachsf - ok
09:55:26.0750 5052   winmgmt       (c16c23396f1c1ba7d170c54ec4e78f1b) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:55:26.0765 5052   winmgmt - ok
09:55:26.0812 5052   WmdmPmSN     (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:55:26.0812 5052   WmdmPmSN - ok
09:55:26.0937 5052   Wmi         (031ae33d8f143d37f53e122375950396) C:\WINDOWS\System32\advapi32.dll
09:55:26.0968 5052   Wmi - ok
09:55:27.0000 5052   WmiAcpi       (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:55:27.0015 5052   WmiAcpi - ok
09:55:27.0078 5052   WmiApSrv     (a11d7a4dbabbf29bd66e189905c21d4e) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:55:27.0078 5052   WmiApSrv - ok
09:55:27.0125 5052   WpdUsb       (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
09:55:27.0140 5052   WpdUsb - ok
09:55:27.0187 5052   WS2IFSL       (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:55:27.0187 5052   WS2IFSL - ok
09:55:27.0250 5052   wscsvc       (bc71bc51dd57e792851d31795f3edbf1) C:\WINDOWS\system32\wscsvc.dll
09:55:27.0250 5052   wscsvc - ok
09:55:27.0296 5052   WSIMD       (21ac4f228f3d36876a42277c76a766c0) C:\WINDOWS\system32\DRIVERS\wsimd.sys
09:55:27.0296 5052   WSIMD - ok
09:55:27.0328 5052   WSTCODEC     (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:55:27.0343 5052   WSTCODEC - ok
09:55:27.0359 5052   wuauserv     (2bc349942c6ce07736f78bec266816ce) C:\WINDOWS\system32\wuauserv.dll
09:55:27.0375 5052   wuauserv - ok
09:55:27.0406 5052   WudfPf       (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:55:27.0421 5052   WudfPf - ok
09:55:27.0453 5052   WudfRd       (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:55:27.0468 5052   WudfRd - ok
09:55:27.0500 5052   WudfSvc       (575a4190d989f64732119e4114045a4f) C:\WINDOWS\System32\WUDFSvc.dll
09:55:27.0515 5052   WudfSvc - ok
09:55:27.0609 5052   WZCSVC       (f335fb0f45374c2ea9c3eba798eb550d) C:\WINDOWS\System32\wzcsvc.dll
09:55:27.0625 5052   WZCSVC - ok
09:55:27.0671 5052   xmlprov       (3fee6c536d5bfc0f1b6bca56f97d1f80) C:\WINDOWS\System32\xmlprov.dll
09:55:27.0687 5052   xmlprov - ok
09:55:27.0734 5052   yukonwxp     (d57a909f1a9114d5d18a2eacb1afecd5) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
09:55:27.0750 5052   yukonwxp - ok
09:55:27.0843 5052   MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:55:29.0125 5052   \Device\Harddisk0\DR0 - ok
09:55:29.0140 5052   Boot (0x1200)  (9bf69f9b58941bf3783f850717fc33dc) \Device\Harddisk0\DR0\Partition0
09:55:29.0140 5052   \Device\Harddisk0\DR0\Partition0 - ok
09:55:29.0156 5052   ============================================================
09:55:29.0156 5052   Scan finished
09:55:29.0156 5052   ============================================================
09:55:29.0203 5048   Detected object count: 0
09:55:29.0203 5048   Actual detected object count: 0

  strato
Antal indlæg: 84

Og her er aswMBR loggen:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-31 10:11:35
——————————————-
10:11:35.562   OS Version: Windows 5.1.2600 Service Pack 3
10:11:35.562   Number of processors: 2 586 0x301
10:11:35.562   ComputerName: NYTOSHIBA UserName: JH
10:11:37.390   Initialize success
10:15:32.734   AVAST engine defs: 12073100
10:16:13.609   Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\ahcix861Port2Path0Target0Lun0
10:16:13.609   Disk 0 Vendor: TOSHIBA_ LV01 Size: 238475MB BusType: 1
10:16:13.625   Disk 0 MBR read successfully
10:16:13.625   Disk 0 MBR scan
10:16:13.671   Disk 0 Windows XP default MBR code
10:16:13.671   Disk 0 Partition 1 80 (A) 07   HPFS/NTFS NTFS     238472 MB offset 63
10:16:13.687   Disk 0 scanning sectors +488392065
10:16:13.765   Disk 0 scanning C:\WINDOWS\system32\drivers
10:16:25.109   Service scanning
10:16:57.562   Modules scanning
10:17:09.843   Disk 0 trace - called modules:
10:17:09.843  
10:17:10.531   AVAST engine scan C:\WINDOWS
10:17:21.546   AVAST engine scan C:\WINDOWS\system32
10:23:15.218   AVAST engine scan C:\WINDOWS\system32\drivers
10:23:35.625   AVAST engine scan C:\Documents and Settings\JH
10:28:55.015   AVAST engine scan C:\Documents and Settings\All Users
10:30:26.296   Scan finished successfully
10:31:03.500   Disk 0 MBR has been saved successfully to “C:\Documents and Settings\JH\Skrivebord\MBR.dat”
10:31:03.500   The log file has been saved successfully to “C:\Documents and Settings\JH\Skrivebord\aswMBR.txt”

Administrator
Antal indlæg: 8603

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Driver::
SASDIFSV
SASKUTIL
ClearJavaCache::

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem. <- Vigtigt

Tag så fat i den nye fil med musen, og før den hen over ComboFix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle ComboFix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Får du noget der ligner denne fejl.

Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning

Så genstart, en gang mere, det burde løse det.

Indholdet af denne fil må du gerne lægge herind.

Signatur

Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !

  strato
Antal indlæg: 84

Puh ha, det var en hård omgang. Prøvede 5 gange og ventede hver gang 1 til 2 timer på at der skulle ske noget. Forgæves. Først da jeg fjernede Malwarebytes lykkedes det. Mærkeligt!!!

Nå men her loggen:


ComboFix 12-07-30.03 - JH 01-08-2012   1:38.16.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.2814.2167 [GMT 2:00]
Kører fra: c:\documents and settings\JH\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\JH\Skrivebord\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Dannede nyt systemgendannelsespunkt
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
———-\Legacy_SASDIFSV
———-\Legacy_SASKUTIL
———-\Service_SASDIFSV
———-\Service_SASKUTIL
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-06-28 til 2012-07-31 )))))))))))))))))))))))))))))))))))
.
.
2012-07-30 21:35 . 2008-04-15 12:00   162816   -c—a-w-  c:\windows\system32\dllcache\netbt.sys
2012-07-30 21:35 . 2008-04-15 12:00   162816   ——a-w-  c:\windows\system32\drivers\netbt.sys
2012-07-13 21:08 . 2012-07-13 21:08   476976   ——a-w-  c:\windows\system32\npdeployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 21:08 . 2008-07-08 11:49   73728   ——a-w-  c:\windows\system32\javacpl.cpl
2012-07-13 21:08 . 2011-08-26 16:08   472880   ——a-w-  c:\windows\system32\deployJava1.dll
2012-06-13 13:55 . 2008-07-08 11:11   1866112   ——a-w-  c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-07-08 11:11   1372672   ——a-w-  c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-07-08 11:11   1172480   ——a-w-  c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-07-08 11:11   152576   ——a-w-  c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-10-16 13:07   15384   ——a-w-  c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-07-08 11:22   329240   ——a-w-  c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-07-08 11:22   219160   ——a-w-  c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-07-08 11:22   210968   ——a-w-  c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-10-16 13:09   45080   ——a-w-  c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-07-08 11:22   53784   ——a-w-  c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-07-08 11:22   35864   ——a-w-  c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-07-08 11:11   97304   ——a-w-  c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 13:07   18456   ——a-w-  c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-07-08 11:22   577048   ——a-w-  c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-10-16 13:08   23064   ——a-w-  c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-10-16 13:08   15896   ——a-w-  c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-07-08 11:22   1933848   ——a-w-  c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2011-05-30 09:28   17648   ——a-w-  c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2011-05-30 09:28   275696   ——a-w-  c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-05-30 09:28   214256   ——a-w-  c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2008-07-08 11:11   602112   ——a-w-  c:\windows\system32\crypt32.dll
2012-05-15 15:36 . 2008-07-08 11:11   832512   ——a-w-  c:\windows\system32\wininet.dll
2012-05-05 03:14 . 2008-04-14 08:45   2029056   ——a-w-  c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2008-04-14 08:44   2150912   ——a-w-  c:\windows\system32\ntoskrnl.exe
2007-07-06 16:39 . 2009-06-16 20:59   401720   ——a-w-  c:\programmer\HJTrenamed.exe
2007-02-01 16:02 . 2009-06-15 22:40   313344   ——a-w-  c:\programmer\hjsplit.exe
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-07-30_21.40.46   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-31 23:51 . 2012-07-31 23:51   16384         c:\windows\temp\Perflib_Perfdata_7d8.dat
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“TOSCDSPD”=“c:\programmer\TOSHIBA\TOSCDSPD\toscdspd.exe” [2005-04-12 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CFSServ.exe”=“CFSServ.exe -NoClient” [X]
“NDSTray.exe”=“NDSTray.exe” [BU]
“TPSMain”=“TPSMain.exe” [2008-02-06 271672]
“SmoothView”=“c:\programmer\TOSHIBA\TOSHIBA-zoomfunktion\SmoothView.exe” [2007-05-11 143360]
“DDWMon”=“c:\programmer\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe” [2007-04-26 495616]
“StartCCC”=“c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2008-01-21 61440]
“Apoint”=“c:\programmer\Apoint2K\Apoint.exe” [2007-12-15 184320]
“Toshiba Controls Utility”=“c:\programmer\TOSHIBA\Controls\VolumeIndicator.exe” [2008-02-01 77824]
“ACU”=“c:\programmer\Atheros\ACU.exe” [2008-04-14 450648]
“AVG_TRAY”=“c:\programmer\AVG\AVG2012\avgtray.exe” [2012-04-05 2587008]
“Soluto”=“c:\programmer\Soluto\soluto.exe” [2012-04-24 1716784]
“SunJavaUpdateSched”=“c:\programmer\Fælles filer\Java\Java Update\jusched.exe” [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“AvgUninstallURL”=“start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctNjYwNDAwMzMyLUJBKzEtS1YzKzctVDMtRlA5KzYtVEI5KzItRkwrOS1GMTBNKzUtWDIwMTArMi1RSVgxKzQtTElDKzc3LVNQMSsxLUZMMTArMS1UVUcrMy1TUDFTMisxLVNVRCsxLVMxSSsxLVNVMysxLUREVCsw&prod=55&ver=10.0.1382” [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@=“Service”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Programmer\\Toshiba\\ConfigFree\\NDSTray.exe”=
“c:\\Programmer\\Bonjour\\mDNSResponder.exe”=
“c:\\Programmer\\iTunes\\iTunes.exe”=
“c:\\Programmer\\Toshiba\\ConfigFree\\CFXFER.exe”=
“c:\\Programmer\\Ratajik Software\\StationRipper\\StationRipperConsole.exe”=
“c:\\Z\\programmer downloaded\\solutoinstaller.exe”=
“c:\\Programmer\\Soluto\\Soluto.exe”=
“c:\\Programmer\\Soluto\\SolutoService.exe”=
“c:\\Programmer\\Soluto\\SolutoConsole.exe”=
“c:\\Programmer\\Soluto\\SolutoUpdateService.exe”=
“c:\\Programmer\\AVG\\AVG2012\\avgmfapx.exe”=
“c:\\Programmer\\AVG\\AVG2012\\avgnsx.exe”=
“c:\\Programmer\\AVG\\AVG2012\\avgdiagex.exe”=
“c:\\Programmer\\AVG\\AVG2012\\avgemcx.exe”=
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [08-07-2008 13:11 172040]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-04-2012 04:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16-03-2011 16:03 31952]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [30-04-2012 22:25 51144]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07-01-2011 06:41 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [05-04-2011 00:59 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\programmer\AVG\AVG2012\avgidsagent.exe [04-07-2012 17:25 5160568]
R2 avgwd;AVG WatchDog;c:\programmer\AVG\AVG2012\avgwdsvc.exe [14-02-2012 04:53 193288]
R2 SolutoService;Soluto PCGenome Core Service;c:\programmer\Soluto\SolutoService.exe [24-04-2012 17:32 584224]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26-03-2007 12:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19-02-2007 12:15 134016]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [08-07-2008 13:33 732160]
R3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys—> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
R3 Ndisrd;Ndisrd;c:\windows\system32\drivers\ndisrd.sys [12-08-2010 19:04 20480]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [08-07-2008 13:57 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [29-05-2007 10:01 6912]
S2 avg9wd;AVG Free WatchDog; [x]
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3277386681-160039827-3421441214-1005Core.job
- c:\documents and settings\JH\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2009-11-18 21:49]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3277386681-160039827-3421441214-1005UA.job
- c:\documents and settings\JH\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2009-11-18 21:49]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = <local>
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 193.162.153.164 194.239.134.83
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-01 01:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
——————————- DLLs startet under kørende Processer——————————-
.
- - - - - - - > ‘winlogon.exe’(604)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > ‘explorer.exe’(7868)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
————————————Andre kørende processer————————————
.
c:\windows\system32\Ati2evxx.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\acs.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\O2Micro Flash Memory Card Driver\o2flash.exe
c:\programmer\AVG\AVG2012\avgnsx.exe
c:\programmer\AVG\AVG2012\avgrsx.exe
c:\programmer\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\TODDSrv.exe
c:\programmer\TOSHIBA\ConfigFree\NDSTray.exe
c:\programmer\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\programmer\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\TPSBattM.exe
c:\programmer\Apoint2K\HidFind.exe
c:\programmer\Apoint2K\Apntex.exe
c:\programmer\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Gennemført tid: 2012-08-01 02:00:39 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-08-01 00:00
.
Pre-Kørsel: 75.184.263.168 byte ledig
Post-Kørsel: 75.293.757.440 byte ledig
.
- - End Of File - - 5A41E111292BE9CA581A712BA112F243

Administrator
Antal indlæg: 8603

Hvordan kører PCen question

Signatur

Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !