HijackThis log - vil gerne have den tjekket :)

Afinstall
* uTorrent(bar)
* Ask ToolBar

---

Ved du selv hvad dette e r->
O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe

---

En Scanning med MalwareBytes (husk at opdatere !!!) ->Loggen derfra her i tråden...

http://www.eksperten.dk/list/aabnespoergsmaal/muzo - husk at følge op / lukke gamle spørgsmål fra dig ...

Tusind tak
Problemet er løst
Så må der gerne lukkes her :) !

Øhhh - hvad med omtalte Log fil ?

Nåå ja ups
Var lidt for hurtig
ehm jeg har fixet cgate install
men den popper stadig hurtig op som et dos vindue og lukker ned :S

Her er en fresh log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:08:47 PM, on 25/01/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Users\Musa\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Musa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe
O4 - Startup: exploreroptions.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Vis eller skjul HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D8D2FD-E5FF-4061-BEB0-2DEAB1A3E166}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11494 bytes

kunne ikke redigere i mit indlæg

men tror det er væk nu ..

prøver lige igen:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:12:17 PM, on 25/01/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Users\Musa\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Musa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe
O4 - Startup: exploreroptions.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Vis eller skjul HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D8D2FD-E5FF-4061-BEB0-2DEAB1A3E166}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11435 bytes

håber jeg redigere nu
har lige genstartet
efter at have fixet

O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe


men har lige scannet igen
og den står der stadig
og cgate dos vinduet åbner stadig op og lukker ned :S

Hvad med efterlyste Log fra Malwarebytes ?
Husk først at opdatere programmet - tja - fanen [Opdatér] !

Mht.: Vista/WIN7 - HøjreMusseTast - "Kør som Administrator..." ved kørsel af MalwareBytes + HiJackThis ...

---

Hvad med ->

Afinstall
* uTorrent(bar)
* Ask ToolBar


---

PS: Du skal ikke selv lægge [svar]; er 'reserveret' til (til løsninger og pointgivning), som der står. Når man ser oversigten over spørgsmål, tror folk at der er lagt løsning/svar og så bliver spørgsmålet sprunget over...

Jeg prøver at bruge ekspertens FAQ ..

har prøvet at fjerne ask og utorrent toolbar

Her er Maal log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5599

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25/01/2011 8:57:27 PM
mbam-log-2011-01-25 (20-57-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 374570
Time elapsed: 50 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.Bot) -> Value: Policies -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies (Backdoor.Bot) -> Value: Policies -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

og her er hjktis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:01 PM, on 25/01/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Users\Musa\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Musa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe
O4 - Startup: exploreroptions.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Vis eller skjul HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1D8D2FD-E5FF-4061-BEB0-2DEAB1A3E166}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11053 bytes


har stadig problemer med cgate installer

Kør en scanning med Hijackthis, Mht.: Vista/WIN7 - HøjreMusseTast - "Kør som Administrator..."
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:


O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe


Genstart normalt...

Manuelt SLET
c:\directory\Cgate\

---

Hvordan kører PC'en så nu ?

Har gjort som der stod

"O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe
"

er kommet tilbage

og c:\directory\Cgate\ er kommet tilbage :( !

WTF ?

Manuelt SLET
c:\directory\Cgate\
i fejlsikker tilstand !

---

PS: Kører du - med vilje - igennem noget "Open DNS" ?

Nej jeg bruger ikke open dns , ved ik hvad det er ?

Jeg gik i fejlsikret tilstand
Køre hjackthhis -> fixed de to cgate
Så slettede jeg c:\directory\Cgate\

Også genstartede
Og jeg har det stadig :(
har fundet ud af at det er en hacker , som også har lave fjernsupport .. han kontrollerede min mus og tast :(

Kan jeg bruge dette?
http://www.threatexpert.com/report.aspx?md5=e56ce4fc82a497c7126b949968aac02a

Klik med højre muse-tast på din netværk ikon på proceslinjen > Åbn netværks og delingscenter > Dobbelt-klik på din netværksforbindelse > Egenskaber > Marker TCP/Ipv4 (Internet Protocol version 4) > Egenskaber > Marker "Hent automatisk en ip adresse" og "Hent automatisk en DNS"  > Klik OK.



Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:


Killall::
Snapshot::



klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Deaktiver dit antivirusprogram inden du kører combofix.

PS: Vær tålmodig og vent til den logfil åbner automatisk

(Enig med #16 ...)

Log fil:

ComboFix 11-01-25.03 - Musa 26/01/2011  14:03:58.1.2 - x64
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.44.1033.18.3519.2091 [GMT 1:00]
Running from: c:\users\Musa\Desktop\combo\ComboFix.exe
AV: avast! Internet Security *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: avast! Internet Security *Enabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473}
SP: avast! Internet Security *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20100408174533_oppo100301cha15s.swf
c:\favoritevideo\InvisibleFolder\20100409192551_20100408151046_OPPO10203zhu15s.wmv
c:\favoritevideo\InvisibleFolder\20100412144851_MM100412zhu15s.wmv
c:\favoritevideo\InvisibleFolder\20100414103520_changhong100414cha15s1.swf
c:\favoritevideo\InvisibleFolder\20100414104009_changhong100414zhu15s2.swf
c:\favoritevideo\InvisibleFolder\20100414105640_changhong100414zanting15s2.swf
c:\favoritevideo\InvisibleFolder\20100414150856_fupin100413zanting15s.gif
c:\favoritevideo\InvisibleFolder\20100415101926_30''_mercurial_vapor_edit.wmv
c:\favoritevideo\InvisibleFolder\20100415140254_mingchaoshidai100415qipao15s.swf
c:\favoritevideo\InvisibleFolder\20100415144851_mingchaoshidai100415zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100415151129_oppo100301jiaobiao15s.swf
c:\favoritevideo\InvisibleFolder\20100416141401_PPvip100415zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100420112407_panlong100420zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100420154256_dilu100418LHWyueyuzhu30s.swf
c:\favoritevideo\InvisibleFolder\20100420155520_dilu100418SFyueyuzhu15s.swf
c:\favoritevideo\InvisibleFolder\20100420155636_dilu100418SFguoyuzhu15s.swf
c:\favoritevideo\InvisibleFolder\20100420160127_dilu100418BSguoyuzhu15s.swf
c:\favoritevideo\InvisibleFolder\20100420160522_dilu100418LHWyueyuzhu20s.swf
c:\favoritevideo\InvisibleFolder\20100420161332_dilu100418LHWguoyuzhu20s.swf
c:\favoritevideo\InvisibleFolder\20100420162530_dilu100418ALyueyuzhu15s.swf
c:\favoritevideo\InvisibleFolder\20100420162734_dilu100418ALguoyuzhu15s.swf
c:\favoritevideo\InvisibleFolder\20100421115550_weiting100411zhu15syueyu.swf
c:\favoritevideo\InvisibleFolder\20100421115911_weiting100425zhu15sguoyu.swf
c:\favoritevideo\InvisibleFolder\20100422133441_baishi100426zhu30s.wmv
c:\favoritevideo\InvisibleFolder\20100423142848_porsche100423zhu30s.wmv
c:\favoritevideo\InvisibleFolder\20100426193020_jilang100427zhu30s.wmv
c:\favoritevideo\InvisibleFolder\20100426224229_fantexi100427zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100427120207_tengfei100427zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100427140128_vip100427zhu5s.swf
c:\favoritevideo\InvisibleFolder\20100427160704_jinglun100429zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100427162307_dianxin100428zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100427162426_dianxin100428cha15s.swf
c:\favoritevideo\InvisibleFolder\20100428154634_wanwangzhiwang100502zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100428162941_chuanqiguilai100501qipao15s.swf
c:\favoritevideo\InvisibleFolder\20100428174332_vip100429zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100428182557_xianglian100429zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100429111904_kuainan100419zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100429112015_kuainan100419zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100429112102_kuainan100429cha15s.swf
c:\favoritevideo\InvisibleFolder\20100429112137_kuainan100429qipao15s.swf
c:\favoritevideo\InvisibleFolder\20100429153716_mop100429diguoqipao15s.swf
c:\favoritevideo\InvisibleFolder\20100429164111_longchuang100429zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100429165632_silang100501zhu15s.wmv
c:\favoritevideo\InvisibleFolder\20100429170547_silang100501zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100429171843_480-360-02.swf
c:\favoritevideo\InvisibleFolder\20100429172250_300x250.swf
c:\favoritevideo\InvisibleFolder\20100429191013_ppl480x360.swf
c:\favoritevideo\InvisibleFolder\20100429191804_ppl320x240.swf
c:\favoritevideo\InvisibleFolder\20100429203654_liangjian100501qipao15s.swf
c:\favoritevideo\InvisibleFolder\20100429210942_dianxin100502zanting.jpg
c:\favoritevideo\InvisibleFolder\20100429213255_kadang100501qipao15s.swf
c:\favoritevideo\InvisibleFolder\20100430134913_longchuang100502qipao15s.swf
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010050120100502000412.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010050120100502002859.zip.tpp
c:\favoritevideo\InvisibleFolder\vip_db_big20100429.zip
c:\favoritevideo\InvisibleFolder\vip_db_small2010042920100501.zip
C:\install.exe
c:\users\Musa\AppData\Roaming\chrtmp
c:\users\Musa\AppData\Roaming\inst.exe
c:\users\Musa\AppData\Roaming\PriceGong
c:\users\Musa\AppData\Roaming\PriceGong\Data\1.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\a.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\b.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\c.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\d.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\e.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\f.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\g.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\h.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\i.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\J.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\k.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\l.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\m.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\n.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\o.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\p.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\q.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\r.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\s.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\t.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\u.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\v.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\w.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\x.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\y.xml
c:\users\Musa\AppData\Roaming\PriceGong\Data\z.xml
c:\windows\7Loader.TAG
c:\windows\XSxS

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_conhost.exe        pid: 1436    24: c:\windows\System32\en-US\conhost.exe.mui
-------\Service_conhost.exe        pid: 1440    20: c:\windows\System32\en-US\conhost.exe.mui
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_ctfmon.exe        pid: 1820    50: c:\windows\SysWOW64\en-US\ctfmon.exe.mui
-------\Service_Handle v3.42
-------\Service_lsm.exe            pid: 672    260: c:\windows\System32\en-US\lsm.exe.mui
-------\Service_svchost.exe        pid: 2912    F0: \BaseNamedObjects\HPZipm12.exeCommandMapPort
-------\Service_Sysinternals - www.sysinternals.com
-------\Service_wmpnetwk.exe      pid: 1372    3C: c:\program files\Windows Media Player\en-US\wmpnetwk.exe.mui
-------\Service_wmpnetwk.exe      pid: 1372    7A0: c:\program files\Windows Media Player\wmpnetwk.exe


(((((((((((((((((((((((((  Files Created from 2010-12-26 to 2011-01-26  )))))))))))))))))))))))))))))))
.

2011-01-26 12:59 . 2011-01-26 13:01    --------    d-----w-    C:\32788R22FWJFW
2011-01-26 11:10 . 2011-01-26 11:10    --------    d-----w-    c:\program files\Ventrilo
2011-01-26 11:09 . 2011-01-26 11:09    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2011-01-26 11:08 . 2011-01-26 11:08    --------    d-----w-    c:\program files (x86)\TeamSpeak 3 Client
2011-01-26 00:31 . 2011-01-26 00:31    --------    d-----w-    c:\program files (x86)\uTorrent
2011-01-25 20:09 . 2011-01-25 20:09    --------    d-----w-    c:\users\Musa\AppData\Roaming\CheeseSoft
2011-01-25 20:09 . 2011-01-25 20:10    --------    d-----w-    C:\FU_Backup
2011-01-25 20:09 . 2011-01-25 20:45    --------    d-----w-    c:\program files (x86)\FinalUninstaller
2011-01-25 07:35 . 2011-01-13 10:20    7844688    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{81841ABF-C78E-45CB-9914-8994842136A6}\mpengine.dll
2011-01-23 15:49 . 2011-01-23 15:49    388096    ----a-r-    c:\users\Musa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-23 15:49 . 2011-01-23 15:49    --------    d-----w-    c:\program files (x86)\Trend Micro
2011-01-23 10:51 . 2011-01-23 10:51    --------    d-----w-    c:\users\Musa\AppData\Roaming\Auslogics
2011-01-23 09:53 . 2011-01-23 11:38    --------    d-----w-    c:\programdata\IObit
2011-01-23 09:39 . 2011-01-23 09:39    --------    d-----w-    c:\program files (x86)\Auslogics
2011-01-23 09:36 . 2011-01-23 09:36    --------    d-----w-    c:\users\Musa\AppData\Roaming\Malwarebytes
2011-01-23 09:36 . 2010-12-20 17:09    38224    ----a-w-    c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-23 09:36 . 2011-01-23 09:36    --------    d-----w-    c:\programdata\Malwarebytes
2011-01-23 09:36 . 2011-01-23 09:36    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-23 09:36 . 2010-12-20 17:08    24152    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-01-21 15:13 . 2011-01-21 15:13    667648    ----a-w-    c:\users\Musa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exploreroptions.exe
2011-01-10 10:39 . 2011-01-10 10:40    --------    d-----w-    c:\users\Musa\AppData\Roaming\vlc
2011-01-04 15:05 . 2011-01-11 17:38    270904    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2011-01-04 15:05 . 2011-01-08 09:58    270904    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2011-01-04 15:05 . 2011-01-11 17:38    270904    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2011-01-04 15:05 . 2011-01-04 15:05    75136    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2011-01-04 15:03 . 2011-01-04 15:03    --------    d-----w-    c:\users\Musa\AppData\Local\PunkBuster
2011-01-04 14:56 . 2011-01-04 14:56    --------    d--h--r-    c:\users\Musa\AppData\Roaming\SecuROM
2011-01-04 13:56 . 2011-01-04 13:56    --------    d-----w-    c:\program files (x86)\Electronic Arts
2011-01-04 13:56 . 2009-09-04 16:44    517960    ----a-w-    c:\windows\system32\XAudio2_5.dll
2011-01-04 13:56 . 2009-09-04 16:44    238936    ----a-w-    c:\windows\SysWow64\xactengine3_5.dll
2011-01-04 13:56 . 2009-09-04 16:44    176968    ----a-w-    c:\windows\system32\xactengine3_5.dll
2011-01-04 13:56 . 2009-09-04 16:29    1974616    ----a-w-    c:\windows\SysWow64\D3DCompiler_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    2582888    ----a-w-    c:\windows\system32\D3DCompiler_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    5501792    ----a-w-    c:\windows\SysWow64\d3dcsx_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    5554512    ----a-w-    c:\windows\system32\d3dcsx_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    235344    ----a-w-    c:\windows\SysWow64\d3dx11_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    1892184    ----a-w-    c:\windows\SysWow64\D3DX9_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    285024    ----a-w-    c:\windows\system32\d3dx11_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    2475352    ----a-w-    c:\windows\system32\D3DX9_42.dll
2011-01-03 07:33 . 2011-01-03 07:33    --------    d-----w-    c:\users\Musa\AppData\Local\Conduit
2011-01-01 13:02 . 2011-01-01 13:02    --------    d-----w-    c:\windows\en
2011-01-01 13:00 . 2009-09-04 16:44    69464    ----a-w-    c:\windows\SysWow64\XAPOFX1_3.dll
2011-01-01 13:00 . 2009-09-04 16:44    515416    ----a-w-    c:\windows\SysWow64\XAudio2_5.dll
2011-01-01 13:00 . 2009-09-04 16:29    453456    ----a-w-    c:\windows\SysWow64\d3dx10_42.dll
2011-01-01 13:00 . 2009-09-04 16:29    523088    ----a-w-    c:\windows\system32\d3dx10_42.dll
2011-01-01 12:59 . 2006-11-29 12:06    4398360    ----a-w-    c:\windows\system32\d3dx9_32.dll
2011-01-01 12:59 . 2006-11-29 12:06    3426072    ----a-w-    c:\windows\SysWow64\d3dx9_32.dll
2011-01-01 09:23 . 2011-01-03 07:33    --------    d-----w-    c:\users\Musa\AppData\Local\uTorrentBar
2010-12-31 12:17 . 2010-12-31 12:17    --------    d-----w-    c:\program files (x86)\SystemRequirementsLab
2010-12-31 12:17 . 2010-12-31 12:17    --------    d-----w-    c:\users\Musa\AppData\Roaming\SystemRequirementsLab
2010-12-29 13:57 . 2010-12-29 13:58    --------    d-----w-    c:\windows\SysWow64\Adobe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 17:53 . 2010-04-29 15:40    472808    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2010-11-04 06:35 . 2010-12-16 19:43    1194496    ----a-w-    c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-16 19:43    57856    ----a-w-    c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-16 19:43    978944    ----a-w-    c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-16 19:43    44544    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-16 19:43    482816    ----a-w-    c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-16 19:43    386048    ----a-w-    c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-16 19:43    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-16 19:43    1638912    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-16 19:43    524288    ----a-w-    c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-16 19:43    1169408    ----a-w-    c:\windows\system32\taskschd.dll
2010-11-02 05:17 . 2010-12-16 19:43    473600    ----a-w-    c:\windows\system32\taskcomp.dll
2010-11-02 05:16 . 2010-12-16 19:43    1114624    ----a-w-    c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-16 19:43    464384    ----a-w-    c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-16 19:43    285696    ----a-w-    c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-16 19:43    496128    ----a-w-    c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-16 19:43    305152    ----a-w-    c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-16 19:43    192000    ----a-w-    c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-16 19:43    179712    ----a-w-    c:\windows\SysWow64\schtasks.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-06-28 20:59    153184    ----a-w-    c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Musa\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Policies"="c:\directory\Cgate\install\server.exe" [2009-06-10 1169224]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Policies"="c:\directory\Cgate\install\server.exe" [2009-06-10 1169224]

c:\users\Musa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
4t Tray Minimizer.lnk - c:\program files (x86)\4t Tray Minimizer\4t-min.exe [2010-4-29 1821696]
exploreroptions.exe [2011-1-21 667648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-07 1038088]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2007-07-18 189664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-06-28 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-09 834544]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 61008]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-06-28 119200]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 24152]
S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [2008-03-20 11904]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ      hpqcxs08 hpqddsvc
nosGetPlusHelper    REG_MULTI_SZ      nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-01-25 c:\windows\Tasks\AWC Update.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\IObitUpdate.exe [2011-01-23 14:24]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-26 04:23]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-26 04:23]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267773119-1761465820-909672678-1000Core.job
- c:\users\Musa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 04:23]

2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267773119-1761465820-909672678-1000UA.job
- c:\users\Musa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 04:23]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-06-28 20:56    177416    ----a-w-    c:\program files\Alwil Software\Avast5\snxPlugins64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.dk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Musa\AppData\Roaming\Mozilla\Firefox\Profiles\nbx5gcxp.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=da&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Dansk ordbog: danish@dictionaries.addons.mozilla.org - %profile%\extensions\danish@dictionaries.addons.mozilla.org
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: ImageShack® Toolbar: {7378B8C2-FC38-41b8-A8C9-875D1F5B0A24} - %profile%\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{43c35458-c907-439b-bcfd-07d373834689}: {43c35458-c907-439b-bcfd-07d373834689} - %profile%\extensions\{43c35458-c907-439b-bcfd-07d373834689}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: YouTube mp3: info@youtube-mp3.org - %profile%\extensions\info@youtube-mp3.org
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe


"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 1436    24: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 1440    20: C:]
--
"ServiceDll"="%SystemRoot%\System32\cscsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ctfmon.exe        pid: 1820    50: C:]
--
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lsm.exe            pid: 672    260: C:]
--
"ImagePath"="\SystemRoot\system32\DRIVERS\storvsc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 2912    F0: ]
--
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe      pid: 1372    3C: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe      pid: 1372    7A0: C:]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1267773119-1761465820-909672678-1000\Software\SecuROM\License information*]
"datasecu"=hex:f7,88,d7,d8,74,15,6a,bf,f5,d4,67,59,bd,8a,0d,02,b9,10,60,48,e6,
  e3,12,f0,a7,74,4f,d9,09,f2,f6,90,2c,64,4b,3e,3c,d6,26,c4,d6,47,b1,1f,9f,99,\
"rkeysecu"=hex:bb,13,e1,a6,bd,77,b9,54,50,24,bf,5c,25,18,c8,d1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\users\Musa\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-01-26  14:31:04 - machine was rebooted
ComboFix-quarantined-files.txt  2011-01-26 13:31

Pre-Run: 137,176,166,400 bytes free
Post-Run: 136,676,851,712 bytes free

- - End Of File - - 98E8C073C745F2F1B8B3430665F0E4B7

Åbn mappen med Combofix, højreklik et tilfældig i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:


Killall::
Snapshot::
Folder::
c:\program files (x86)\uTorrent
c:\users\Musa\AppData\Local\uTorrentBar
c:\directory
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Policies"=-
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Policies"=-
Driver::
Lbd
TfFsMon
TfSysMon
eamonm
TfNetMon



klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.

Så fik jeg kørt combofix :)
Skal lige hurtig sige at jeg har fulgt det her:

"
Det er disse, som skal fixes:
O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe
Genstart normalt...
Manuelt SLET
c:\directory\Cgate\
-- "
og har stadig cgate liggende :( !

Men her er log:
ComboFix 11-01-26.01 - Musa 27/01/2011  10:36:33.3.2 - x64
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.44.1033.18.3519.2359 [GMT 1:00]
Running from: c:\users\Musa\Desktop\Combo\ComboFix.exe
AV: avast! Internet Security *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: avast! Internet Security *Enabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473}
SP: avast! Internet Security *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_conhost.exe        pid: 3396    24: c:\windows\System32\en-US\conhost.exe.mui
-------\Service_conhost.exe        pid: 3668    20: c:\windows\System32\en-US\conhost.exe.mui
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_Handle v3.42
-------\Service_lsm.exe            pid: 688    268: c:\windows\System32\en-US\lsm.exe.mui
-------\Service_svchost.exe        pid: 2368    E8: \BaseNamedObjects\HPZipm12.exeCommandMapPort
-------\Service_Sysinternals - www.sysinternals.com
-------\Service_wmpnetwk.exe      pid: 800      3C: c:\program files\Windows Media Player\en-US\wmpnetwk.exe.mui
-------\Service_wmpnetwk.exe      pid: 800    764: c:\program files\Windows Media Player\wmpnetwk.exe


(((((((((((((((((((((((((  Files Created from 2010-12-27 to 2011-01-27  )))))))))))))))))))))))))))))))
.

2011-01-27 09:51 . 2011-01-27 09:51    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-01-26 11:10 . 2011-01-26 11:10    --------    d-----w-    c:\program files\Ventrilo
2011-01-26 11:09 . 2011-01-26 11:09    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2011-01-26 11:08 . 2011-01-26 11:08    --------    d-----w-    c:\program files (x86)\TeamSpeak 3 Client
2011-01-26 00:31 . 2011-01-26 00:31    --------    d-----w-    c:\program files (x86)\uTorrent
2011-01-25 20:09 . 2011-01-25 20:09    --------    d-----w-    c:\users\Musa\AppData\Roaming\CheeseSoft
2011-01-25 20:09 . 2011-01-25 20:10    --------    d-----w-    C:\FU_Backup
2011-01-25 20:09 . 2011-01-25 20:45    --------    d-----w-    c:\program files (x86)\FinalUninstaller
2011-01-25 07:35 . 2011-01-13 10:20    7844688    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{81841ABF-C78E-45CB-9914-8994842136A6}\mpengine.dll
2011-01-23 15:49 . 2011-01-23 15:49    388096    ----a-r-    c:\users\Musa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-23 15:49 . 2011-01-23 15:49    --------    d-----w-    c:\program files (x86)\Trend Micro
2011-01-23 10:51 . 2011-01-23 10:51    --------    d-----w-    c:\users\Musa\AppData\Roaming\Auslogics
2011-01-23 09:53 . 2011-01-23 11:38    --------    d-----w-    c:\programdata\IObit
2011-01-23 09:39 . 2011-01-23 09:39    --------    d-----w-    c:\program files (x86)\Auslogics
2011-01-23 09:36 . 2011-01-23 09:36    --------    d-----w-    c:\users\Musa\AppData\Roaming\Malwarebytes
2011-01-23 09:36 . 2010-12-20 17:09    38224    ----a-w-    c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-23 09:36 . 2011-01-23 09:36    --------    d-----w-    c:\programdata\Malwarebytes
2011-01-23 09:36 . 2011-01-23 09:36    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-23 09:36 . 2010-12-20 17:08    24152    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-01-21 15:13 . 2011-01-21 15:13    667648    ----a-w-    c:\users\Musa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exploreroptions.exe
2011-01-10 10:39 . 2011-01-10 10:40    --------    d-----w-    c:\users\Musa\AppData\Roaming\vlc
2011-01-04 15:05 . 2011-01-11 17:38    270904    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2011-01-04 15:05 . 2011-01-08 09:58    270904    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2011-01-04 15:05 . 2011-01-11 17:38    270904    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2011-01-04 15:05 . 2011-01-04 15:05    75136    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2011-01-04 15:03 . 2011-01-04 15:03    --------    d-----w-    c:\users\Musa\AppData\Local\PunkBuster
2011-01-04 14:56 . 2011-01-04 14:56    --------    d--h--r-    c:\users\Musa\AppData\Roaming\SecuROM
2011-01-04 13:56 . 2011-01-04 13:56    --------    d-----w-    c:\program files (x86)\Electronic Arts
2011-01-04 13:56 . 2009-09-04 16:44    517960    ----a-w-    c:\windows\system32\XAudio2_5.dll
2011-01-04 13:56 . 2009-09-04 16:44    238936    ----a-w-    c:\windows\SysWow64\xactengine3_5.dll
2011-01-04 13:56 . 2009-09-04 16:44    176968    ----a-w-    c:\windows\system32\xactengine3_5.dll
2011-01-04 13:56 . 2009-09-04 16:29    1974616    ----a-w-    c:\windows\SysWow64\D3DCompiler_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    2582888    ----a-w-    c:\windows\system32\D3DCompiler_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    5501792    ----a-w-    c:\windows\SysWow64\d3dcsx_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    5554512    ----a-w-    c:\windows\system32\d3dcsx_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    235344    ----a-w-    c:\windows\SysWow64\d3dx11_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    1892184    ----a-w-    c:\windows\SysWow64\D3DX9_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    285024    ----a-w-    c:\windows\system32\d3dx11_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    2475352    ----a-w-    c:\windows\system32\D3DX9_42.dll
2011-01-03 07:33 . 2011-01-03 07:33    --------    d-----w-    c:\users\Musa\AppData\Local\Conduit
2011-01-01 13:02 . 2011-01-01 13:02    --------    d-----w-    c:\windows\en
2011-01-01 13:00 . 2009-09-04 16:44    69464    ----a-w-    c:\windows\SysWow64\XAPOFX1_3.dll
2011-01-01 13:00 . 2009-09-04 16:44    515416    ----a-w-    c:\windows\SysWow64\XAudio2_5.dll
2011-01-01 13:00 . 2009-09-04 16:29    453456    ----a-w-    c:\windows\SysWow64\d3dx10_42.dll
2011-01-01 13:00 . 2009-09-04 16:29    523088    ----a-w-    c:\windows\system32\d3dx10_42.dll
2011-01-01 12:59 . 2006-11-29 12:06    4398360    ----a-w-    c:\windows\system32\d3dx9_32.dll
2011-01-01 12:59 . 2006-11-29 12:06    3426072    ----a-w-    c:\windows\SysWow64\d3dx9_32.dll
2011-01-01 09:23 . 2011-01-03 07:33    --------    d-----w-    c:\users\Musa\AppData\Local\uTorrentBar
2010-12-31 12:17 . 2010-12-31 12:17    --------    d-----w-    c:\program files (x86)\SystemRequirementsLab
2010-12-31 12:17 . 2010-12-31 12:17    --------    d-----w-    c:\users\Musa\AppData\Roaming\SystemRequirementsLab
2010-12-29 13:57 . 2010-12-29 13:58    --------    d-----w-    c:\windows\SysWow64\Adobe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 17:53 . 2010-04-29 15:40    472808    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2010-11-04 06:35 . 2010-12-16 19:43    1194496    ----a-w-    c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-16 19:43    57856    ----a-w-    c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-16 19:43    978944    ----a-w-    c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-16 19:43    44544    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-16 19:43    482816    ----a-w-    c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-16 19:43    386048    ----a-w-    c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-16 19:43    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-16 19:43    1638912    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-16 19:43    524288    ----a-w-    c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-16 19:43    1169408    ----a-w-    c:\windows\system32\taskschd.dll
2010-11-02 05:17 . 2010-12-16 19:43    473600    ----a-w-    c:\windows\system32\taskcomp.dll
2010-11-02 05:16 . 2010-12-16 19:43    1114624    ----a-w-    c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-16 19:43    464384    ----a-w-    c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-16 19:43    285696    ----a-w-    c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-16 19:43    496128    ----a-w-    c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-16 19:43    305152    ----a-w-    c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-16 19:43    192000    ----a-w-    c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-16 19:43    179712    ----a-w-    c:\windows\SysWow64\schtasks.exe
.

(((((((((((((((((((((((((((((  SnapShot@2011-01-26_13.25.18  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 23:51 . 2009-07-14 01:16    85504              c:\windows\SysWOW64\xwreg.dll
+ 2009-07-13 23:51 . 2009-07-14 01:14    41472              c:\windows\SysWOW64\xwizard.exe
+ 2009-07-13 23:44 . 2009-07-14 01:16    47616              c:\windows\SysWOW64\xolehlp.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    17920              c:\windows\SysWOW64\xmlprovi.dll
+ 2009-07-14 00:13 . 2009-07-14 01:16    54784              c:\windows\SysWOW64\xmlfilter.dll
+ 2009-07-14 00:05 . 2009-07-14 01:16    25600              c:\windows\SysWOW64\XInput9_1_0.dll
+ 2011-01-04 13:55 . 2007-04-04 17:53    81768              c:\windows\SysWOW64\xinput1_3.dll
+ 2011-01-04 13:55 . 2006-07-28 08:30    62744              c:\windows\SysWOW64\xinput1_2.dll
+ 2011-01-04 13:55 . 2006-03-31 11:39    62672              c:\windows\SysWOW64\xinput1_1.dll
+ 2009-07-13 23:15 . 2009-07-14 01:14    36864              c:\windows\SysWOW64\xcopy.exe
+ 2011-01-04 13:55 . 2008-10-27 09:04    70992              c:\windows\SysWOW64\XAPOFX1_2.dll
+ 2011-01-04 13:55 . 2008-07-31 09:41    68616              c:\windows\SysWOW64\XAPOFX1_1.dll
+ 2011-01-04 13:55 . 2008-05-30 13:17    65032              c:\windows\SysWOW64\XAPOFX1_0.dll
+ 2011-01-04 13:55 . 2009-03-16 13:18    22360              c:\windows\SysWOW64\X3DAudio1_6.dll
+ 2011-01-04 13:55 . 2008-10-27 09:04    23376              c:\windows\SysWOW64\X3DAudio1_5.dll
+ 2011-01-04 13:55 . 2008-05-30 13:17    25608              c:\windows\SysWOW64\X3DAudio1_4.dll
+ 2011-01-04 13:55 . 2008-03-05 15:00    25608              c:\windows\SysWOW64\X3DAudio1_3.dll
+ 2011-01-04 13:55 . 2007-10-22 02:37    17928              c:\windows\SysWOW64\X3DAudio1_2.dll
+ 2011-01-04 13:55 . 2007-03-05 11:42    15128              c:\windows\SysWOW64\x3daudio1_1.dll
+ 2011-01-04 13:55 . 2006-02-03 07:41    14032              c:\windows\SysWOW64\x3daudio1_0.dll
+ 2009-07-13 23:53 . 2009-07-14 01:16    80896              c:\windows\SysWOW64\wzcdlg.dll
+ 2009-07-13 23:56 . 2009-07-14 01:16    27648              c:\windows\SysWOW64\wwapi.dll
+ 2009-07-14 00:14 . 2009-07-14 01:16    27136              c:\windows\SysWOW64\wups.dll
+ 2009-07-14 00:14 . 2009-07-14 01:16    87552              c:\windows\SysWOW64\wudriver.dll
+ 2009-07-14 00:14 . 2009-07-14 01:14    33792              c:\windows\SysWOW64\wuapp.exe
+ 2009-07-14 00:02 . 2009-07-14 01:16    39936              c:\windows\SysWOW64\wtsapi32.dll
+ 2009-07-13 23:55 . 2009-07-14 01:16    15360              c:\windows\SysWOW64\wsock32.dll
+ 2009-07-13 23:55 . 2009-07-14 01:16    51712              c:\windows\SysWOW64\wsnmp32.dll
+ 2009-07-13 23:31 . 2009-07-14 01:11    54272              c:\windows\SysWOW64\WsmRes.dll
+ 2009-07-13 23:31 . 2009-07-14 01:14    12288              c:\windows\SysWOW64\wsmprovhost.exe
+ 2009-07-13 23:31 . 2009-07-14 01:16    10752              c:\windows\SysWOW64\wsmplpxy.dll
+ 2009-07-13 23:53 . 2009-07-14 01:16    14848              c:\windows\SysWOW64\wshrm.dll
+ 2009-07-13 23:53 . 2009-07-14 01:16    13824              c:\windows\SysWOW64\wshqos.dll
+ 2009-07-13 23:53 . 2009-07-14 01:16    10752              c:\windows\SysWOW64\wshirda.dll
+ 2009-07-13 23:12 . 2009-07-14 01:16    10752              c:\windows\SysWOW64\wship6.dll
+ 2009-07-13 23:42 . 2009-07-14 01:16    80896              c:\windows\SysWOW64\wshext.dll
+ 2009-07-13 23:55 . 2009-07-14 01:16    15360              c:\windows\SysWOW64\wshelper.dll
+ 2009-07-13 23:42 . 2009-07-14 01:16    25600              c:\windows\SysWOW64\wshcon.dll
+ 2009-07-13 23:51 . 2009-07-14 01:16    35840              c:\windows\SysWOW64\wshbth.dll
+ 2009-07-14 00:19 . 2009-07-14 01:16    20992              c:\windows\SysWOW64\wsdchngr.dll
+ 2009-07-13 23:55 . 2009-07-14 01:16    56832              c:\windows\SysWOW64\wscmisetup.dll
+ 2009-07-13 23:31 . 2009-07-14 01:16    18944              c:\windows\SysWOW64\wscisvif.dll
+ 2009-07-13 23:31 . 2009-07-14 01:16    95744              c:\windows\SysWOW64\wscinterop.dll
+ 2009-07-13 23:31 . 2009-07-14 01:16    48128              c:\windows\SysWOW64\wscapi.dll
+ 2009-07-14 00:07 . 2009-07-14 01:14    30208              c:\windows\SysWOW64\WPDShextAutoplay.exe
+ 2009-07-13 23:40 . 2009-07-14 01:16    10752              c:\windows\SysWOW64\wpcsvc.dll
+ 2009-07-13 23:16 . 2009-07-13 23:16    14336              c:\windows\SysWOW64\wowreg32.exe
+ 2009-07-13 23:36 . 2009-07-14 01:16    11264              c:\windows\SysWOW64\wmsgapi.dll
+ 2009-07-14 00:08 . 2009-07-14 01:16    22528              c:\windows\SysWOW64\wmpcm.dll
+ 2009-07-13 23:13 . 2009-07-14 01:16    23040              c:\windows\SysWOW64\wmiprop.dll
+ 2009-07-14 00:06 . 2009-07-14 01:16    36864              c:\windows\SysWOW64\wmdmps.dll
+ 2009-07-14 00:06 . 2009-07-14 01:16    31744              c:\windows\SysWOW64\wmdmlog.dll
+ 2009-07-14 00:07 . 2009-07-14 01:16    53760              c:\windows\SysWOW64\wmcodecdspps.dll
+ 2009-07-13 23:51 . 2009-07-14 01:16    16896              c:\windows\SysWOW64\wlaninst.dll
+ 2009-07-13 23:51 . 2009-07-14 01:16    84480              c:\windows\SysWOW64\wlanhlp.dll
+ 2009-07-13 23:51 . 2009-07-14 01:14    77312              c:\windows\SysWOW64\wlanext.exe
+ 2009-07-13 23:51 . 2009-07-14 01:16    81408              c:\windows\SysWOW64\wlanapi.dll
+ 2009-07-14 00:01 . 2009-07-14 01:16    12800              c:\windows\SysWOW64\wksprtPS.dll
+ 2009-07-13 23:37 . 2009-07-14 01:16    47104              c:\windows\SysWOW64\wkscli.dll
+ 2009-07-13 23:41 . 2009-07-14 01:14    79872              c:\windows\SysWOW64\winver.exe
+ 2009-07-13 23:51 . 2009-07-14 01:16    16896              c:\windows\SysWOW64\winusb.dll
+ 2009-07-13 23:55 . 2009-07-14 01:16    16896              c:\windows\SysWOW64\WINSRPC.DLL
+ 2009-07-13 23:55 . 2009-07-14 01:16    68608              c:\windows\SysWOW64\winsockhc.dll
+ 2009-07-13 23:37 . 2009-07-14 01:15    11264              c:\windows\SysWOW64\winshfhc.dll
+ 2009-07-13 23:31 . 2009-07-14 01:16    10752              c:\windows\SysWOW64\winrssrv.dll
+ 2009-07-13 23:31 . 2009-07-14 01:14    20480              c:\windows\SysWOW64\winrshost.exe
+ 2009-07-13 23:31 . 2009-07-14 01:14    39936              c:\windows\SysWOW64\winrs.exe
+ 2009-07-13 23:37 . 2009-07-14 01:16    20992              c:\windows\SysWOW64\winrnr.dll
+ 2009-07-13 23:12 . 2009-07-14 01:16    16896              c:\windows\SysWOW64\winnsi.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    70144              c:\windows\SysWOW64\winipsec.dll
+ 2009-07-13 23:36 . 2009-07-14 01:14    96256              c:\windows\SysWOW64\wininit.exe
+ 2009-07-14 00:14 . 2009-07-14 01:16    27648              c:\windows\SysWOW64\WinFax.dll
+ 2009-07-13 23:32 . 2009-07-14 01:15    24064              c:\windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll
+ 2009-07-13 23:32 . 2009-07-14 01:06    20480              c:\windows\SysWOW64\WindowsPowerShell\v1.0\PSEvents.dll
+ 2009-07-13 23:37 . 2009-07-14 01:16    35328              c:\windows\SysWOW64\wincredprovider.dll
+ 2009-07-13 23:18 . 2009-07-14 01:16    12800              c:\windows\SysWOW64\winbrand.dll
+ 2009-07-13 23:37 . 2009-07-14 01:16    57856              c:\windows\SysWOW64\winbio.dll
+ 2009-07-14 00:14 . 2009-07-14 01:16    12800              c:\windows\SysWOW64\wiatrace.dll
+ 2009-07-14 00:14 . 2009-07-14 01:16    87552              c:\windows\SysWOW64\wiascanprofiles.dll
+ 2009-07-14 00:15 . 2009-07-14 01:14    88576              c:\windows\SysWOW64\wiaacmgr.exe
+ 2009-07-13 23:15 . 2009-07-14 01:14    43008              c:\windows\SysWOW64\whoami.exe
+ 2009-07-13 23:55 . 2009-07-14 01:16    14848              c:\windows\SysWOW64\whhelper.dll
+ 2009-07-13 23:15 . 2009-07-14 01:14    35328              c:\windows\SysWOW64\where.exe
+ 2009-07-13 23:20 . 2009-07-14 01:16    32768              c:\windows\SysWOW64\whealogr.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    66048              c:\windows\SysWOW64\WfHC.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    18944              c:\windows\SysWOW64\wfapigp.dll
+ 2009-07-13 23:29 . 2009-07-14 01:16    83456              c:\windows\SysWOW64\wevtfwd.dll
+ 2009-07-13 23:27 . 2009-07-14 01:14    53760              c:\windows\SysWOW64\wermgr.exe
+ 2009-07-13 23:27 . 2009-07-14 01:14    28672              c:\windows\SysWOW64\WerFaultSecure.exe
+ 2009-07-13 23:27 . 2009-07-14 01:16    28672              c:\windows\SysWOW64\werdiagcontroller.dll
+ 2009-07-13 23:30 . 2009-07-14 01:14    80384              c:\windows\SysWOW64\wecutil.exe
+ 2009-07-13 23:29 . 2009-07-14 01:16    58368              c:\windows\SysWOW64\wecapi.dll
+ 2009-07-13 23:19 . 2009-07-14 01:16    76288              c:\windows\SysWOW64\wdi.dll
+ 2009-07-13 23:25 . 2009-07-14 01:16    32768              c:\windows\SysWOW64\WcsPlugInService.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    20992              c:\windows\SysWOW64\WcnEapPeerProxy.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    20480              c:\windows\SysWOW64\WcnEapAuthProxy.dll
+ 2009-07-13 23:53 . 2009-07-14 01:16    86528              c:\windows\SysWOW64\WcnApi.dll
+ 2009-07-13 23:30 . 2009-07-14 01:16    61952              c:\windows\SysWOW64\wbem\xml\wmi2xml.dll
+ 2009-07-13 23:30 . 2009-07-14 01:16    85504              c:\windows\SysWOW64\wbem\wmiutils.dll
+ 2009-07-13 23:19 . 2009-07-14 01:16    50176              c:\windows\SysWOW64\wbem\WmiPerfInst.dll
+ 2009-07-13 23:19 . 2009-07-14 01:16    90112              c:\windows\SysWOW64\wbem\WmiPerfClass.dll
+ 2009-07-13 23:30 . 2009-07-14 01:16    74752              c:\windows\SysWOW64\wbem\WMICOOKR.dll
+ 2009-07-13 23:31 . 2009-07-14 01:16    89600              c:\windows\SysWOW64\wbem\WmiApRpl.dll
+ 2009-07-13 23:30 . 2009-07-14 01:14    78336              c:\windows\SysWOW64\wbem\WinMgmt.exe
+ 2009-07-13 23:30 . 2009-07-14 01:16    47616              c:\windows\SysWOW64\wbem\wbemsvc.dll
+ 2009-07-13 23:30 . 2009-07-14 01:16    29184              c:\windows\SysWOW64\wbem\wbemprox.dll
+ 2009-07-13 23:30 . 2009-07-14 01:16    98304              c:\windows\SysWOW64\wbem\stdprov.dll
+ 2009-07-13 23:22 . 2009-07-14 01:16    79360              c:\windows\SysWOW64\wbem\RacWmiProv.dll
+ 2009-07-13 23:30 . 2009-07-14 01:16    78336              c:\windows\SysWOW64\wbem\PolicMan.dll
+ 2009-07-13 23:30 . 2009-07-14 01:14    19968              c:\windows\SysWOW64\wbem\mofcomp.exe
+ 2009-07-13 23:15 . 2009-07-14 01:14    34304              c:\windows\SysWOW64\waitfor.exe
+ 2009-07-14 00:07 . 2009-07-14 01:16    58880              c:\windows\SysWOW64\WABSyncProvider.dll
+ 2009-07-13 23:37 . 2009-07-14 01:16    26624              c:\windows\SysWOW64\w32topl.dll
+ 2009-07-13 23:33 . 2009-07-14 01:14    65536              c:\windows\SysWOW64\w32tm.exe
+ 2009-07-13 23:23 . 2009-07-14 01:16    56320              c:\windows\SysWOW64\vsstrace.dll
+ 2009-07-13 23:23 . 2009-07-14 01:16    26112              c:\windows\SysWOW64\vss_ps.dll
+ 2009-07-13 23:54 . 2009-07-14 01:16    24576              c:\windows\SysWOW64\vpnikeapi.dll
+ 2009-07-13 23:15 . 2009-07-14 01:16    17408              c:\windows\SysWOW64\virtdisk.dll
+ 2009-07-14 00:03 . 2009-07-14 01:16    56832              c:\windows\SysWOW64\vfwwdm32.dll
+ 2009-07-14 02:35 . 2009-07-14 01:16    20535              c:\windows\SysWOW64\vfpodbc.dll
+ 2009-07-13 23:41 . 2009-07-14 01:16    21504              c:\windows\SysWOW64\version.dll
+ 2009-07-13 23:41 . 2009-07-14 01:14    10752              c:\windows\SysWOW64\verclsid.exe
+ 2009-07-13 23:23 . 2009-07-14 01:16    47616              c:\windows\SysWOW64\vdsvd.dll
+ 2009-07-13 23:23 . 2009-07-14 01:16    44544              c:\windows\SysWOW64\vds_ps.dll
+ 2009-07-13 23:20 . 2009-07-14 01:16    16896              c:\windows\SysWOW64\vdmdbg.dll
+ 2006-07-24 08:50 . 2006-07-24 08:50    47920              c:\windows\SysWOW64\VBAME.DLL
+ 2009-07-13 21:04 . 2009-07-14 01:16    30749              c:\windows\SysWOW64\vbajet32.dll
+ 1998-06-17 21:00 . 1998-06-17 21:00    89360              c:\windows\SysWOW64\Vb5db.dll
+ 2009-07-13 23:37 . 2009-07-14 01:16    36352              c:\windows\SysWOW64\vaultcli.dll
+ 2010-09-09 16:09 . 2007-07-11 13:56    28672              c:\windows\SysWOW64\V0260Hwx.dll
+ 2009-07-13 23:38 . 2009-07-14 01:16    20992              c:\windows\SysWOW64\UXInit.dll
+ 2009-07-14 00:02 . 2009-07-14 01:16    31744              c:\windows\SysWOW64\utildll.dll
+ 2009-07-13 23:34 . 2009-07-14 01:14    26112              c:\windows\SysWOW64\userinit.exe
+ 2009-07-13 23:34 . 2009-07-14 01:16    79360              c:\windows\SysWOW64\userenv.dll
+ 2009-07-13 23:40 . 2009-07-14 01:16    78848              c:\windows\SysWOW64\UserAccountControlSettings.dll
+ 2009-07-13 23:41 . 2009-07-14 01:16    80896              c:\windows\SysWOW64\usbui.dll
+ 2009-07-13 23:51 . 2009-07-14 01:16    11264              c:\windows\SysWOW64\usbperf.dll
+ 2009-07-13 23:51 . 2009-07-14 01:16    23552              c:\windows\SysWOW64\usbceip.dll
+ 2009-07-13 23:14 . 2009-07-14 01:16    23040              c:\windows\SysWOW64\ureg.dll
+ 2009-07-13 23:55 . 2009-07-14 01:14    23552              c:\windows\SysWOW64\upnpcont.exe
+ 2009-07-13 23:19 . 2009-07-14 01:14    33792              c:\windows\SysWOW64\unlodctr.exe
+ 2009-07-13 23:55 . 2009-07-14 01:16    16896              c:\windows\SysWOW64\uniplat.dll
+ 2009-07-13 23:55 . 2009-07-14 01:16    59392              c:\windows\SysWOW64\unimdmat.dll
+ 2009-07-13 23:55 . 2009-07-14 01:16    17920              c:\windows\SysWOW64\umdmxfrm.dll
+ 2009-07-13 23:55 . 2009-07-14 01:16    35328              c:\windows\SysWOW64\uicom.dll
+ 2009-07-13 23:28 . 2009-07-14 01:16    99328              c:\windows\SysWOW64\UIAnimation.dll
+ 2009-07-13 23:14 . 2009-07-14 01:16    95232              c:\windows\SysWOW64\ufat.dll
+ 2009-07-13 23:14 . 2009-07-14 01:16    68096              c:\windows\SysWOW64\uexfat.dll
+ 2009-07-13 23:55 . 2009-07-14 01:16    45056              c:\windows\SysWOW64\udhisapi.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    48128              c:\windows\SysWOW64\ucmhc.dll
+ 2009-07-13 23:15 . 2009-07-14 01:14    47616              c:\windows\SysWOW64\tzutil.exe
+ 2009-07-13 23:19 . 2009-07-14 01:14    40448              c:\windows\SysWOW64\typeperf.exe
+ 2009-07-13 23:11 . 2009-07-14 01:16    10752              c:\windows\SysWOW64\txfw32.dll
+ 2009-07-13 23:44 . 2009-07-14 01:16    90624              c:\windows\SysWOW64\txflog.dll
+ 2009-07-14 00:05 . 2009-07-14 01:16    29696              c:\windows\SysWOW64\tvratings.dll
+ 2009-07-14 00:35 . 2009-06-10 21:14    34624              c:\windows\SysWOW64\TsWpfWrp.exe
+ 2009-07-14 00:02 . 2009-07-14 01:14    38912              c:\windows\SysWOW64\TSTheme.exe
+ 2009-07-13 23:34 . 2009-07-14 01:16    65024              c:\windows\SysWOW64\TSpkg.dll
+ 2009-07-14 00:02 . 2009-07-14 01:16    36864              c:\windows\SysWOW64\tsgqec.dll
+ 2009-07-13 23:29 . 2009-07-14 01:16    13312              c:\windows\SysWOW64\TSChannel.dll
+ 2010-04-29 15:00 . 2009-12-19 09:02    12288              c:\windows\SysWOW64\tsbyuv.dll
+ 2009-07-13 23:15 . 2009-07-13 23:15    16384              c:\windows\SysWOW64\tree.com
+ 2009-07-13 23:27 . 2009-07-14 01:16    20992              c:\windows\SysWOW64\TRAPI.dll
+ 2009-07-13 23:54 . 2009-07-14 01:16    33280              c:\windows\SysWOW64\traffic.dll
+ 2009-07-13 23:55 . 2009-07-14 01:14    12288              c:\windows\SysWOW64\TRACERT.EXE
+ 2009-07-13 23:12 . 2009-07-14 01:14    94720              c:\windows\SysWOW64\TpmInit.exe
+ 2009-07-13 23:12 . 2009-07-14 01:16    40960              c:\windows\SysWOW64\tpmcompc.dll
+ 2009-07-14 00:01 . 2009-07-14 01:16    70144              c:\windows\SysWOW64\tlscsp.dll
+ 2009-07-13 23:15 . 2009-07-14 01:14    27136              c:\windows\SysWOW64\timeout.exe
+ 2009-07-13 23:40 . 2009-07-14 01:16    82944              c:\windows\SysWOW64\thumbcache.dll
+ 2009-07-14 00:19 . 2009-07-14 01:14    13824              c:\windows\SysWOW64\tcmsetup.exe
+ 2009-07-13 23:12 . 2009-07-14 01:16    12288              c:\windows\SysWOW64\tbs.dll
+ 2009-07-13 23:29 . 2009-07-14 01:16    36864              c:\windows\SysWOW64\TaskSchdPS.dll
+ 2009-07-13 23:57 . 2009-07-14 01:14    80896              c:\windows\SysWOW64\tasklist.exe
+ 2009-07-13 23:57 . 2009-07-14 01:14    77824              c:\windows\SysWOW64\taskkill.exe
+ 2009-07-14 00:19 . 2009-07-14 01:14    11264              c:\windows\SysWOW64\TapiUnattend.exe
+ 2009-07-13 23:15 . 2009-07-14 01:14    50688              c:\windows\SysWOW64\takeown.exe
+ 2009-07-13 23:40 . 2009-07-14 01:14    81920              c:\windows\SysWOW64\SystemPropertiesRemote.exe
+ 2009-07-13 23:40 . 2009-07-14 01:14    81920              c:\windows\SysWOW64\SystemPropertiesProtection.exe
+ 2009-07-13 23:40 . 2009-07-14 01:14    81920              c:\windows\SysWOW64\SystemPropertiesPerformance.exe
+ 2009-07-13 23:40 . 2009-07-14 01:14    81920              c:\windows\SysWOW64\SystemPropertiesHardware.exe
+ 2009-07-13 23:40 . 2009-07-14 01:14    81920              c:\windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe
+ 2009-07-13 23:40 . 2009-07-14 01:14    81920              c:\windows\SysWOW64\SystemPropertiesComputerName.exe
+ 2009-07-13 23:40 . 2009-07-14 01:14    81920              c:\windows\SysWOW64\SystemPropertiesAdvanced.exe
+ 2009-07-13 23:57 . 2009-07-14 01:14    75776              c:\windows\SysWOW64\systeminfo.exe
+ 2009-07-13 23:17 . 2009-07-14 01:16    14336              c:\windows\SysWOW64\syssetup.dll
+ 2009-07-13 23:34 . 2009-07-14 01:14    28672              c:\windows\SysWOW64\syskey.exe
+ 2009-07-14 00:07 . 2009-07-14 01:16    55296              c:\windows\SysWOW64\Syncreg.dll
+ 2009-07-14 00:07 . 2009-07-14 01:16    15360              c:\windows\SysWOW64\SyncInfrastructureps.dll
+ 2009-07-14 00:07 . 2009-07-14 01:14    38912              c:\windows\SysWOW64\SyncHost.exe
+ 2009-07-13 23:39 . 2009-07-14 01:16    78336              c:\windows\SysWOW64\synceng.dll
+ 2009-07-13 23:16 . 2009-07-14 01:14    27136              c:\windows\SysWOW64\sxstrace.exe
+ 2009-07-13 23:15 . 2009-07-14 01:16    22016              c:\windows\SysWOW64\sxsstore.dll
+ 2009-07-13 23:23 . 2009-07-14 01:16    19456              c:\windows\SysWOW64\sxshared.dll
+ 2009-07-13 23:23 . 2009-07-14 01:16    31744              c:\windows\SysWOW64\sxproxy.dll
+ 2009-07-13 23:19 . 2009-07-14 01:14    20992              c:\windows\SysWOW64\svchost.exe
+ 2009-07-13 23:15 . 2009-07-14 01:14    13824              c:\windows\SysWOW64\subst.exe
+ 2009-07-13 23:45 . 2009-07-14 01:16    60928              c:\windows\SysWOW64\Storprop.dll
+ 2009-07-13 23:42 . 2009-07-14 01:16    62464              c:\windows\SysWOW64\StorageContextHandler.dll
+ 2009-07-13 23:44 . 2009-07-14 01:16    65024              c:\windows\SysWOW64\stclient.dll
+ 1997-08-14 23:00 . 1997-08-14 23:00    44032              c:\windows\SysWOW64\SSPng.dll
+ 2010-04-29 15:01 . 2009-12-11 07:36    96768              c:\windows\SysWOW64\sspicli.dll
+ 2009-07-13 23:55 . 2009-07-14 01:16    39936              c:\windows\SysWOW64\ssdpapi.dll
+ 2009-07-13 23:37 . 2009-07-14 01:16    90112              c:\windows\SysWOW64\srvcli.dll
+ 2009-07-13 23:23 . 2009-07-14 01:16    73216              c:\windows\SysWOW64\srhelper.dll
+ 2009-07-13 23:23 . 2009-07-14 01:14    14848              c:\windows\SysWOW64\srdelayed.exe
+ 2009-07-13 23:23 . 2009-07-14 01:16    43008              c:\windows\SysWOW64\srclient.dll
+ 2009-07-13 21:03 . 2009-07-13 21:03    49179              c:\windows\SysWOW64\sqlwoa.dll
+ 2009-07-13 21:03 . 2009-07-14 01:16    24603              c:\windows\SysWOW64\sqlwid.dll
+ 2009-07-13 23:17 . 2009-07-14 01:16    11264              c:\windows\SysWOW64\spwinsat.dll
+ 2009-07-13 23:17 . 2009-07-14 01:16    19968              c:\windows\SysWOW64\spopk.dll
+ 2009-07-13 23:16 . 2009-07-14 01:16    75776              c:\windows\SysWOW64\SPInf.dll
+ 2009-07-13 23:16 . 2009-07-14 01:16    81920              c:\windows\SysWOW64\spfileq.dll
+ 2009-07-14 00:14 . 2009-07-14 01:16    18944              c:\windows\SysWOW64\Speech\SpeechUX\SpeechUXPS.DLL
+ 2009-07-13 23:17 . 2009-07-14 01:16    61952              c:\windows\SysWOW64\spbcd.dll
+ 2009-07-13 23:15 . 2009-07-14 01:16    54784              c:\windows\SysWOW64\SortWindows6Compat.dll
+ 2009-07-13 23:15 . 2009-07-14 01:16    38400              c:\windows\SysWOW64\SortServer2003Compat.dll
+ 2009-07-13 23:15 . 2009-07-14 01:14    19968              c:\windows\SysWOW64\sort.exe
+ 2009-07-13 23:55 . 2009-07-14 01:16    22528              c:\windows\SysWOW64\snmpapi.dll
+ 2009-07-13 23:14 . 2009-07-14 01:16    84992              c:\windows\SysWOW64\SMBHelperClass.dll
+ 2009-07-13 23:36 . 2009-07-14 01:16    13824              c:\windows\SysWOW64\slwga.dll
+ 2009-07-13 23:35 . 2009-07-14 01:16    16384              c:\windows\SysWOW64\slcext.dll
+ 2009-07-13 23:35 . 2009-07-14 01:16    27136              c:\windows\SysWOW64\slc.dll
+ 2009-07-13 23:14 . 2009-07-14 01:16    19456              c:\windows\SysWOW64\sisbkup.dll
+ 2010-09-22 23:47 . 2010-09-22 23:47    49016              c:\windows\SysWOW64\sirenacm.dll
+ 2009-07-13 23:19 . 2009-07-14 01:16    41984              c:\windows\SysWOW64\signdrv.dll
+ 2009-07-13 23:34 . 2009-07-14 01:14    30720              c:\windows\SysWOW64\shutdown.exe
+ 2009-07-13 23:38 . 2009-07-14 01:16    10240              c:\windows\SysWOW64\shunimpl.dll
+ 2009-07-13 23:39 . 2009-07-14 01:16    14336              c:\windows\SysWOW64\shpafact.dll
+ 2009-07-13 23:39 . 2009-07-14 01:16    35840              c:\windows\SysWOW64\shimgvw.dll
+ 2009-07-13 23:40 . 2009-07-14 01:16    20992              c:\windows\SysWOW64\shgina.dll
+ 2009-07-13 23:15 . 2009-07-14 01:16    40960              c:\windows\SysWOW64\sfc_os.dll
+ 2009-07-13 23:15 . 2009-07-14 01:14    35328              c:\windows\SysWOW64\sfc.exe
+ 2009-07-13 23:15 . 2009-07-14 01:14    46080              c:\windows\SysWOW64\setx.exe
+ 2009-07-13 23:53 . 2009-07-14 01:14    17920              c:\windows\SysWOW64\setupSNK.exe
+ 2010-04-29 15:00 . 2009-12-22 08:23    25600              c:\windows\SysWOW64\setup16.exe
+ 2009-07-14 00:01 . 2009-07-14 01:16    66560              c:\windows\SysWOW64\Setup\tssysprep.dll
+ 2009-07-13 23:54 . 2009-07-14 01:16    47104              c:\windows\SysWOW64\Setup\pbkmigr.dll
+ 2009-07-13 23:44 . 2009-07-14 01:15    65024              c:\windows\SysWOW64\Setup\msdtcstp.dll
+ 2009-07-13 23:54 . 2009-07-14 01:15    58368              c:\windows\SysWOW64\Setup\cmmigr.dll
+ 2009-07-13 23:43 . 2009-07-14 01:14    77824              c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2009-07-14 00:02 . 2009-07-14 01:16    99328              c:\windows\SysWOW64\SessEnv.dll
+ 2009-07-13 23:55 . 2009-07-14 01:16    18432              c:\windows\SysWOW64\serwvdrv.dll
+ 2009-07-13 23:55 . 2009-07-14 01:16    15360              c:\windows\SysWOW64\serialui.dll
+ 2009-07-13 23:21 . 2009-07-14 01:16    10752              c:\windows\SysWOW64\SensApi.dll
+ 2009-07-13 23:21 . 2009-07-14 01:16    49664              c:\windows\SysWOW64\Sens.dll
+ 2009-07-13 23:39 . 2009-07-14 01:16    65536              c:\windows\SysWOW64\sendmail.dll
+ 2010-04-29 15:01 . 2009-12-11 07:39    22016              c:\windows\SysWOW64\secur32.dll
+ 2010-04-29 15:01 . 2010-01-18 23:29    85504              c:\windows\SysWOW64\secproc_ssp_isv.dll
+ 2010-04-29 15:01 . 2010-01-18 23:29    85504              c:\windows\SysWOW64\secproc_ssp.dll
+ 2009-07-13 23:22 . 2009-07-14 01:14    14848              c:\windows\SysWOW64\secinit.exe
+ 2009-07-13 23:11 . 2009-07-14 01:16    92160              c:\windows\SysWOW64\sechost.dll
+ 2009-07-13 23:33 . 2009-07-14 01:14    35328              c:\windows\SysWOW64\SecEdit.exe
+ 2009-07-14 00:13 . 2009-07-14 01:14    86528              c:\windows\SysWOW64\SearchFilterHost.exe
+ 2009-07-13 23:19 . 2009-07-14 01:14    21504              c:\windows\SysWOW64\sdiagnhost.exe
+ 2009-07-13 23:20 . 2009-07-14 01:14    40960              c:\windows\SysWOW64\sdchange.exe
+ 2009-07-13 23:12 . 2009-07-14 01:14    20992              c:\windows\SysWOW64\sdbinst.exe
+ 2009-07-13 23:41 . 2009-07-14 01:14    10240              c:\windows\SysWOW64\scrnsave.scr
+ 2009-07-14 00:12 . 2009-07-14 01:16    57856              c:\windows\SysWOW64\scripto.dll
+ 2006-07-24 08:50 . 2006-07-24 08:50    39728              c:\windows\SysWOW64\SCP32.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:16    17408              c:\windows\SysWOW64\schedcli.dll
+ 2009-07-13 23:33 . 2009-07-14 01:16    66048              c:\windows\SysWOW64\SCardDlg.dll
+ 2009-07-13 23:19 . 2009-07-14 01:14    37376              c:\windows\SysWOW64\sc.exe
+ 2009-07-13 23:40 . 2009-07-14 01:14    12288              c:\windows\SysWOW64\sbunattend.exe
+ 2009-07-14 00:06 . 2009-07-14 01:09    65536              c:\windows\SysWOW64\sberes.dll
+ 2009-07-13 23:37 . 2009-07-14 01:16    60928              c:\windows\SysWOW64\samlib.dll
+ 2009-07-13 23:37 . 2009-07-14 01:16    50688              c:\windows\SysWOW64\samcli.dll
+ 2009-07-13 23:41 . 2009-07-14 01:14    50688              c:\windows\SysWOW64\runonce.exe
+ 2009-07-13 23:41 . 2009-07-14 01:14    57856              c:\windows\SysWOW64\RunLegacyCPLElevated.exe
+ 2009-07-13 23:41 . 2009-07-14 01:14    44544              c:\windows\SysWOW64\rundll32.exe
+ 2009-07-13 23:15 . 2009-07-14 01:14    17408              c:\windows\SysWOW64\runas.exe
+ 2010-08-11 11:04 . 2010-06-19 06:23    37376              c:\windows\SysWOW64\rtutils.dll
+ 2009-07-14 00:13 . 2009-07-14 01:16    36864              c:\windows\SysWOW64\rtffilt.dll
+ 2009-07-13 23:41 . 2009-07-14 01:16    43008              c:\windows\SysWOW64\rshx32.dll
+ 2009-07-14 00:04 . 2009-07-14 01:14    50176              c:\windows\SysWOW64\rrinstaller.exe
+ 2009-07-13 23:43 . 2009-07-14 01:16    45568              c:\windows\SysWOW64\RpcRtRemote.dll
+ 2009-07-13 23:43 . 2009-07-14 01:14    34816              c:\windows\SysWOW64\RpcPing.exe
+ 2009-07-13 23:43 . 2009-07-14 01:16    27648              c:\windows\SysWOW64\rpcnsh.dll
+ 2009-07-13 23:43 . 2009-07-14 01:16    44544              c:\windows\SysWOW64\RPCNDFP.dll
+ 2009-07-13 23:55 . 2009-07-14 01:14    17920              c:\windows\SysWOW64\ROUTE.EXE
+ 2009-07-13 23:16 . 2009-07-14 01:14    97280              c:\windows\SysWOW64\Robocopy.exe
+ 2009-07-13 23:22 . 2009-07-14 01:14    14848              c:\windows\SysWOW64\RmClient.exe
+ 2009-07-13 23:21 . 2009-07-14 01:16    71168              c:\windows\SysWOW64\resutils.dll
+ 2009-07-13 23:15 . 2009-07-14 01:14    16896              c:\windows\SysWOW64\replace.exe
+ 2009-07-13 23:19 . 2009-07-14 01:14    37376              c:\windows\SysWOW64\relog.exe
+ 2009-07-13 23:34 . 2009-07-14 01:14    61440              c:\windows\SysWOW64\rekeywiz.exe
+ 2009-07-13 23:58 . 2009-07-14 01:14    14848              c:\windows\SysWOW64\regsvr32.exe
+ 2009-07-13 23:43 . 2009-07-14 01:14    83968              c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2009-07-13 23:58 . 2009-07-14 01:14    44032              c:\windows\SysWOW64\regini.exe
+ 2009-07-13 23:41 . 2009-07-14 01:16    41472              c:\windows\SysWOW64\RegCtrl.dll
+ 2009-07-14 00:02 . 2009-07-14 01:16    71680              c:\windows\SysWOW64\regapi.dll
+ 2009-07-13 23:15 . 2009-07-14 01:14    62464              c:\windows\SysWOW64\reg.exe
+ 2009-07-13 23:15 . 2009-07-14 01:14    11776              c:\windows\SysWOW64\recover.exe
+ 2009-07-13 23:20 . 2009-07-14 01:14    21504              c:\windows\SysWOW64\ReAgentc.exe
+ 2009-07-13 23:20 . 2009-07-14 01:14    36352              c:\windows\SysWOW64\rdrleakdiag.exe
+ 2009-07-14 00:01 . 2009-07-14 01:16    21504              c:\windows\SysWOW64\rdprefdrvapi.dll
+ 2009-07-14 00:02 . 2009-07-14 01:16    52224              c:\windows\SysWOW64\rdpd3d.dll
+ 2009-07-13 23:54 . 2009-07-14 01:16    69632              c:\windows\SysWOW64\rastapi.dll
+ 2009-07-13 23:54 . 2009-07-14 01:16    22528              c:\windows\SysWOW64\rasser.dll
+ 2009-07-13 23:54 . 2009-07-14 01:14    50176              c:\windows\SysWOW64\rasphone.exe
+ 2009-07-13 23:54 . 2009-07-14 01:16    33280              c:\windows\SysWOW64\rasmxs.dll
+ 2009-07-13 23:54 . 2009-07-14 01:16    76800              c:\windows\SysWOW64\rasman.dll
+ 2009-07-13 23:54 . 2009-07-14 01:14    73216              c:\windows\SysWOW64\rasdial.exe
+ 2009-07-13 23:52 . 2009-07-14 01:16    61952              c:\windows\SysWOW64\rasdiag.dll
+ 2009-07-13 23:54 . 2009-07-14 01:16    15360              c:\windows\SysWOW64\rasctrs.dll
+ 2009-07-13 23:54 . 2009-07-14 01:16    81408              c:\windows\SysWOW64\rascfg.dll
+ 2009-07-13 23:54 . 2009-07-14 01:14    16896              c:\windows\SysWOW64\rasautou.exe
+ 2009-07-13 23:54 . 2009-07-14 01:16    11776              c:\windows\SysWOW64\rasadhlp.dll
+ 2009-07-13 23:20 . 2009-07-14 01:16    62976              c:\windows\SysWOW64\radarrs.dll
+ 2009-07-13 23:20 . 2009-07-14 01:16    85504              c:\windows\SysWOW64\radardt.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    80896              c:\windows\SysWOW64\QUTIL.DLL
+ 2009-07-13 23:52 . 2009-07-14 01:16    99328              c:\windows\SysWOW64\QSVRMGMT.DLL
+ 2009-07-13 23:29 . 2009-07-14 01:16    21504              c:\windows\SysWOW64\qmgrprxy.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    71680              c:\windows\SysWOW64\QCLIPROV.DLL
+ 2009-07-13 23:32 . 2009-07-14 01:15    41984              c:\windows\SysWOW64\pwrshplugin.dll
+ 2010-09-10 23:53 . 2008-06-15 08:01    60273              c:\windows\SysWOW64\pthreadGC2.dll
+ 2009-07-13 23:32 . 2009-07-14 01:16    23552              c:\windows\SysWOW64\pstorsvc.dll
+ 2009-07-13 23:32 . 2009-07-14 01:16    42496              c:\windows\SysWOW64\pstorec.dll
+ 2009-07-13 23:11 . 2009-07-14 01:19    52816              c:\windows\SysWOW64\PSHED.DLL
+ 2009-07-13 23:32 . 2009-07-14 01:16    50688              c:\windows\SysWOW64\psbase.dll
+ 2009-07-13 23:34 . 2009-07-14 01:14    28160              c:\windows\SysWOW64\proquota.exe
+ 2009-07-13 23:12 . 2009-07-14 01:16    31744              c:\windows\SysWOW64\profapi.dll
+ 2009-07-14 00:18 . 2009-07-14 01:14    60928              c:\windows\SysWOW64\printui.exe
+ 2010-04-29 16:11 . 2009-07-13 16:37    51600              c:\windows\SysWOW64\Printing_Admin_Scripts\fi-FI\prnqctl.vbs
+ 2010-04-29 16:11 . 2009-07-13 16:37    56810              c:\windows\SysWOW64\Printing_Admin_Scripts\fi-FI\prnport.vbs
+ 2010-04-29 16:11 . 2009-07-13 16:32    81538              c:\windows\SysWOW64\Printing_Admin_Scripts\fi-FI\prnmngr.vbs
+ 2010-04-29 16:11 . 2009-07-13 16:38    70098              c:\windows\SysWOW64\Printing_Admin_Scripts\fi-FI\prnjobs.vbs
+ 2010-04-29 16:11 . 2009-07-13 16:38    51680              c:\windows\SysWOW64\Printing_Admin_Scripts\fi-FI\prndrvr.vbs
+ 2009-07-14 05:35 . 2009-07-14 02:07    51462              c:\windows\SysWOW64\Printing_Admin_Scripts\en-US\prnqctl.vbs
+ 2009-07-14 05:35 . 2009-07-14 02:09    56756              c:\windows\SysWOW64\Printing_Admin_Scripts\en-US\prnport.vbs
+ 2009-07-14 05:35 . 2009-07-14 02:04    81048              c:\windows\SysWOW64\Printing_Admin_Scripts\en-US\prnmngr.vbs
+ 2009-07-14 05:35 . 2009-07-14 02:08    69882              c:\windows\SysWOW64\Printing_Admin_Scripts\en-US\prnjobs.vbs
+ 2009-07-14 05:35 . 2009-07-14 02:01    51312              c:\windows\SysWOW64\Printing_Admin_Scripts\en-US\prndrvr.vbs
+ 2010-04-29 16:39 . 2009-07-13 16:39    51610              c:\windows\SysWOW64\Printing_Admin_Scripts\da-DK\prnqctl.vbs
+ 2010-04-29 16:39 . 2009-07-13 16:39    56896              c:\windows\SysWOW64\Printing_Admin_Scripts\da-DK\prnport.vbs
+ 2010-04-29 16:39 . 2009-07-13 16:40    81582              c:\windows\SysWOW64\Printing_Admin_Scripts\da-DK\prnmngr.vbs
+ 2010-04-29 16:39 . 2009-07-13 16:40    70166              c:\windows\SysWOW64\Printing_Admin_Scripts\da-DK\prnjobs.vbs
+ 2010-04-29 16:39 . 2009-07-13 16:39    51380              c:\windows\SysWOW64\Printing_Admin_Scripts\da-DK\prndrvr.vbs
+ 2009-07-13 23:15 . 2009-07-14 01:14    13824              c:\windows\SysWOW64\print.exe
+ 2009-07-13 23:10 . 2009-07-14 01:09    17408              c:\windows\SysWOW64\prflbmsg.dll
+ 2009-07-13 23:39 . 2009-07-14 01:14    31232              c:\windows\SysWOW64\prevhost.exe
+ 2010-06-23 12:05 . 2009-11-25 10:47    99176              c:\windows\SysWOW64\PresentationHostProxy.dll
+ 2009-07-13 23:16 . 2009-07-14 01:14    59392              c:\windows\SysWOW64\powercfg.exe
+ 2009-07-13 23:20 . 2009-07-14 01:16    22528              c:\windows\SysWOW64\pots.dll
+ 2009-07-14 00:06 . 2009-07-14 01:16    60928              c:\windows\SysWOW64\PortableDeviceConnectApi.dll
+ 2009-07-13 23:55 . 2009-07-14 01:16    65024              c:\windows\SysWOW64\pnrpnsp.dll
+ 2009-07-13 23:16 . 2009-07-14 01:09    74752              c:\windows\SysWOW64\pnpsetup.dll
+ 2009-07-13 23:42 . 2009-07-14 01:16    46592              c:\windows\SysWOW64\pngfilt.dll
+ 2009-07-14 00:03 . 2009-07-14 01:16    77312              c:\windows\SysWOW64\PlaySndSrv.dll
+ 2009-07-13 23:55 . 2009-07-14 01:14    15360              c:\windows\SysWOW64\PING.EXE
+ 2009-07-13 23:41 . 2009-07-14 01:09    34816              c:\windows\SysWOW64\pifmgr.dll
+ 2009-07-14 00:04 . 2009-07-14 01:16    36352              c:\windows\SysWOW64\pid.dll
+ 2009-07-14 00:02 . 2009-07-14 01:16    17408              c:\windows\SysWOW64\perfts.dll
+ 2009-07-13 23:19 . 2009-07-14 01:16    35328              c:\windows\SysWOW64\perfproc.dll
+ 2009-07-13 23:19 . 2009-07-14 01:16    28672              c:\windows\SysWOW64\perfos.dll
+ 2009-07-13 23:19 . 2009-07-14 01:16    20992              c:\windows\SysWOW64\perfnet.dll
+ 2009-07-13 23:11 . 2009-07-14 01:14    20992              c:\windows\SysWOW64\perfhost.exe
+ 2009-07-13 23:19 . 2009-07-14 01:16    31232              c:\windows\SysWOW64\perfdisk.dll
+ 2009-07-13 23:19 . 2009-07-14 01:16    39424              c:\windows\SysWOW64\perfctrs.dll
+ 2009-07-13 23:19 . 2009-07-14 01:16    46080              c:\windows\SysWOW64\pdhui.dll
+ 2009-07-13 23:11 . 2009-07-14 01:16    33280              c:\windows\SysWOW64\pcwum.dll
+ 2009-07-13 23:20 . 2009-07-14 01:14    15872              c:\windows\SysWOW64\pcaui.exe
+ 2009-07-13 23:20 . 2009-07-14 01:16    87040              c:\windows\SysWOW64\pcaui.dll
+ 2009-07-13 23:37 . 2009-07-14 01:16    44032              c:\windows\SysWOW64\pautoenr.dll
+ 2009-07-13 23:55 . 2009-07-14 01:14    13312              c:\windows\SysWOW64\PATHPING.EXE
+ 2009-07-13 23:41 . 2009-07-14 01:16    10752              c:\windows\SysWOW64\panmap.dll
+ 2009-07-13 23:39 . 2009-07-14 01:16    68096              c:\windows\SysWOW64\packager.dll
+ 2009-07-13 23:22 . 2009-07-14 01:16    19456              c:\windows\SysWOW64\osbaseln.dll
+ 2009-07-13 23:40 . 2009-07-14 01:14    97280              c:\windows\SysWOW64\OptionalFeatures.exe
+ 2009-07-13 23:15 . 2009-07-14 01:14    62464              c:\windows\SysWOW64\openfiles.exe
+ 2010-12-31 12:24 . 2010-10-22 06:23    57960              c:\windows\SysWOW64\OpenCL.dll
+ 2009-07-13 23:43 . 2009-07-14 01:16    77312              c:\windows\SysWOW64\olethk32.dll
+ 2009-07-13 23:43 . 2009-07-14 01:16    28672              c:\windows\SysWOW64\olesvr32.dll
+ 2009-07-13 23:43 . 2009-07-14 01:09    25600              c:\windows\SysWOW64\oleres.dll
+ 2009-07-13 23:43 . 2009-07-14 01:16    90112              c:\windows\SysWOW64\olepro32.dll
+ 2009-07-13 23:44 . 2009-07-14 01:16    80384              c:\windows\SysWOW64\olecli32.dll
+ 2009-07-13 22:00 . 2009-06-10 21:25    42592              c:\windows\SysWOW64\ole2.dll
+ 2009-07-14 00:12 . 2009-07-14 01:16    20480              c:\windows\SysWOW64\odtext32.dll
+ 2009-07-14 00:12 . 2009-07-14 01:16    20480              c:\windows\SysWOW64\odpdx32.dll
+ 2009-07-14 00:12 . 2009-07-14 01:16    20480              c:\windows\SysWOW64\odfox32.dll
+ 2009-07-14 00:12 . 2009-07-14 01:16    20480              c:\windows\SysWOW64\odexl32.dll
+ 2009-07-14 00:12 . 2009-07-14 01:16    20480              c:\windows\SysWOW64\oddbse32.dll
+ 2009-07-14 00:12 . 2009-07-14 01:16    24576              c:\windows\SysWOW64\odbcji32.dll
+ 2009-07-14 00:12 . 2009-07-14 01:16    86016              c:\windows\SysWOW64\odbccu32.dll
+ 2009-07-14 00:12 . 2009-07-14 01:16    86016              c:\windows\SysWOW64\odbccr32.dll
+ 2009-07-14 00:12 . 2009-07-14 01:14    32768              c:\windows\SysWOW64\odbcconf.exe
+ 2009-07-14 00:12 . 2009-07-14 01:16    40960              c:\windows\SysWOW64\odbcconf.dll
+ 2009-07-14 00:12 . 2009-07-14 01:16    49152              c:\windows\SysWOW64\odbcbcp.dll
+ 2009-07-14 00:11 . 2009-07-14 01:14    86016              c:\windows\SysWOW64\odbcad32.exe
+ 2009-07-14 00:11 . 2009-07-14 01:16    24576              c:\windows\SysWOW64\odbc32gt.dll
+ 2010-04-29 15:00 . 2009-12-22 08:24    14336              c:\windows\SysWOW64\ntvdm64.dll
+ 2009-07-14 00:18 . 2009-07-14 01:14    61952              c:\windows\SysWOW64\ntprint.exe
+ 2009-07-13 23:41 . 2009-07-14 01:16    15872              c:\windows\SysWOW64\ntlanui2.dll
+ 2009-07-13 23:31 . 2009-07-14 01:16    69120              c:\windows\SysWOW64\ntlanman.dll
+ 2009-07-13 23:38 . 2009-07-14 01:16    90112              c:\windows\SysWOW64\ntdsapi.dll
+ 2009-07-13 23:38 . 2009-07-14 01:14    85504              c:\windows\SysWOW64\nslookup.exe
+ 2009-07-13 23:53 . 2009-07-14 01:16    27136              c:\windows\SysWOW64\nshhttp.dll
+ 2009-07-13 23:56 . 2009-07-14 01:16    16896              c:\windows\SysWOW64\npmproxy.dll
+ 2009-07-13 23:15 . 2009-07-14 01:16    26112              c:\windows\SysWOW64\Nlsdl.dll
+ 2009-07-13 23:15 . 2009-07-14 01:10    68608              c:\windows\SysWOW64\nlsbres.dll
+ 2009-07-13 23:56 . 2009-07-14 01:16    11264              c:\windows\SysWOW64\nlmsprep.dll
+ 2009-07-13 23:53 . 2009-07-14 01:16    51712              c:\windows\SysWOW64\nlaapi.dll
+ 2009-07-13 23:16 . 2009-07-14 01:14    76800              c:\windows\SysWOW64\newdev.exe
+ 2009-07-13 23:53 . 2009-07-14 01:16    40960              c:\windows\SysWOW64\networkitemfactory.dll
+ 2009-07-13 23:37 . 2009-07-14 01:16    22016              c:\windows\SysWOW64\netutils.dll
+ 2009-07-13 23:55 . 2009-07-14 01:14    27136              c:\windows\SysWOW64\NETSTAT.EXE
+ 2009-07-13 23:54 . 2009-07-14 01:14    96256              c:\windows\SysWOW64\netsh.exe
+ 2009-07-13 23:39 . 2009-07-14 01:14    26112              c:\windows\SysWOW64\Netplwiz.exe
+ 2009-07-13 23:54 . 2009-07-14 01:14    25088              c:\windows\SysWOW64\netiougc.exe
+ 2010-06-23 12:05 . 2009-11-25 10:47    49472              c:\windows\SysWOW64\netfxperf.dll
+ 2009-07-13 23:12 . 2009-07-14 01:07    18944              c:\windows\SysWOW64\netevent.dll
+ 2009-07-13 23:53 . 2009-07-14 01:14    24064              c:\windows\SysWOW64\netbtugc.exe
+ 2009-07-13 23:53 . 2009-07-14 01:16    14336              c:\windows\SysWOW64\netbios.dll
+ 2009-07-13 23:37 . 2009-07-14 01:16    56832              c:\windows\SysWOW64\netapi32.dll
+ 2009-07-13 23:37 . 2009-07-14 01:14    46080              c:\windows\SysWOW64\net.exe
+ 2009-07-13 23:34 . 2009-07-14 01:16    93696              c:\windows\SysWOW64\negoexts.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    12288              c:\windows\SysWOW64\ndproxystub.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    71168              c:\windows\SysWOW64\ndishc.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    41984              c:\windows\SysWOW64\ndiscapCfg.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    94720              c:\windows\SysWOW64\ndfhcdiscovery.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    29696              c:\windows\SysWOW64\ndfetw.dll
+ 2009-07-13 23:16 . 2009-07-14 01:14    75264              c:\windows\SysWOW64\ndadmin.exe
+ 2009-07-13 23:32 . 2009-07-14 01:16    60928              c:\windows\SysWOW64\ncryptui.dll
+ 2009-07-13 23:30 . 2009-07-14 01:16    49152              c:\windows\SysWOW64\ncobjapi.dll
+ 2009-07-13 23:53 . 2009-07-14 01:16    78336              c:\windows\SysWOW64\nci.dll
+ 2009-07-13 23:22 . 2009-07-14 01:16    19968              c:\windows\SysWOW64\NcdProp.dll
+ 2009-07-13 23:27 . 2009-07-14 01:16    13312              c:\windows\SysWOW64\NativeHooks.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    38912              c:\windows\SysWOW64\napipsec.dll
+ 2009-07-13 23:54 . 2009-07-14 01:16    52224              c:\windows\SysWOW64\NapiNSP.dll
+ 2009-07-13 23:53 . 2009-07-14 01:16    67584              c:\windows\SysWOW64\napdsnap.dll
+ 2009-07-13 23:53 . 2009-07-14 01:22    46080              c:\windows\SysWOW64\NAPCRYPT.DLL
+ 2009-07-13 23:13 . 2009-07-14 01:14    70656              c:\windows\SysWOW64\MuiUnattend.exe
+ 2009-07-13 23:25 . 2009-07-14 01:15    13312              c:\windows\SysWOW64\muifontsetup.dll
+ 2010-04-29 16:11 . 2009-06-10 12:14    12624              c:\windows\SysWOW64\MUI\040B\mscorees.dll
+ 2010-06-23 12:05 . 2009-11-25 10:47    11600              c:\windows\SysWOW64\MUI\0409\mscorees.dll
+ 2010-04-29 16:39 . 2009-06-10 12:14    12624              c:\windows\SysWOW64\MUI\0406\mscorees.dll
+ 2009-07-13 23:44 . 2009-07-14 01:15    27648              c:\windows\SysWOW64\mtxlegih.dll
+ 2009-07-13 23:44 . 2009-07-14 01:15    22528              c:\windows\SysWOW64\mtxdm.dll
+ 2010-04-29 15:00 . 2009-12-19 09:02    22016              c:\windows\SysWOW64\msyuv.dll
+ 2009-05-14 04:22 . 2009-05-14 04:22    82432              c:\windows\SysWOW64\msxml4r.dll
+ 2010-05-13 13:50 . 2008-08-13 09:22    24576              c:\windows\SysWOW64\msxml3a.dll
+ 2010-04-29 15:00 . 2009-12-19 09:02    31744              c:\windows\SysWOW64\msvidc32.dll
+ 2009-07-13 23:10 . 2009-07-14 01:07    60928              c:\windows\SysWOW64\msvcrt40.dll
+ 2009-07-13 23:11 . 2009-07-14 01:15    59904              c:\windows\SysWOW64\msvcirt.dll
+ 2009-07-14 00:13 . 2009-07-14 01:15    17408              c:\windows\SysWOW64\msswch.dll
+ 2009-07-14 00:13 . 2009-07-14 01:15    35328              c:\windows\SysWOW64\mssprxy.dll
+ 2009-07-13 23:32 . 2009-07-14 01:15    39424              c:\windows\SysWOW64\mssign32.dll
+ 2009-07-14 00:12 . 2009-07-14 01:15    10240              c:\windows\SysWOW64\msshooks.dll
+ 2009-07-14 00:12 . 2009-07-14 01:15    59392              c:\windows\SysWOW64\msscntrs.dll
+ 2000-04-26 11:34 . 2000-04-26 11:34    44304              c:\windows\SysWOW64\msrpfs35.dll
+ 2010-04-29 15:00 . 2009-12-19 09:02    13312              c:\windows\SysWOW64\msrle32.dll
+ 2009-07-14 00:02 . 2009-07-14 01:15    44544              c:\windows\SysWOW64\MsRdpWebAccess.dll
+ 2009-07-13 23:41 . 2009-07-14 01:15    44032              c:\windows\SysWOW64\msports.dll
+ 2009-07-13 23:12 . 2009-07-14 01:15    35328              c:\windows\SysWOW64\mspatcha.dll
+ 2009-07-13 23:42 . 2009-07-14 01:15    86528              c:\windows\SysWOW64\msoert2.dll
+ 2009-07-13 23:11 . 2009-07-14 01:07    60416              c:\windows\SysWOW64\msobjs.dll
+ 2010-05-02 14:54 . 1998-07-05 22:00    23552              c:\windows\SysWOW64\MSMPIDE.DLL
+ 2009-07-13 21:03 . 2009-07-14 01:15    61440              c:\windows\SysWOW64\msjter40.dll
+ 2000-04-26 11:34 . 2000-04-26 11:34    24848              c:\windows\SysWOW64\msjter35.dll
+ 2009-07-13 21:03 . 2009-07-14 01:15    24576              c:\windows\SysWOW64\msjint40.dll
+ 2009-07-13 23:31 . 2009-07-14 01:15    20480              c:\windows\SysWOW64\msisip.dll
+ 2009-07-13 23:26 . 2009-07-14 01:15    31232              c:\windows\SysWOW64\msimtf.dll
+ 2009-07-13 23:31 . 2009-07-14 01:07    25088              c:\windows\SysWOW64\msimsg.dll
+ 2009-07-13 23:31 . 2009-07-14 01:15    15872              c:\windows\SysWOW64\msiltcfg.dll
+ 2009-07-13 23:31 . 2009-07-14 01:14    73216              c:\windows\SysWOW64\msiexec.exe
+ 2009-07-13 23:39 . 2009-07-14 01:15    53248              c:\windows\SysWOW64\msident.dll
+ 2009-07-13 23:42 . 2009-07-14 01:06    48128              c:\windows\SysWOW64\mshtmler.dll
+ 2010-12-16 19:43 . 2010-11-04 05:49    67072              c:\windows\SysWOW64\mshtmled.dll
+ 2009-07-13 23:42 . 2009-07-14 01:14    47104              c:\windows\SysWOW64\mshta.exe
+ 2010-12-16 19:43 . 2010-11-04 05:46    12800              c:\windows\SysWOW64\msfeedssync.exe
+ 2010-12-16 19:43 . 2010-11-04 05:49    64512              c:\windows\SysWOW64\msfeedsbs.dll
+ 2009-07-13 23:44 . 2009-07-14 01:06    21504              c:\windows\SysWOW64\msdtcVSp1res.dll
+ 2009-07-13 22:00 . 2009-06-10 21:15    19429              c:\windows\SysWOW64\Msdtc\Trace\msdtcvtr.bat
+ 2009-07-14 00:03 . 2009-07-14 01:15    30208              c:\windows\SysWOW64\msdmo.dll
+ 2009-07-13 23:26 . 2009-07-14 01:15    85504              c:\windows\SysWOW64\msctfui.dll
+ 2009-07-13 23:26 . 2009-07-14 01:15    81920              c:\windows\SysWOW64\msctfp.dll
+ 2009-07-13 23:26 . 2009-07-14 01:15    19968              c:\windows\SysWOW64\MsCtfMonitor.dll
+ 2009-07-14 00:11 . 2009-07-14 01:15    28672              c:\windows\SysWOW64\mscpxl32.dLL
+ 2009-07-13 20:46 . 2009-06-10 21:23    80720              c:\windows\SysWOW64\mscories.dll
+ 2009-07-13 23:32 . 2009-07-14 01:15    10240              c:\windows\SysWOW64\mscat32.dll
+ 2010-04-29 15:00 . 2009-08-29 06:57    34816              c:\windows\SysWOW64\msasn1.dll
+ 2009-07-14 00:03 . 2009-07-14 01:14    20992              c:\windows\SysWOW64\msacm32.drv
+ 2009-07-14 00:03 . 2009-07-14 01:15    72192              c:\windows\SysWOW64\msacm32.dll
+ 2009-07-13 23:55 . 2009-07-14 01:14    11264              c:\windows\SysWOW64\MRINFO.EXE
+ 2009-07-13 23:54 . 2009-07-14 01:15    75264              c:\windows\SysWOW64\mprdim.dll
+ 2009-07-13 23:55 . 2009-07-14 01:15    64000              c:\windows\SysWOW64\mpr.dll
+ 2009-07-14 00:07 . 2009-07-14 01:15    79872              c:\windows\SysWOW64\MP3DMOD.DLL
+ 2009-07-13 23:15 . 2009-07-14 01:14    13312              c:\windows\SysWOW64\mountvol.exe
+ 2009-07-13 23:15 . 2009-07-13 23:15    20992              c:\windows\SysWOW64\more.com
+ 2009-07-13 23:15 . 2009-07-13 23:15    25088              c:\windows\SysWOW64\mode.com
+ 2009-07-14 00:03 . 2009-07-14 01:15    12800              c:\windows\SysWOW64\mmcico.dll
+ 2009-07-14 00:03 . 2009-07-14 01:15    70656              c:\windows\SysWOW64\mmci.dll
+ 2009-07-14 00:12 . 2009-07-14 01:15    38912              c:\windows\SysWOW64\mimefilt.dll
+ 2009-07-14 00:13 . 2009-07-14 01:16    57344              c:\windows\SysWOW64\migwiz\replacementmanifests\WindowsSearchEngine\WSearchMigPlugin.dll
+ 2009-07-13 23:51 . 2009-07-14 01:16    72192              c:\windows\SysWOW64\migwiz\replacementmanifests\Usb\usbmigplugin.dll
+ 2009-07-14 00:01 . 2009-07-14 01:16    75776              c:\windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-TerminalServices-LicenseServer\TlsRepPlugin.dll
+ 2009-07-13 23:42 . 2009-07-14 01:16    90112              c:\windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-shmig\shmig.dll
+ 2009-07-13 23:40 . 2009-07-14 01:16    19456              c:\windows\SysWOW64\migwiz\replacementmanifests\Microsoft-Windows-GameUXMig\gameuxmig.dll
+ 2009-07-14 00:03 . 2009-07-14 01:16    68608              c:\windows\SysWOW64\migwiz\replacementmanifests\microsoft-windows-audio-mmecore-other\audmigplugin.dll
+ 2009-07-13 23:15 . 2009-07-14 01:16    97280              c:\windows\SysWOW64\migwiz\replacementmanifests\microsoft-international-core\nlscoremig.dll
+ 2009-07-13 23:32 . 2009-07-14 01:16    63488              c:\windows\SysWOW64\migwiz\replacementmanifests\microsoft-activedirectory-webservices\adwsmigrate.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    89088              c:\windows\SysWOW64\migwiz\dlmanifests\Networking-MPSSVC-Svc\icfupgd.dll
+ 2009-07-13 23:26 . 2009-07-14 01:16    31744              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\TableTextServiceMig.dll
+ 2009-07-13 23:26 . 2009-07-14 01:16    22528              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imtcmig.dll
+ 2009-07-13 23:26 . 2009-07-14 01:16    32768              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imscmig.dll
+ 2009-07-13 23:26 . 2009-07-14 01:16    39936              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imkrmig.dll
+ 2009-07-13 23:26 . 2009-07-14 01:16    35328              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-TextServicesFramework-Migration-DL\imjpmig.dll
+ 2009-07-13 23:42 . 2009-07-14 01:16    90112              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-shmig-DL\shmig.dll
+ 2009-07-13 23:54 . 2009-07-14 01:16    58368              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-RasConnectionManager\cmmigr.dll
+ 2009-07-13 23:14 . 2009-07-14 01:16    95744              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-OfflineFiles-DL\CscMigDl.dll
+ 2009-07-13 23:52 . 2009-07-14 01:16    62976              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-NetworkBridge\bridgemigplugin.dll
+ 2009-07-13 23:15 . 2009-07-14 01:16    97280              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-International-Core-DL\nlscoremig.dll
+ 2009-07-13 23:38 . 2009-07-14 01:16    89600              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-DirectoryServices-ADAM-DL\adammigrate.dll
+ 2009-07-13 23:44 . 2009-07-14 01:16    65024              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-DTC-Setup-DL\msdtcstp.dll
+ 2009-07-13 23:44 . 2009-07-14 01:16    55296              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-COM-ComPlus-Setup-DL\commig.dll
+ 2009-07-13 23:51 . 2009-07-14 01:16    75776              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-Bluetooth-Config\BthMigPlugin.dll
+ 2009-07-13 23:36 . 2009-07-14 01:16    74752              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-Windows-ADFS-DL\adfsmig.dll
+ 2009-07-13 23:32 . 2009-07-14 01:16    63488              c:\windows\SysWOW64\migwiz\dlmanifests\Microsoft-ActiveDirectory-WebServices-DL\adwsmigrate.dll
+ 2009-07-13 23:29 . 2009-07-14 01:16    61440              c:\windows\SysWOW64\migwiz\dlmanifests\BITSExtensions-Server\bitsmig.dll
+ 2009-07-14 00:13 . 2009-07-14 01:16    57344              c:\windows\SysWOW64\migration\WSearchMigPlugin.dll
+ 2010-12-16 19:43 . 2010-11-04 05:52    68608              c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2009-07-13 23:26 . 2009-07-14 01:16    31744              c:\windows\SysWOW64\migration\TableTextServiceMig.dll
+ 2009-07-13 23:41 . 2009-07-14 01:16    90112              c:\windows\SysWOW64\migration\shmig.dll
+ 2009-07-14 00:14 . 2009-07-14 01:16    44032              c:\windows\SysWOW64\migration\SCGMigPlugin.dll
+ 2009-07-13 23:19 . 2009-07-14 01:16    98304              c:\windows\SysWOW64\migration\PlaMig.dll
+ 2009-07-13 23:15 . 2009-07-14 01:16    97280              c:\windows\SysWOW64\migration\nlscoremig.dll
+ 2009-07-13 23:53 . 2009-07-14 01:16    57856              c:\windows\SysWOW64\migration\netiomig.dll
+ 2009-07-13 23:53 . 2009-07-14 01:15    51200              c:\windows\SysWOW64\migration\IphlpsvcMigPlugin.dll
+ 2009-07-13 23:26 . 2009-07-14 01:15    22528              c:\windows\SysWOW64\migration\imtcmig.dll
+ 2009-07-13 23:26 . 2009-07-14 01:15    32768              c:\windows\SysWOW64\migration\imscmig.dll
+ 2009-07-13 23:26 . 2009-07-14 01:15    39936              c:\windows\SysWOW64\migration\imkrmig.dll
+ 2009-07-13 23:26 . 2009-07-14 01:15    35328              c:\windows\SysWOW64\migration\imjpmig.dll
+ 2009-07-13 23:40 . 2009-07-14 01:15    19456              c:\windows\SysWOW64\migration\gameuxmig.dll
+ 2009-07-13 23:44 . 2009-07-14 01:15    55296              c:\windows\SysWOW64\migration\commig.dll
+ 2009-07-13 23:51 . 2009-07-14 01:15    75776              c:\windows\SysWOW64\migration\bthmigplugin.dll
+ 2009-07-14 00:03 . 2009-07-14 01:14    68608              c:\windows\SysWOW64\migration\audmigplugin.dll
+ 2009-07-13 23:17 . 2009-07-14 01:20    91728              c:\windows\SysWOW64\MigAutoPlay.exe
+ 2009-07-14 00:03 . 2009-07-14 01:15    16896              c:\windows\SysWOW64\midimap.dll
+ 2009-07-13 23:55 . 2009-07-14 01:15    18944              c:\windows\SysWOW64\mgmtapi.dll
+ 2009-07-14 00:08 . 2009-07-14 01:15    53248              c:\windows\SysWOW64\mfvdsp.dll
+ 2009-07-14 00:03 . 2009-07-14 01:14    23040              c:\windows\SysWOW64\mfpmp.exe
+ 2009-07-14 00:03 . 2009-07-14 01:15    77312              c:\windows\SysWOW64\mfmjpegdec.dll
+ 2009-07-13 23:44 . 2009-07-14 01:15    25600              c:\windows\SysWOW64\mfcsubs.dll
+ 2009-07-14 00:03 . 2009-07-14 01:15    92672              c:\windows\SysWOW64\mfAACEnc.dll
+ 2009-07-13 23:25 . 2009-07-14 01:15    41984              c:\windows\SysWOW64\mf3216.dll
+ 2009-07-14 00:03 . 2009-07-14 01:15    23040              c:\windows\SysWOW64\mciwave.dll
+ 2009-07-14 00:03 . 2009-07-14 01:15    23552              c:\windows\SysWOW64\mciseq.dll
+ 2009-07-14 00:03 . 2009-07-14 01:15    36352              c:\windows\SysWOW64\mciqtz32.dll
+ 2009-07-14 00:03 . 2009-07-14 01:15    38912              c:\windows\SysWOW64\mcicda.dll
+ 2010-04-29 15:00 . 2009-12-19 09:02    84480              c:\windows\SysWOW64\mciavi32.dll
+ 2009-07-14 00:12 . 2009-07-14 01:15    76800              c:\windows\SysWOW64\mapistub.dll
+ 2009-07-14 00:12 . 2009-07-14 01:15    76800              c:\windows\SysWOW64\mapi32.dll
+ 2009-07-13 23:12 . 2009-07-14 01:14    98816              c:\windows\SysWOW64\makecab.exe
+ 2009-07-13 23:27 . 2009-07-14 01:15    40448              c:\windows\SysWOW64\Magnification.dll
+ 2010-10-22 11:46 . 2010-10-22 11:46    98304              c:\windows\SysWOW64\Macromed\Shockwave 10\SwOnce.dll
+ 2010-10-22 11:46 . 2010-10-22 11:46    86016              c:\windows\SysWOW64\Macromed\Shockwave 10\SwMenuX.dll
+ 2010-10-22 11:46 . 2010-10-22 11:46    77824              c:\windows\SysWOW64\Macromed\Shockwave 10\SwInit.exe
+ 2010-10-22 11:46 . 2010-10-22 11:46    24576              c:\windows\SysWOW64\Macromed\Shockwave 10\DynaPlayer.dll
+ 2009-07-13 23:15 . 2009-07-14 01:15    41472              c:\windows\SysWOW64\luainstall.dll
+ 2009-07-14 00:02 . 2009-07-14 01:15    20992              c:\windows\SysWOW64\lsmproxy.dll
+ 2009-07-13 23:25 . 2009-07-14 01:11    25600              c:\windows\SysWOW64\lpk.dll
+ 2009-07-13 23:19 . 2009-07-14 01:14    82432              c:\windows\SysWOW64\logman.exe
+ 2009-07-13 23:29 . 2009-07-14 01:15    69632              c:\windows\SysWOW64\loghours.dll
+ 2009-07-14 00:08 . 2009-07-14 01:14    95232              c:\windows\SysWOW64\logagent.exe
+ 2009-07-13 23:19 . 2009-07-14 01:14    42496              c:\windows\SysWOW64\lodctr.exe
+ 2009-07-13 23:45 . 2009-07-14 01:14    89600              c:\windows\SysWOW64\LocationNotifications.exe
+ 2009-07-13 23:39 . 2009-07-14 01:15    22016              c:\windows\SysWOW64\linkinfo.dll
+ 2009-07-13 23:15 . 2009-07-14 01:14    14336              c:\windows\SysWOW64\label.exe
+ 2009-07-13 23:51 . 2009-07-14 01:15    54272              c:\windows\SysWOW64\l2nacp.dll
+ 2009-07-13 23:51 . 2009-07-14 01:15    57344              c:\windows\SysWOW64\l2gpstore.dll
+ 2009-07-13 23:11 . 2009-07-14 01:15    20480              c:\windows\SysWOW64\ktmw32.dll
+ 2009-07-13 23:15 . 2009-07-14 01:14    14848              c:\windows\SysWOW64\ktmutil.exe
+ 2009-07-13 23:32 . 2009-07-14 01:15    19456              c:\windows\SysWOW64\keyiso.dll
+ 2009-07-13 23:25 . 2009-07-14 01:11    10752              c:\windows\SysWOW64\KBDKOR.DLL
+ 2009-07-13 23:25 . 2009-07-14 01:11    11264              c:\windows\SysWOW64\KBDJPN.DLL
+ 2010-12-16 19:43 . 2010-11-04 05:48    48128              c:\windows\SysWOW64\jsproxy.dll
+ 2000-04-26 11:34 . 2000-04-26 11:34    39424              c:\windows\SysWOW64\JETCOMP.exe
+ 2010-05-18 14:35 . 2010-05-18 14:35    75040              c:\windows\SysWOW64\jdns_sd.dll
+ 2010-04-29 15:00 . 2009-12-19 09:02    50176              c:\windows\SysWOW64\iyuv_32.dll
+ 2009-07-13 23:40 . 2009-07-14 01:14    86528              c:\windows\SysWOW64\isoburn.exe
+ 2009-07-13 23:46 . 2009-07-14 01:15    66048              c:\windows\SysWOW64\iscsiwmi.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15    28672              c:\windows\SysWOW64\iscsium.dll
+ 2009-07-13 23:46 . 2009-07-14 01:15    50688              c:\windows\SysWOW64\iscsidsc.dll
+ 2009-07-13 23:53 . 2009-07-14 01:15    15360              c:\windows\SysWOW64\irclass.dll
+ 2009-07-13 23:55 . 2009-07-14 01:14    27136              c:\windows\SysWOW64\ipconfig.exe
+ 2009-07-13 23:22 . 2009-07-14 01:15    10752              c:\windows\SysWOW64\IPBusEnumProxy.dll
+ 2009-07-13 21:23 . 2009-07-14 01:11    34816              c:\windows\SysWOW64\InstallShield\setupdir\0c0c\_setup.dll
+ 2009-07-13 21:23 . 2009-07-14 01:11    35328              c:\windows\SysWOW64\InstallShield\setupdir\0816\_setup.dll
+ 2009-07-13 21:23 . 2009-07-14 01:11    34816              c:\windows\SysWOW64\InstallShield\setupdir\0804\_setup.dll
+ 2009-07-13 21:23 . 2009-07-14 01:11    35328              c:\windows\SysWOW64\InstallShield\setupdir\0416\_setup.dll
+ 2009-07-13 21:23 . 2009-07-14 01:11    34816              c:\windows\SysWOW64\InstallShield\setupdir\040c\_setup.dll
+ 2009-07-13 21:23 . 2009-07-14 01:11    34816              c:\windows\SysWOW64\InstallShield\setupdir\0404\_setup.dll
+ 2009-07-13 21:23 . 2009-07-14 01:11    34816              c:\windows\SysWOW64\InstallShield\setupdir\002d\_setup.dll
+ 2009-07-13 21:23 . 2009-07-14 01:11    35328              c:\windows\SysWOW64\InstallShield\setupdir\0024\_setup.dll
+ 2009-07-13 21:23 . 2009-07-14 01:11    35328              c:\windows\SysWOW64\InstallShield\setupdir\0021\_setup.dll
+ 2009-07-13 21:23 . 2009-07-14

Du har ikke kørt den vejledning her #19 rigtigt, du skal oprette den CFScript fil og trække den over på ikonet til Combofix.

Prøver igen:

ComboFix 11-01-26.01 - Musa 27/01/2011  14:12:30.5.2 - x64
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.44.1033.18.3519.2320 [GMT 1:00]
Running from: c:\users\Musa\Desktop\Combo\ComboFix.exe
Command switches used :: c:\users\Musa\Desktop\Combo\CFScript.txt
AV: avast! Internet Security *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: avast! Internet Security *Enabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473}
SP: avast! Internet Security *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\directory
c:\directory\Cgate\install\server.exe
.
---- Previous Run -------
.
c:\program files (x86)\uTorrent\uTorrent.exe
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215803994037500_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215829629975000_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215857840756250_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634219291587531250_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634220940193781250_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634220946896281250_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634226715423943750_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634244832697856250_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633826753881225000_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633826758646068750_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552376087500_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552502181250_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552614056250_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552723118750_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827565870150000_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827655684775000_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161798257141250_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161799307581250_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161801077882500_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_SearchActivationButton-go_but01_gif-General-634220918830656250_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_videosurf_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_flurries_gif.gif
c:\users\Musa\AppData\Local\uTorrentBar\EmailNotifier\AccountTypes.xml
c:\users\Musa\AppData\Local\uTorrentBar\EmailNotifier\aol.com.xml
c:\users\Musa\AppData\Local\uTorrentBar\EmailNotifier\comcast.net.xml
c:\users\Musa\AppData\Local\uTorrentBar\EmailNotifier\google.com.xml
c:\users\Musa\AppData\Local\uTorrentBar\EmailNotifier\hotmail.com.xml
c:\users\Musa\AppData\Local\uTorrentBar\EmailNotifier\yahoo.com.xml
c:\users\Musa\AppData\Local\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml
c:\users\Musa\AppData\Local\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml
c:\users\Musa\AppData\Local\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml
c:\users\Musa\AppData\Local\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml
c:\users\Musa\AppData\Local\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGong_16.png
c:\users\Musa\AppData\Local\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
c:\users\Musa\AppData\Local\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml
c:\users\Musa\AppData\Local\uTorrentBar\Repository\conduit_CT2786678_CT2786678\AppsMetaData\data.bck.txt
c:\users\Musa\AppData\Local\uTorrentBar\Repository\conduit_CT2786678_CT2786678\AppsMetaData\data.txt
c:\users\Musa\AppData\Local\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarLogin\data.txt
c:\users\Musa\AppData\Local\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarSettings\data.bck.txt
c:\users\Musa\AppData\Local\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarSettings\data.txt
c:\users\Musa\AppData\Local\uTorrentBar\Repository\conduit_CT2786678_en\ToolbarTranslation\data.txt
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_structured.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___feeds_reuters_com_reuters_topNews.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___feeds_reuters_com_reuters_topNews_structured.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss_structured.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss_structured.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss_structured.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_history.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_structured.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml_structured.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___rss_cnn_com_rss_cnn_latest_rss.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___rss_cnn_com_rss_cnn_latest_rss_structured.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___rss_news_yahoo_com_rss_world.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___rss_news_yahoo_com_rss_world_structured.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___worldpress_org_feeds_topstories_xml.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___worldpress_org_feeds_topstories_xml_structured.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece.xml
c:\users\Musa\AppData\Local\uTorrentBar\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece_structured.xml
c:\users\Musa\AppData\Local\uTorrentBar\SearchInNewTab\SearchInNewTabContent.xml
c:\users\Musa\AppData\Local\uTorrentBar\ThirdPartyComponents.xml

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EAMONM
-------\Legacy_LBD
-------\Legacy_TFFSMON
-------\Legacy_TFNETMON
-------\Legacy_TFSYSMON
-------\Service_conhost.exe        pid: 3260    28: c:\windows\System32\en-US\conhost.exe.mui
-------\Service_conhost.exe        pid: 4356    24: c:\windows\System32\en-US\conhost.exe.mui
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_eamonm
-------\Service_Handle v3.42
-------\Service_Lbd
-------\Service_lsm.exe            pid: 704    268: c:\windows\System32\en-US\lsm.exe.mui
-------\Service_svchost.exe        pid: 2452    F0: \BaseNamedObjects\HPZipm12.exeCommandMapPort
-------\Service_Sysinternals - www.sysinternals.com
-------\Service_TfFsMon
-------\Service_TfNetMon
-------\Service_TfSysMon
-------\Service_wmpnetwk.exe      pid: 204      40: c:\program files\Windows Media Player\en-US\wmpnetwk.exe.mui
-------\Service_wmpnetwk.exe      pid: 204    810: c:\program files\Windows Media Player\wmpnetwk.exe
-------\Service_conhost.exe        pid: 2544    24: c:\windows\System32\en-US\conhost.exe.mui
-------\Service_conhost.exe        pid: 2932    28: c:\windows\System32\en-US\conhost.exe.mui
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_Handle v3.42
-------\Service_lsm.exe            pid: 676    264: c:\windows\System32\en-US\lsm.exe.mui
-------\Service_svchost.exe        pid: 2460    EC: \BaseNamedObjects\HPZipm12.exeCommandMapPort
-------\Service_Sysinternals - www.sysinternals.com
-------\Service_wmpnetwk.exe      pid: 3552    40: c:\program files\Windows Media Player\en-US\wmpnetwk.exe.mui


(((((((((((((((((((((((((  Files Created from 2010-12-27 to 2011-01-27  )))))))))))))))))))))))))))))))
.

2011-01-27 13:25 . 2011-01-27 13:25    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-01-26 11:10 . 2011-01-26 11:10    --------    d-----w-    c:\program files\Ventrilo
2011-01-26 11:09 . 2011-01-26 11:09    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2011-01-26 11:08 . 2011-01-26 11:08    --------    d-----w-    c:\program files (x86)\TeamSpeak 3 Client
2011-01-25 20:09 . 2011-01-25 20:09    --------    d-----w-    c:\users\Musa\AppData\Roaming\CheeseSoft
2011-01-25 20:09 . 2011-01-25 20:10    --------    d-----w-    C:\FU_Backup
2011-01-25 20:09 . 2011-01-25 20:45    --------    d-----w-    c:\program files (x86)\FinalUninstaller
2011-01-25 07:35 . 2011-01-13 10:20    7844688    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{81841ABF-C78E-45CB-9914-8994842136A6}\mpengine.dll
2011-01-23 15:49 . 2011-01-23 15:49    388096    ----a-r-    c:\users\Musa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-23 15:49 . 2011-01-23 15:49    --------    d-----w-    c:\program files (x86)\Trend Micro
2011-01-23 10:51 . 2011-01-23 10:51    --------    d-----w-    c:\users\Musa\AppData\Roaming\Auslogics
2011-01-23 09:53 . 2011-01-23 11:38    --------    d-----w-    c:\programdata\IObit
2011-01-23 09:39 . 2011-01-23 09:39    --------    d-----w-    c:\program files (x86)\Auslogics
2011-01-23 09:36 . 2011-01-23 09:36    --------    d-----w-    c:\users\Musa\AppData\Roaming\Malwarebytes
2011-01-23 09:36 . 2010-12-20 17:09    38224    ----a-w-    c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-23 09:36 . 2011-01-23 09:36    --------    d-----w-    c:\programdata\Malwarebytes
2011-01-23 09:36 . 2011-01-23 09:36    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-23 09:36 . 2010-12-20 17:08    24152    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-01-21 15:13 . 2011-01-21 15:13    667648    ----a-w-    c:\users\Musa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exploreroptions.exe
2011-01-10 10:39 . 2011-01-10 10:40    --------    d-----w-    c:\users\Musa\AppData\Roaming\vlc
2011-01-04 15:05 . 2011-01-11 17:38    270904    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2011-01-04 15:05 . 2011-01-08 09:58    270904    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2011-01-04 15:05 . 2011-01-11 17:38    270904    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2011-01-04 15:05 . 2011-01-04 15:05    75136    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2011-01-04 15:03 . 2011-01-04 15:03    --------    d-----w-    c:\users\Musa\AppData\Local\PunkBuster
2011-01-04 14:56 . 2011-01-04 14:56    --------    d--h--r-    c:\users\Musa\AppData\Roaming\SecuROM
2011-01-04 13:56 . 2011-01-04 13:56    --------    d-----w-    c:\program files (x86)\Electronic Arts
2011-01-04 13:56 . 2009-09-04 16:44    517960    ----a-w-    c:\windows\system32\XAudio2_5.dll
2011-01-04 13:56 . 2009-09-04 16:44    238936    ----a-w-    c:\windows\SysWow64\xactengine3_5.dll
2011-01-04 13:56 . 2009-09-04 16:44    176968    ----a-w-    c:\windows\system32\xactengine3_5.dll
2011-01-04 13:56 . 2009-09-04 16:29    1974616    ----a-w-    c:\windows\SysWow64\D3DCompiler_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    2582888    ----a-w-    c:\windows\system32\D3DCompiler_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    5501792    ----a-w-    c:\windows\SysWow64\d3dcsx_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    5554512    ----a-w-    c:\windows\system32\d3dcsx_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    235344    ----a-w-    c:\windows\SysWow64\d3dx11_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    1892184    ----a-w-    c:\windows\SysWow64\D3DX9_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    285024    ----a-w-    c:\windows\system32\d3dx11_42.dll
2011-01-04 13:56 . 2009-09-04 16:29    2475352    ----a-w-    c:\windows\system32\D3DX9_42.dll
2011-01-03 07:33 . 2011-01-03 07:33    --------    d-----w-    c:\users\Musa\AppData\Local\Conduit
2011-01-01 13:02 . 2011-01-01 13:02    --------    d-----w-    c:\windows\en
2011-01-01 13:00 . 2009-09-04 16:44    69464    ----a-w-    c:\windows\SysWow64\XAPOFX1_3.dll
2011-01-01 13:00 . 2009-09-04 16:44    515416    ----a-w-    c:\windows\SysWow64\XAudio2_5.dll
2011-01-01 13:00 . 2009-09-04 16:29    453456    ----a-w-    c:\windows\SysWow64\d3dx10_42.dll
2011-01-01 13:00 . 2009-09-04 16:29    523088    ----a-w-    c:\windows\system32\d3dx10_42.dll
2011-01-01 12:59 . 2006-11-29 12:06    4398360    ----a-w-    c:\windows\system32\d3dx9_32.dll
2011-01-01 12:59 . 2006-11-29 12:06    3426072    ----a-w-    c:\windows\SysWow64\d3dx9_32.dll
2010-12-31 12:17 . 2010-12-31 12:17    --------    d-----w-    c:\program files (x86)\SystemRequirementsLab
2010-12-31 12:17 . 2010-12-31 12:17    --------    d-----w-    c:\users\Musa\AppData\Roaming\SystemRequirementsLab
2010-12-29 13:57 . 2010-12-29 13:58    --------    d-----w-    c:\windows\SysWow64\Adobe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 17:53 . 2010-04-29 15:40    472808    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2010-11-04 06:35 . 2010-12-16 19:43    1194496    ----a-w-    c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-16 19:43    57856    ----a-w-    c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-16 19:43    978944    ----a-w-    c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-16 19:43    44544    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-16 19:43    482816    ----a-w-    c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-16 19:43    386048    ----a-w-    c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-16 19:43    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-16 19:43    1638912    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-16 19:43    524288    ----a-w-    c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-16 19:43    1169408    ----a-w-    c:\windows\system32\taskschd.dll
2010-11-02 05:17 . 2010-12-16 19:43    473600    ----a-w-    c:\windows\system32\taskcomp.dll
2010-11-02 05:16 . 2010-12-16 19:43    1114624    ----a-w-    c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-16 19:43    464384    ----a-w-    c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-16 19:43    285696    ----a-w-    c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-16 19:43    496128    ----a-w-    c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-16 19:43    305152    ----a-w-    c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-16 19:43    192000    ----a-w-    c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-16 19:43    179712    ----a-w-    c:\windows\SysWow64\schtasks.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-06-28 20:59    153184    ----a-w-    c:\program files\Alwil Software\Avast5\snxPlugins.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Musa\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Policies"="c:\directory\Cgate\install\server.exe" [2009-06-10 1169224]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Policies"="c:\directory\Cgate\install\server.exe" [2009-06-10 1169224]

c:\users\Musa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
4t Tray Minimizer.lnk - c:\program files (x86)\4t Tray Minimizer\4t-min.exe [2010-4-29 1821696]
exploreroptions.exe [2011-1-21 667648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-07 1038088]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2007-07-18 189664]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-06-28 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-09 834544]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 61008]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-06-28 119200]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 24152]
S3 salmosa;Razer Salmosa;c:\windows\system32\drivers\salmosa.sys [2008-03-20 11904]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ      hpqcxs08 hpqddsvc
nosGetPlusHelper    REG_MULTI_SZ      nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-26 04:23]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-26 04:23]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267773119-1761465820-909672678-1000Core.job
- c:\users\Musa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 04:23]

2011-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267773119-1761465820-909672678-1000UA.job
- c:\users\Musa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 04:23]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55    99080    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-06-28 20:56    177416    ----a-w-    c:\program files\Alwil Software\Avast5\snxPlugins64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.dk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Musa\AppData\Roaming\Mozilla\Firefox\Profiles\nbx5gcxp.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=da&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Dansk ordbog: danish@dictionaries.addons.mozilla.org - %profile%\extensions\danish@dictionaries.addons.mozilla.org
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: ImageShack&#174; Toolbar: {7378B8C2-FC38-41b8-A8C9-875D1F5B0A24} - %profile%\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>{43c35458-c907-439b-bcfd-07d373834689}: {43c35458-c907-439b-bcfd-07d373834689} - %profile%\extensions\{43c35458-c907-439b-bcfd-07d373834689}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: YouTube mp3: info@youtube-mp3.org - %profile%\extensions\info@youtube-mp3.org
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe


"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 1436    24: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 1440    20: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 2544    24: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 2932    28: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 3260    28: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 3396    24: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 3668    20: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 4356    24: C:]
--
"ServiceDll"="%SystemRoot%\System32\cscsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ctfmon.exe        pid: 1820    50: C:]
--
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lsm.exe            pid: 672    260: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lsm.exe            pid: 676    264: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lsm.exe            pid: 688    268: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lsm.exe            pid: 704    268: C:]
--
"ImagePath"="\SystemRoot\system32\DRIVERS\storvsc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 2368    E8: ]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 2452    F0: ]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 2460    EC: ]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\svchost.exe        pid: 2912    F0: ]
--
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe      pid: 1372    3C: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe      pid: 1372    7A0: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe      pid: 204      40: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe      pid: 204    810: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe      pid: 3552    40: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe      pid: 800      3C: C:]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe      pid: 800    764: C:]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1267773119-1761465820-909672678-1000\Software\SecuROM\License information*]
"datasecu"=hex:f7,88,d7,d8,74,15,6a,bf,f5,d4,67,59,bd,8a,0d,02,b9,10,60,48,e6,
  e3,12,f0,a7,74,4f,d9,09,f2,f6,90,2c,64,4b,3e,3c,d6,26,c4,d6,47,b1,1f,9f,99,\
"rkeysecu"=hex:bb,13,e1,a6,bd,77,b9,54,50,24,bf,5c,25,18,c8,d1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\users\Musa\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\SwiftKit\SwiftKit.exe
.
**************************************************************************
.
Completion time: 2011-01-27  14:34:52 - machine was rebooted
ComboFix-quarantined-files.txt  2011-01-27 13:34
ComboFix2.txt  2011-01-27 09:58
ComboFix3.txt  2011-01-26 13:31

Pre-Run: 133,398,687,744 bytes free
Post-Run: 133,332,926,464 bytes free

- - End Of File - - D8A8EE9045FDDFCF09AC9CEAE0C3D0CB

Hent og gem denne fil på skrivebordet  http://jpshortstuff.247fixes.com/SystemLook_x64.exe

Dobbeltklik på SystemLook_x64.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components /sub
HKEY_CURRENT_USER\Software\Elvy666



Klik på knappen Look. Programmet vil nu lede på din computer.

Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes på dit Skrivebord med navnet: SystemLook.txt.


Læg også lige en ny log fra HijackThis herind.

PS: Den infektion kan blive vanskeligt at komme til livs, har du mulighed for at lægge de logfiler på en USB nøgle og kopier dem herind fra en anden pc, for at rense den pc må den ikke ha´ netforbindelse medens vi forsøger at rense den.

Hvis du har den mulighed vil jeg lægge links ind til de programmer vi skal  bruge, når du så har hentet dem hjem på den pc skal du deaktiver netforbindelsen.

Men kom lige med logfiler fra SystemLook_x64.exe og HijackThis i første omgang.

SystemLook 04.09.10 by jpshortstuff
Log created at 21:50 on 27/01/2011 by Musa
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
@="Microsoft Windows Media Player"
"Version"="12,0,7600,16667"
"IsInstalled"= 0x0000000000 (0)
"ComponentID"="WMPACCESS"
"LocalizedName"="@%SystemRoot%\system32\wmploc.dll,-128"
"StubPath"="%SystemRoot%\system32\unregmp2.exe /ShowWMP"
"DontAsk"= 0x0000000002 (2)
"Locale"="*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"Version"="8,0,7600,17136"
"IsInstalled"= 0x0000000001 (1)
"ComponentID"="IEACCESS"
"LocalizedName"="@C:\Windows\System32\ie4uinit.exe,-21"
"StubPath"="C:\Windows\System32\ie4uinit.exe -UserIconConfig"
"Dontask"= 0x0000000002 (2)
"Locale"="*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"IsInstalled"= 0x0000000001 (1)
"Version"="8,0,7100,0"
"ComponentiD"="BRANDING.CAB"
"LocalizedName"="@C:\Windows\System32\iedkcs32.dll,-3052"
"StubPath"=""C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP"
"Locale"="*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"IsInstalled"= 0x0000000001 (1)
"KeyFileName"="C:\Program Files\Java\jre6\bin\regutils.dll"
"Version"="5,0,5000,0"
"Locale"="EN"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
@="Microsoft Windows Media Player 12.0"
"IsInstalled"= 0x0000000001 (1)
"Version"="12,0,7600,16667"
"DontAsk"= 0x0000000002 (2)
"Locale"="EN"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"LocalizedName"="@%SystemRoot%\system32\themeui.dll,-2682"
"ComponentID"="Theme Component"
"IsInstalled"= 0x0000000001 (1)
"Locale"="EN"
"StubPath"="%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll"
"Version"="1,1,1,9"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Offline Browsing Pack"
"IsInstalled"= 0x0000000001 (1)
"Version"="8,0,7600,16385"
"ComponentID"="MobilePk"
"Locale"="*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"IsInstalled"= 0x0000000001 (1)
"Dontask"= 0x0000000002 (2)
"Locale"="*"
"ComponentID"="MailNews"
"CloneUser"= 0x0000000001 (1)
"StubPath"=""%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE"
"Version"="6,1,7600,16385"
@="Microsoft Windows"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
"IsInstalled"= 0x0000000001 (1)
"Locale"="*"
"Version"="4,71,1113,0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"IsInstalled"= 0x0000000001 (1)
"Version"="8,0,7600,16385"
"ComponentID"="HelpCont"
"Locale"="*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
"IsInstalled"= 0x0000000001 (1)
"Locale"="EN"
"Version"="5,6,0,8833"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"IsInstalled"= 0x0000000001 (1)
"Version"="8,0,7600,16385"
"ComponentID"="GenSetup"
"Locale"="*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"KeyFileName"="%SystemRoot%\system32\msieftp.dll"
@="Browsing Enhancements"
"IsInstalled"= 0x0000000001 (1)
"Version"="8,0,7600,16385"
"ComponentID"="ExtraPack"
"Locale"="*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
@="Microsoft Windows Media Player"
"IsInstalled"= 0x0000000001 (1)
"Version"="12,0,7600,16667"
"ComponentID"="Microsoft Windows Media Player"
"LocalizedName"="@%SystemRoot%\system32\wmploc.dll,-128"
"StubPath"="%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI"
"DontAsk"= 0x0000000002 (2)
"Locale"="EN"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"IsInstalled"= 0x0000000001 (1)
"Version"="4,9,9,2"
"ComponentID"="MSN_Auth"
"Locale"="*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Address Book 7"
"Version"="6,1,7600,16684"
"IsInstalled"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"LocalizedName"="@%SystemRoot%\system32\shell32.dll,-32969"
"ComponentID"="IE4_SHELLID"
"IsInstalled"= 0x0000000001 (1)
"Locale"="en"
"StubPath"="regsvr32.exe /s /n /i:U shell32.dll"
"Version"="6,1,7600,16644"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Web Platform Customizations"
"IsInstalled"= 0x0000000001 (1)
"Version"="8,0,7600,17136"
"ComponentID"="BASEIE40_W2K"
"LocalizedName"="@C:\Windows\System32\ie4uinit.exe,-2000"
"StubPath"="C:\Windows\System32\ie4uinit.exe -BaseSettings"
"Locale"="en"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"IsInstalled"= 0x0000000001 (1)
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install"
"DontAsk"= 0x0000000002 (2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"IsInstalled"= 0x0000000001 (1)
"Version"="8,0,7600,16385"
"ComponentID"="Tridata"
"Locale"="*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"IsInstalled"= 0x0000000001 (1)
"Version"="8,0,7600,17136"
"ComponentID"="Fontcore"
"Locale"="*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"IsInstalled"= 0x0000000001 (1)
"Version"="6,1,7600,16385"
"ComponentID"="HTMLHelp"
"Locale"="*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
"IsInstalled"= 0x0000000001 (1)
"Locale"="EN"
"Version"="5,0,00,0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]
"Locale"=""
"Version"="4,0,30319,0"
"ComponentID"=".NETFramework"
@=".NET Framework"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FEBEF00C-046D-438D-8A88-BF94A6C9E703}]
"Locale"=""
"Version"="2,0,50727,0"
@=".NET Framework"
"ComponentID"=".NETFramework"


[HKEY_CURRENT_USER\Software\Elvy666]
(Unable to open key - key not found)

-= EOF =-


og

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:50 PM, on 27/01/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Users\Musa\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\SwiftKit\SwiftKit-RS.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Users\Musa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe
O4 - Startup: exploreroptions.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Vis eller skjul HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9991 bytes

Udfør dette i denne rækkefølge, du henter først alle programmer hjem, derefter deaktiver du din netforbindelse inden du kører programmerne og aktiver ikke din netforbindelse inden jeg siger til.

Opdater din Malwarebytes, kør en fuld scan (husk ingen netforbindelse) og lad den slette hvad den finder.

>>

Hent og installer Ccleaner:
http://www.filehippo.com/download_ccleaner/


Klik på Download Latest Version

Fjern flueben ved - Installer Yahoo toolbar

Når du åbner programmet for første gang, vil der være flueben i alle felter.

Hvis du ønsker at bevare cookies, kan du fjerne dette flueben.

Klik på Kør Cleaner, for at få renset din computer.

Du vil nu få en advarsel, om at disse filer slettes fuldstændigt fra dit system, og om du ønsker at fortsætte. Klik på Ok for at svare ja til det. Sæt flueben ved ->  Vis mig ikke denne besked igen.

Jeg skal ikke se nogen log fra Ccleaner.

>>


Download  OTL fra dette link, gem den på skrivebordet.
http://oldtimer.geekstogo.com/OTL.com

Kør OTL > Kopier teksten med fed skrift ind under "Custom Scans/Fixes" og klik på "Run Fix".


:OTL

:Files
c:\directory
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[ClearAllRestorePoints]
[EMPTYFLASH]
[Reboot]


Efter genstart åbnes en logfil, gem den på en USB nøgle, kopier den tekst herind i denne tråd fra en anden pc.


>>

Download  filen Tdsskiller.zip fra dette link, pak den ud i en  mappe.

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Kør TDSSKiller.exe > Klik på Start Scan


Hvis en infekted fil bliver fundet, vil "Default action" være Cure, klik på Continue

Hvis en mistænkelig fil opdages, vil "Default action" være Skip, klik på Continue


Hvis den skriver "Reboot the computer to complete the process". Klik på Reboot Now.

Hvis den ikke spørger om "Reboot" (genstart) så klik på "Report", kopier den tekst herind i tråden.

Hvis den genstarter kan du find logfilen her >

C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt.

Gem den på din USB pen, kopier den tekst herind I denne tråd.


>>

Kør Hijackthis, på menuen der kommer op, klikker du på: Do a system scan only.
Scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\directory\Cgate\install\server.exe

>>

Dobbeltklik på OTL.exe ->
Nede til højre, sætter du fluben ved, "LOP Check" og "Purity Check".
Klik på "Run Scan". Din computer vil nu blive scannet og efter et stykke tid vil en log åbne sig.

Det er filen OTL.txt du skal gemme på din USB pen, kopier den herind.
Da loggen er forholdsvis lang, kan du være nødt til at sende den i flere indlæg.

>>

Det er vigtigt at den pc ikke har netforbindelse medens du kører de programmer.
Kør dem i den rækkefølge de er lagt ind.
Kan du ikke printe dette indlæg ud så du har det ved hånden når du afbryder netforbindelsen.
Hvis du ikke har mulighed for at gemme de logfiler på en USB pen, så må du gemme dem på den syge pc.

Når du så har kørt alle programmer igennem så gå på  nettet og kopier de logfiler herind.

PS: Har du ikke oprettet en backup af den pc, det kan være det hurtigste og nemmeste at kopier vigtige data over på et ekstern medie og geninstaller Windows.

Min pc så meget inficeret ud
Så jeg valgte at slette at formatere og installere Win 7 igen

Det er helt ok, det var også en grim fætter du havde fået på besøg.
Efter som jeg lige kan se er den kommet sammen med det musik du har download.

Så tillykke med en ren pc.

PS: Du skal ikke tænke på point til mig.

Jeg har fået et andet problem
tror jeg:

http://img152.imageshack.us/img152/5418/sdsdzj.png

Er det normalt
det så ik sårn ud før .. jeg formaterede

Det ser normal ud det der.

Godt det ikke ser ud som før du formaterede, der var der nogle processer fra den infektion.

Vil gerne sige tusind tak :)
så vil jeg gerne give point .
Og så må der gerne lukkes :) !

Velbekomme, du er velkommen igen hvis du får problemer.