Hej, og velkommmen til

Jeg ved ikke om det skyldes Malware, men jeg flytter tråden til “Almindelig rensning”

Du skal helst downloade fra en anden PC.

———

Til 32 bit Windows, hent Farbar Recovery Scan Tool og gem den på en USB nøgle.
Til 64 bit Windows, hent Farbar Recovery Scan Tool x64 og gem den på en USB nøgle.

Sæt USB nøglen i den inficerede PC.

Start PCen op med “Advanced Boot Options” (Tryk F8 flere gange under opstart)
Vælg “Repair Your Computer”
Vælg sprog.
Vælg Bruger konto.

Så skal du vælge Kommando Prompt.

Der skriver du notepad, og trykker <Enter>

Vælg Fil menu -> Åbn og vælg “Computer”. Find drevbogstavet til din USB nøgle. Luk Notesblok.

Ved Kommando prompten skriver du e:\frst.exe (64 bit Windows e:\frst64)
Erstat e med det rigtige bogstav.

Når Farbar Recovery Scan Tool er startet, klikker du på Scan.

Den laver FRST.txt på USB nøglen. Kopier den herind i dit næste indlæg.

hej igen

jeg kan nu ikke downloade noget fra den “syge” pc

herunder er indholdet af FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 22-08-2012
Ran by SYSTEM at 22-08-2012 21:09:46
Running from I:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: Danish
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6942240 2008-12-02] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-12-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ISW] “C:\Program Files\CheckPoint\ZAForceField\ForceField.exe” /icon=“hidden” [1125504 2011-10-19] (Check Point Software Technologies)
HKLM\...\Run: [Zune Launcher] “C:\Program Files\Zune\ZuneLauncher.exe” [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdatePPShortCut] “C:\Program Files (x86)\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\HomeCinema\PowerProducer” update “Software\CyberLink\PowerProducer\5.0” [222504 2008-02-21] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDRShortCut] “C:\Program Files (x86)\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\HomeCinema\PowerDirector” UpdateWithCreateOnce “Software\CyberLink\PowerDirector\7.0” [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] “C:\Program Files (x86)\HomeCinema\PowerDVD8\PDVD8Serv.exe” [83240 2008-03-20] (Cyberlink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] “C:\Program Files (x86)\HomeCinema\PowerDVD8\Language\Language.exe” [50472 2007-12-14] ()
HKLM-x32\...\Run: [MDS_Menu] “C:\Program Files (x86)\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe” “C:\Program Files (x86)\HomeCinema\MediaShow4” UpdateWithCreateOnce “Software\CyberLink\MediaShow\4.1” [218408 2008-11-14] (CyberLink Corp.)
HKLM-x32\...\Run: [NBKeyScan] “C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2221352 2008-06-08] (Nero AG)
HKLM-x32\...\Run: [HPPQVideo] “C:\Program Files (x86)\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe” -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml -o remindLater [x]
HKLM-x32\...\Run: [ToolBoxFX] “C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe” /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on [53248 2007-08-28] (HP)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [HPUsageTracking] “C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe” “C:\Program Files (x86)\HP\HP UT\” [36864 2007-05-08] ()
HKLM-x32\...\Run: [AVG_TRAY] “C:\Program Files (x86)\AVG\AVG2012\avgtray.exe” [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [WinampAgent] “C:\Program Files (x86)\Winamp\winampa.exe” [74752 2010-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [DivXUpdate] “C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe” /CHECKNOW [1230704 2011-03-21] ()
HKLM-x32\...\Run: [ZoneAlarm] “C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe” [73360 2011-10-26] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [Flashget] “C:\Program Files (x86)\FlashGet\FlashGet.exe” /min [2007088 2007-09-25] (FlashGet.com)
HKLM-x32\...\Run: [vProt] “C:\Program Files (x86)\AVG Secure Search\vprot.exe” [1107552 2012-07-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe” [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HF_G_Jul] “C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe”  /DoAction [36960 2012-07-18] ()
HKLM-x32\...\Run: [Adobe ARM] “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\bojensen\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\bojensen\...\Run: [msnmsgr] “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\bojensen\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [1840424 2008-06-24] (Nero AG)
HKU\bojensen\...\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012912 2010-03-08] (SUPERAntiSpyware.com)
HKU\bojensen\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\bojensen\...\Run: [Steam] “C:\Program Files (x86)\Steam\Steam.exe” -silent [1353080 2012-08-06] (Valve Corporation)
HKU\bojensen\...\Run: []  [x]
HKU\bojensen\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1083264 2012-01-10] (Nokia)
HKU\bojensen\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe -update activex [1083264 2012-01-10] (Nokia)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ======

2 AntUpdaterService; “C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe” [520216 2011-06-29] (Ant.com)
2 AVGIDSAgent; “C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe” [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; “C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe” [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 IswSvc; “C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe” [827520 2011-10-19] (Check Point Software Technologies)
2 Lavasoft Ad-Aware Service; “C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe” [2152152 2011-09-02] (Lavasoft Limited)
4 MBAMService; “C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamservice.exe” [655944 2012-07-03] (Malwarebytes Corporation)
2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-06-08] (Nero AG)
3 NMIndexingService; “C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe” [537896 2008-06-24] (Nero AG)
2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.)
2 RichVideo; “C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe” [241734 2008-06-28] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -service [2420616 2011-10-26] (Check Point Software Technologies LTD)
2 vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-10] ()

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2011-10-19] (Check Point Software Technologies)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-02-04] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69152 2010-12-03] (Lavasoft AB)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 MEMSWEEP2; \??\C:\Windows\system32\E282.tmp [6144 2009-06-18] (Sophos Plc)
1 SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-03-08] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-03-08] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [66632 2010-03-08] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 Vsdatant; C:\Windows\System32\Drivers\Vsdatant.sys [448088 2011-05-07] (Check Point Software Technologies LTD)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-22 21:09 - 2012-08-22 21:09 - 00000000 ____D C:\FRST
2012-08-22 17:12 - 2012-08-22 21:07 - 00045749 ____A C:\clamscan-sda1.log
2012-08-21 15:34 - 2012-08-21 15:34 - 00000000 __SHD C:\found.001
2012-08-21 13:58 - 2012-08-21 13:58 - 717570619 ____A C:\Windows\MEMORY.DMP
2012-08-20 23:30 - 2012-08-21 11:30 - 00000000 ____D C:\Users\bojensen\AppData\Local\{5432D45E-EFD4-406C-A568-6597805EB4DD}
2012-08-20 22:16 - 2012-08-20 22:16 - 00001926 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-08-20 22:16 - 2012-08-20 22:16 - 00001926 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk
2012-08-20 21:09 - 2012-06-28 05:10 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-20 21:09 - 2012-06-28 04:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-20 21:09 - 2012-06-28 04:28 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-20 21:09 - 2012-06-28 04:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-20 21:09 - 2012-06-28 04:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-20 21:09 - 2012-06-28 04:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-20 21:09 - 2012-06-28 04:19 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-20 21:09 - 2012-06-28 04:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-20 21:09 - 2012-06-28 04:16 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-20 21:09 - 2012-06-28 04:16 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-20 21:09 - 2012-06-28 04:14 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-20 21:09 - 2012-06-28 04:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-20 21:09 - 2012-06-28 04:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-20 21:09 - 2012-06-28 04:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-20 21:09 - 2012-06-28 01:50 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-20 21:09 - 2012-06-28 01:28 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-20 21:09 - 2012-06-28 01:27 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-20 21:09 - 2012-06-28 01:19 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-20 21:09 - 2012-06-28 01:18 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-20 21:09 - 2012-06-28 01:18 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-20 21:09 - 2012-06-28 01:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-20 21:09 - 2012-06-28 01:13 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-20 21:09 - 2012-06-28 01:12 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-20 21:09 - 2012-06-28 01:10 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-20 21:09 - 2012-06-28 01:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-20 21:09 - 2012-06-28 01:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-20 21:09 - 2012-06-28 01:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-20 21:09 - 2012-06-28 01:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-20 21:08 - 2012-07-04 15:33 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-20 20:58 - 2012-06-29 17:20 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-20 20:58 - 2012-06-29 17:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-20 20:58 - 2012-05-11 17:34 - 00788480 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-20 20:58 - 2012-05-11 16:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll
2012-08-18 23:30 - 2012-08-18 23:30 - 00000000 ____D C:\Users\bojensen\AppData\Local\{CA1F9BF4-2A4E-4E39-AFA8-F1C58681CA21}
2012-08-18 11:30 - 2012-08-18 11:30 - 00000000 ____D C:\Users\bojensen\AppData\Local\{E11D963F-2622-4961-8B6B-632A2587526D}
2012-08-17 23:30 - 2012-08-17 23:30 - 00000000 ____D C:\Users\bojensen\AppData\Local\{2D2BDE31-A370-4C47-ADB8-A2ECB0A8AEC6}
2012-08-17 11:30 - 2012-08-17 11:30 - 00000000 ____D C:\Users\bojensen\AppData\Local\{AA9CA137-3954-4446-A745-E43B2783CB50}
2012-08-17 11:29 - 2012-08-20 11:30 - 00000000 ____D C:\Users\bojensen\AppData\Local\{7817856C-5918-463F-A008-1BB2CC746DEF}
2012-08-16 23:29 - 2012-08-16 23:29 - 00000000 ____D C:\Users\bojensen\AppData\Local\{7D9F3550-F602-4541-820C-6F95A073C2EB}
2012-08-16 11:29 - 2012-08-16 11:29 - 00000000 ____D C:\Users\bojensen\AppData\Local\{6D2B68CF-4463-4DB4-AF2C-FC18D68AAF3C}
2012-08-15 23:29 - 2012-08-15 23:29 - 00000000 ____D C:\Users\bojensen\AppData\Local\{3581AFA3-7A76-4C77-B0F4-45B84C9CC013}
2012-08-15 11:29 - 2012-08-15 11:29 - 00000000 ____D C:\Users\bojensen\AppData\Local\{6AC3111D-D361-4624-856C-C19FD399B226}
2012-08-14 23:28 - 2012-08-14 23:28 - 00000000 ____D C:\Users\bojensen\AppData\Local\{9FA5C265-A4E2-4B07-B1CB-031E76CA2EE6}
2012-08-14 11:28 - 2012-08-16 23:29 - 00000000 ____D C:\Users\bojensen\AppData\Local\{F40A9B9E-D2BB-4E53-AC6B-EBA2422A814C}
2012-08-14 11:28 - 2012-08-14 11:28 - 00000000 ____D C:\Users\bojensen\AppData\Local\{B4ABDF3A-D477-4B79-8778-F43D0389D915}
2012-08-08 11:08 - 2012-08-08 11:08 - 00000000 ____D C:\Users\bojensen\AppData\Local\{B10B53EF-5E7D-44E0-A8D0-27AA80AD227C}
2012-08-07 23:08 - 2012-08-07 23:08 - 00000000 ____D C:\Users\bojensen\AppData\Local\{C9C6AD24-5295-4E16-8F9F-D43D4DBAC67B}
2012-08-07 11:08 - 2012-08-08 11:08 - 00000000 ____D C:\Users\bojensen\AppData\Local\{9439E05B-EA5A-405D-87F9-C95A1EDD6B5E}
2012-08-07 11:08 - 2012-08-07 11:08 - 00000000 ____D C:\Users\bojensen\AppData\Local\{3B2018B7-5402-4F02-A713-480968130DE8}
2012-08-06 20:47 - 2012-08-06 20:47 - 00000000 ____D C:\Users\bojensen\AppData\Local\{D2E6D3B6-094F-4381-AA13-E6E3EA3EE72F}
2012-08-06 20:47 - 2012-08-06 20:47 - 00000000 ____D C:\Users\bojensen\AppData\Local\{C9F74621-DAD1-4DFF-97D5-4D2C828AA227}
2012-08-06 08:47 - 2012-08-06 08:47 - 00000000 ____D C:\Users\bojensen\AppData\Local\{1B613A0A-014E-48E9-879A-2E34AD98BBFC}
2012-08-05 20:47 - 2012-08-05 20:47 - 00000000 ____D C:\Users\bojensen\AppData\Local\{C89B03AA-BC88-4F3B-95C0-4750F09DCF8E}
2012-08-05 08:47 - 2012-08-05 08:47 - 00000000 ____D C:\Users\bojensen\AppData\Local\{8BC79397-B5BA-40F5-BD84-91E455538498}
2012-08-04 20:47 - 2012-08-04 20:47 - 00000000 ____D C:\Users\bojensen\AppData\Local\{2DCC63FF-96EC-4C6A-8A6B-EFADB4C14C0C}
2012-08-04 08:46 - 2012-08-04 08:46 - 00000000 ____D C:\Users\bojensen\AppData\Local\{D36F3B7F-08EE-4EE9-AA6D-B2C0461E8E30}
2012-08-03 20:46 - 2012-08-03 20:46 - 00000000 ____D C:\Users\bojensen\AppData\Local\{B46AC988-4FCC-4759-824F-47550EAF5558}
2012-08-03 08:46 - 2012-08-03 08:46 - 00000000 ____D C:\Users\bojensen\AppData\Local\{80E72766-08BD-46D5-8F36-14B2F3059444}
2012-08-02 20:46 - 2012-08-06 08:47 - 00000000 ____D C:\Users\bojensen\AppData\Local\{FDC52AB3-9CEB-49FE-8116-76A62563AD53}
2012-08-02 20:46 - 2012-08-02 20:46 - 00000000 ____D C:\Users\bojensen\AppData\Local\{53221D10-C287-474C-A20C-8018936B1083}
2012-08-02 08:46 - 2012-08-02 08:46 - 00000000 ____D C:\Users\bojensen\AppData\Local\{E8E8849A-0083-4633-8BAC-D60247304E62}
2012-08-01 20:46 - 2012-08-01 20:46 - 00000000 ____D C:\Users\bojensen\AppData\Local\{4B73A8A8-955B-4799-B303-C829C91191BF}
2012-08-01 08:45 - 2012-08-01 08:45 - 00000000 ____D C:\Users\bojensen\AppData\Local\{ECEF1614-8E6E-4518-B57D-00A127120A81}
2012-07-31 20:45 - 2012-07-31 20:45 - 00000000 ____D C:\Users\bojensen\AppData\Local\{ED4B3DA4-CC88-4F52-BFE2-E0034D987334}
2012-07-31 08:45 - 2012-07-31 08:45 - 00000000 ____D C:\Users\bojensen\AppData\Local\{DD18883E-B972-43CB-918B-CD7975C25950}
2012-07-30 20:45 - 2012-07-30 20:45 - 00000000 ____D C:\Users\bojensen\AppData\Local\{8D57DB89-E0C1-4BC4-B5ED-7F42E1E8CF47}
2012-07-30 08:44 - 2012-08-02 08:46 - 00000000 ____D C:\Users\bojensen\AppData\Local\{B134B84A-B4FD-4095-A718-4211A44AAD2C}
2012-07-30 08:44 - 2012-07-30 08:44 - 00000000 ____D C:\Users\bojensen\AppData\Local\{12561141-66EC-498D-BA45-CA746B283286}
2012-07-27 00:22 - 2012-07-27 00:22 - 00000000 ____D C:\Users\bojensen\AppData\Local\{2C83D9DB-8F43-4503-BC8C-2CDFB9AD64BF}
2012-07-26 12:22 - 2012-07-27 00:22 - 00000000 ____D C:\Users\bojensen\AppData\Local\{6E842387-2B6E-48ED-AA2B-9C4E0CD32FEB}
2012-07-26 12:22 - 2012-07-26 12:22 - 00000000 ____D C:\Users\bojensen\AppData\Local\{AC803146-9A04-4098-B609-0EB3C0115195}
2012-07-25 20:45 - 2012-07-25 20:45 - 00000000 ____D C:\Users\bojensen\AppData\Local\{7A90D192-7BFD-4D0C-89C8-2963809270F3}
2012-07-25 08:44 - 2012-07-25 20:45 - 00000000 ____D C:\Users\bojensen\AppData\Local\{CB8036BD-E64D-4914-8DD2-7C47841810B8}
2012-07-25 08:44 - 2012-07-25 08:44 - 00000000 ____D C:\Users\bojensen\AppData\Local\{3FC18464-773C-48B7-96AD-BB90442AB7AB}
2012-07-25 00:23 - 2012-06-05 17:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-25 00:23 - 2012-06-05 17:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-25 00:23 - 2012-06-05 17:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-25 00:23 - 2012-06-05 17:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-25 00:23 - 2012-06-04 16:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-25 00:23 - 2012-06-02 01:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-25 00:23 - 2012-06-02 01:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-25 00:23 - 2012-06-02 01:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-25 00:23 - 2012-06-02 01:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-25 00:23 - 2012-06-02 01:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-25 00:22 - 2012-06-08 18:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-25 00:22 - 2012-06-08 18:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-24 20:44 - 2012-07-24 20:44 - 00000000 ____D C:\Users\bojensen\AppData\Local\{FDA295FC-E9B9-41C7-9608-22F4553D84AE}
2012-07-24 08:44 - 2012-07-24 08:44 - 00000000 ____D C:\Users\bojensen\AppData\Local\{C63F4141-143F-452C-9255-62127F23CEFF}
2012-07-23 20:43 - 2012-07-23 20:43 - 00000000 ____D C:\Users\bojensen\AppData\Local\{8DCEF016-39BD-4DFB-9F35-A2BFA94954EF}
2012-07-23 08:43 - 2012-07-23 08:43 - 00000000 ____D C:\Users\bojensen\AppData\Local\{FA8FF0D0-21F6-459B-B3CD-73CFB327B28A}

============ 3 Months Modified Files ========================

2012-08-22 21:07 - 2012-08-22 17:12 - 00045749 ____A C:\clamscan-sda1.log
2012-08-22 14:54 - 2010-12-15 10:57 - 00058243 ____A C:\aaw7boot.log
2012-08-21 13:58 - 2012-08-21 13:58 - 717570619 ____A C:\Windows\MEMORY.DMP
2012-08-21 13:36 - 2008-01-21 02:53 - 01619414 ____A C:\Windows\WindowsUpdate.log
2012-08-21 04:28 - 2006-11-02 16:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-21 04:28 - 2006-11-02 16:22 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-20 22:28 - 2011-12-22 11:17 - 00005336 ____A C:\Windows\PFRO.log
2012-08-20 22:28 - 2006-11-02 16:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-20 22:26 - 2010-02-06 20:56 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-08-20 22:26 - 2006-11-02 16:42 - 00032584 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-20 22:16 - 2012-08-20 22:16 - 00001926 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-08-20 22:16 - 2012-08-20 22:16 - 00001926 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk
2012-08-20 21:24 - 2006-11-02 16:21 - 00315664 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-20 21:00 - 2006-11-02 13:35 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-08-18 13:32 - 2008-01-21 11:24 - 01243496 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-18 13:32 - 2008-01-21 11:24 - 00472154 ____A C:\Windows\System32\perfh006.dat
2012-08-18 13:32 - 2008-01-21 11:24 - 00080180 ____A C:\Windows\System32\perfc006.dat
2012-08-18 13:29 - 2012-02-03 14:34 - 00023863 ____A C:\Windows\setupact.log
2012-08-17 21:07 - 2011-05-03 16:29 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-08-17 21:07 - 2011-05-03 16:29 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-08-16 23:41 - 2009-02-10 00:01 - 00180224 ____A C:\Users\bojensen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-06 20:29 - 2009-03-01 03:20 - 00001445 ____A C:\Users\bojensen\Desktop\musik søge.txt
2012-08-06 19:49 - 2011-12-31 12:57 - 00000952 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-06 19:49 - 2011-12-31 12:57 - 00000952 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-02 15:52 - 2012-04-10 07:48 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-02 15:52 - 2011-06-13 19:26 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-26 22:44 - 2010-10-05 14:09 - 00025848 ____A C:\Users\bojensen\danid.log
2012-07-26 22:41 - 2010-10-05 14:09 - 01053500 ____A C:\Users\bojensen\danid.log.1
2012-07-17 20:47 - 2011-11-04 19:51 - 00000878 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-17 20:47 - 2011-11-04 19:51 - 00000878 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
2012-07-07 14:42 - 2012-04-28 18:25 - 00000932 ____A C:\Users\bojensen\Desktop\Dropbox.lnk
2012-07-04 15:33 - 2012-08-20 21:08 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-03 12:46 - 2010-03-07 19:47 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 09:18 - 2012-07-02 09:18 - 00000383 ____A C:\Windows\DirectX.log
2012-06-29 17:20 - 2012-08-20 20:58 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-06-29 17:01 - 2012-08-20 20:58 - 00467968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-06-28 05:10 - 2012-08-20 21:09 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 04:39 - 2012-08-20 21:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 04:28 - 2012-08-20 21:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 04:22 - 2012-08-20 21:09 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 04:21 - 2012-08-20 21:09 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 04:20 - 2012-08-20 21:09 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 04:19 - 2012-08-20 21:09 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 04:17 - 2012-08-20 21:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 04:16 - 2012-08-20 21:09 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 04:16 - 2012-08-20 21:09 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 04:14 - 2012-08-20 21:09 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 04:13 - 2012-08-20 21:09 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 04:12 - 2012-08-20 21:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 04:08 - 2012-08-20 21:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 01:50 - 2012-08-20 21:09 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 01:28 - 2012-08-20 21:09 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 01:27 - 2012-08-20 21:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 01:19 - 2012-08-20 21:09 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 01:18 - 2012-08-20 21:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 01:18 - 2012-08-20 21:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 01:16 - 2012-08-20 21:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 01:13 - 2012-08-20 21:09 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 01:12 - 2012-08-20 21:09 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 01:10 - 2012-08-20 21:09 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 01:08 - 2012-08-20 21:09 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 01:08 - 2012-08-20 21:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 01:07 - 2012-08-20 21:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 01:04 - 2012-08-20 21:09 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-19 16:32 - 2012-06-19 16:33 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-19 16:32 - 2012-06-19 16:33 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-19 16:32 - 2012-06-19 16:33 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-19 16:32 - 2012-06-19 16:33 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-19 16:32 - 2010-06-20 10:53 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-06-08 18:59 - 2012-07-25 00:22 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 18:47 - 2012-07-25 00:22 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 17:47 - 2012-07-25 00:23 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 17:47 - 2012-07-25 00:23 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 17:22 - 2012-07-25 00:23 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 17:22 - 2012-07-25 00:23 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-04 16:29 - 2012-07-25 00:23 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 23:19 - 2012-06-22 19:23 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 23:19 - 2012-06-22 19:23 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 23:19 - 2012-06-22 19:23 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 23:19 - 2012-06-22 19:23 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 23:19 - 2012-06-22 19:23 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 23:19 - 2012-06-22 19:23 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 23:19 - 2012-06-22 19:23 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 23:15 - 2012-06-22 19:23 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 23:15 - 2012-06-22 19:23 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 23:12 - 2012-06-22 19:23 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 14:19 - 2012-06-22 19:22 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-22 19:22 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 14:15 - 2012-06-22 19:22 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 14:12 - 2012-06-22 19:22 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-02 01:22 - 2012-07-25 00:23 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 01:22 - 2012-07-25 00:23 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-02 01:05 - 2012-07-25 00:23 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-02 01:04 - 2012-07-25 00:23 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-02 01:03 - 2012-07-25 00:23 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: “%1” %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 4093.39 MB
Available physical RAM: 3394.33 MB
Total Pagefile: 3824.04 MB
Available Pagefile: 3376.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (BOOT) (Fixed) (Total:576.17 GB) (Free:452.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:10.32 GB) FAT32
3 Drive e: (MEDHPSP1DAN) (CDROM) (Total:3.2 GB) (Free:0 GB) CDFS
7 Drive i: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Partition ###  Type         Str.    Forskydning
——————- ———————————- —————-
  Disk 0   Online     596 GB     0 B      
  Disk 1   Intet medi     0 B     0 B      
  Disk 2   Intet medi     0 B     0 B      
  Disk 3   Intet medi     0 B     0 B      
  Disk 4   Online     3824 MB     0 B      

Partitions of Disk 0:
===============

  Partition ###  Type         Str.    Forskydning
——————- ———————————- —————-
  Partition 1   Prim‘r         576 GB 1024 KB
  Partition 0   Udvidet         20 GB   576 GB
  Partition 2   Logisk         20 GB   576 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Skjult: Nej
Aktiv : Ja

  Diskenhed Bogs. Navn     Fs   Type     Str.    Status   Oplysn.
————- —————————- ————————- ————- ————
* Diskenhed 1   C   BOOT       NTFS   Partition   576 GB I orden        

==================================================================================

Disk: 0
Partition 2
Type : 0B
Skjult: Nej
Aktiv : Nej

  Diskenhed Bogs. Navn     Fs   Type     Str.    Status   Oplysn.
————- —————————- ————————- ————- ————
* Diskenhed 2   D   RECOVER     FAT32 Partition   20 GB I orden        

==================================================================================

Partitions of Disk 4:
===============

  Partition ###  Type         Str.    Forskydning
——————- ———————————- —————-
  Partition 1   Prim‘r         3823 MB   32 KB

==================================================================================

Disk: 4
Partition 1
Type : 0B
Skjult: Nej
Aktiv : Ja

  Diskenhed Bogs. Navn     Fs   Type     Str.    Status   Oplysn.
————- —————————- ————————- ————- ————
* Diskenhed 6   I   KINGSTON   FAT32 Flytbar   3823 MB I orden        

==================================================================================

Last Boot: 2012-08-21 22:42

======================= End Of Log ==========================

Har PCen været inficeret, for jeg kan se der har været prøvet forskelligt

Hvad var det sidste der blev gjort, da PCen kunne starte

hej

hmm, noget af det sidste der blev lavet på den var at se mail, der gik den i baglås og ville ingen ting. stod i ca ½ til en hel timer unden der skete noget ! den regeret ikke på noget som helst (som fx Ctrl-alt-del)  derefter tog jeg strømmen til den. 

da jeg så prøver at starte den op igen kommer der kun en sort skærm, hvor man kun kan se en hvid muse pil.

jeg har forsøgt temmeligt mange ting for at få den op at køre igen (uden noget held!)

om den har været inficeret før? det kan jeg ikke huske sikkerhed ... (men er så længe siden måske ca 2 år ..)

Lad os få lidt flere oplysninger.

Hent MBRFix herfra:
http://www.sysint.no/products/Download/tabid/536/language/en-US/Default.aspx

Pak den ud i en mappe på Skrivebordet.

Kopier MBRFix64.exe ned på USB nøglen.

Jeg vedhæfter Fixlist.txt. Gem den på din USB nøgle.

Start PCen op med Kommando prompt. (Som før)

Ved Kommando prompten starter du FRST (Farbar Recovery Scan Tool) og klikker på FIX (og venter til den er færdig)

Den laver Fixlog.txt, som du skal kopiere herind i dit næste indlæg.

Luk Farbar Recovery Scan Tool, og genstart PCen.

Den laver også MBRDUMP.txt, som du skal vedhæfte, da det er en hex fil.

de kommer her

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 22-08-2012
Ran by SYSTEM at 2012-08-27 15:16:17 Run:1
Running from I:\

==============================================

=========  bcdedit /enum all /v =========

Windows Boot Manager
——————————
id         {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device             partition=C:
path             \bootmgr
description         Windows Boot Manager
locale             da-DK
inherit           {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default           {b4bf937b-f39b-11dd-a505-d3bae6fc87a5}
displayorder         {b4bf937b-f39b-11dd-a505-d3bae6fc87a5}
toolsdisplayorder     {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout           30
resume             No

Windows Boot Loader
—————————-
id         {b4bf937b-f39b-11dd-a505-d3bae6fc87a5}
device             partition=C:
path             \Windows\system32\winload.exe
description         Microsoft Windows Vista
locale             da-DK
inherit           {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice           partition=C:
systemroot         \Windows
resumeobject         {b4bf937c-f39b-11dd-a505-d3bae6fc87a5}
nx               OptIn

Forts‘t efter dvale
——————————-
id         {b4bf937c-f39b-11dd-a505-d3bae6fc87a5}
device             partition=C:
path             \Windows\system32\winresume.exe
description         Windows Resume Application
locale             da-DK
inherit           {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice         partition=C:
filepath           \hiberfil.sys
debugoptionenabled     No

Windows Hukommelsestester
————————————-
id         {b2721d73-1db4-4c62-bf78-c548a880142d}
device             partition=C:
path             \boot\memtest.exe
description         Windows Hukommelsesdiagnosticering
locale             da-DK
inherit           {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess       Yes

Windows Indl‘ser af ‘ldre operativsystemer
—————————————————————
id         {466f5a88-0af2-4f76-9038-095b170dc21c}
device             partition=C:
path             \ntldr
description         Tidligere version af Windows

EMS-indstillinger
——————
id         {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems           Yes

Fejlfindingsindstillinger
————————-
id         {4636856e-540f-4170-a130-a84776f4c654}
debugtype           Serial
debugport           1
baudrate           115200

RAM-fejl
—————-
id         {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Globale indstillinger
———————-
id         {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit           {4636856e-540f-4170-a130-a84776f4c654}
                {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
                {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Indstillinger for afsnittet Boot Loader
——————————
id         {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit           {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Indstillinger for afsnittet Resume Loader
———————————
id         {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit           {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

========= End of CMD: =========

MBRDUMP.txt is made successfully.

==== End of Fixlog ====

Jeg vedhæfter Fixlist.txt. Gem den på din USB nøgle.

Start PCen op med Kommando prompt. (Som før)

Ved Kommando prompten starter du FRST (Farbar Recovery Scan Tool) og klikker på FIX (og venter til den er færdig)

Den laver Fixlog.txt, som du skal kopiere herind i dit næste indlæg.

Luk Farbar Recovery Scan Tool, og genstart PCen.

Fortæl om det hjalp.

det hjalp desværre ikke :-(

jeg får stadig sort skærm med en hvid musepil på og ikke andet

her er fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 22-08-2012
Ran by SYSTEM at 2012-08-27 23:25:43 Run:2
Running from I:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

Vil du godt prøve at beskrive opstarten lid mere.

Får du overhovedet ingen fejlmeddelelse

Vil du godt hente en ny Farbar Recovery Scan Tool x64 og gemme den på USB nøglen.

Sæt USB nøglen i den inficerede PC.

Start PCen op med “Advanced Boot Options” (Tryk F8 flere gange under opstart)
Vælg “Repair Your Computer”
Vælg sprog.
Vælg Bruger konto.

Så skal du vælge Kommando Prompt.

Der skriver du notepad, og trykker <Enter>

Vælg Fil menu -> Åbn og vælg “Computer”. Find drevbogstavet til din USB nøgle. Luk Notesblok.

Ved Kommando prompten skriver du e:\frst.exe (64 bit Windows e:\frst64)
Erstat e med det rigtige bogstav.

Når Farbar Recovery Scan Tool er startet, klikker du på Scan.

Den laver FRST.txt på USB nøglen. Kopier den herind i dit næste indlæg.

hej

jeg får ikke andet at vide end “windows blev ikke lukket korrekt” og så får jeg 4 valg: fejlsikret tilstan, fejlsikret tilstan med netværk, fejlsikret tilstan med kommandoprompt, samt start windows nomalt

hvad jeg end vælger, får jeg blot en sort skærm med en hvid musepil på, jeg kan bevæge musen rundt på skærmen men ikke andet den regere ikke på nogen andre ting ! jeg er nødt til at slukke for strømmen til den da den ikke reger på noget (kan dog slukke den på selve pcen, ved at holde knappen inde)

når jeg skal lave en test (som fx Farbar Recovery Scan Tool) på den lægger jeg recovery disk i og starter op fra den
(jeg har prøvet om den kunne repareres med recovery disk, men uden held)

jeg har hentet en ny Farbar Recovery Scan Tool x64 og kørt den (virrker som C drevet er væk nu ?)

men her er FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 28-08-2012
Ran by SYSTEM at 29-08-2012 01:23:17
Running from I:\
  Service Pack 1 (X64) OS Language: Danish
Attention: Could not load system hive.Attention: System hive is missing.

==================== Registry (Whitelisted) ===================

Attention: Software hive is missing.

HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]  [x]
HKLM\...\Winlogon: [Shell]  [x ] ()
HKLM-x32\...\Winlogon: [Shell]  [x ] ()

==================== Services (Whitelisted) ======

==================== Drivers (Whitelisted) ===================

==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================

==================== 3 Months Modified Files ================================

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 4093.39 MB
Available physical RAM: 3618.38 MB
Total Pagefile: 3824.04 MB
Available Pagefile: 3590.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions ============================

1 Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:10.32 GB) FAT32
2 Drive e: (MEDHPSP1DAN) (CDROM) (Total:3.2 GB) (Free:0 GB) CDFS
6 Drive i: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Partition ###  Type         Str.    Forskydning
——————- ———————————- —————-
  Disk 0   Online     596 GB     0 B      
  Disk 1   Intet medi     0 B     0 B      
  Disk 2   Intet medi     0 B     0 B      
  Disk 3   Intet medi     0 B     0 B      
  Disk 4   Online     3824 MB     0 B      

Partitions of Disk 0:
===============

  Partition ###  Type         Str.    Forskydning
——————- ———————————- —————-
  Partition 1   Prim‘r         576 GB 1024 KB
  Partition 0   Udvidet         20 GB   576 GB
  Partition 2   Logisk         20 GB   576 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Skjult: Nej
Aktiv : Ja

  Diskenhed Bogs. Navn     Fs   Type     Str.    Status   Oplysn.
————- —————————- ————————- ————- ————
* Diskenhed 1   Y           RAW   Partition   576 GB I orden        

==================================================================================

Disk: 0
Partition 2
Type : 0B
Skjult: Nej
Aktiv : Nej

  Diskenhed Bogs. Navn     Fs   Type     Str.    Status   Oplysn.
————- —————————- ————————- ————- ————
* Diskenhed 2   D   RECOVER     FAT32 Partition   20 GB I orden        

==================================================================================

Partitions of Disk 4:
===============

  Partition ###  Type         Str.    Forskydning
——————- ———————————- —————-
  Partition 1   Prim‘r         3823 MB   32 KB

==================================================================================

Disk: 4
Partition 1
Type : 0B
Skjult: Nej
Aktiv : Ja

  Diskenhed Bogs. Navn     Fs   Type     Str.    Status   Oplysn.
————- —————————- ————————- ————- ————
* Diskenhed 6   I   KINGSTON   FAT32 Flytbar   3823 MB I orden        

==================================================================================
==================== End Of Log =============================

Det ser underligt ud, for jeg bad FRST om at tilbageføre Registreringsdatabasen.

Har du sikret dig en Backup af data, for jeg spekulerer på hvordan den harddisk har det rent fysisk

jeg har ikke noget nyere backup af den disk desværre

men der er kun få ting på den som ikke kan erstattes .. men er da ting som jeg gerne ville have igen

jeg tænker på om det evt kunne være windowes selv der havde prøvet at genoprette uden held ? (har jeg oplevet en gang før, dog ikke på denne pc)

Jeg kender ikke “Trinity Rescue Kit”, men dine data burde kunne reddes med Puppy Linux.

Fremstilling af Puppy linux CD - http://bjergs.net/boot_iso.html
Vejledning i brugen - http://bjergs.net/puppy_live.html - Her er også downloadlink.

det vil jeg prøve ser ud som det er et godt og nemt program

Trinity Rescue Kit kan en del, men kræver sommetider en del at bruge, er også næsten 100% tekstbaseret

har du evt nogen råd til at undersøge harddisken når jeg har hentet data ud

Du siger bare til. når du har reddet dine data.