CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede quack Nybegynder
23. juli 2012 - 17:28 Der er 16 kommentarer og
1 løsning

Trojaner - Dropper.Generic_c.MMI

Windows 7 Home Premium
Systemtype: 64-bit operativsystem

Jeg har - ligesom flere andre - problemer med den trojanske hest, der angriber c:\Windows\System32\services.exe

Nogen, der kan hjælpe? Tal gerne til mig, som om jeg er seks år gammel - jeg er lidt ude på dybt vand, når det handler om at rode med systemfiler og logs.

Jeg har kørt OTL med følgende i boksen "Custom Scans/Fixes":

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /rp /s
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Med følgende resultat (OTL genererede ingen "Extras"-log):

OTL logfile created on: 7/23/2012 2:39:04 PM - Run 3
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\RasmusJette\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

8.00 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 73.00% Memory free
16.00 Gb Paging File | 13.84 Gb Available in Paging File | 86.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.54 Gb Total Space | 636.20 Gb Free Space | 45.95% Space Free | Partition Type: NTFS
Drive D: | 12.63 Gb Total Space | 1.54 Gb Free Space | 12.17% Space Free | Partition Type: NTFS

Computer Name: RASMUSJETTE-HP | User Name: RasmusJette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/23 11:20:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\RasmusJette\Desktop\OTL.exe
PRC - [2012/07/14 16:12:10 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/26 09:00:48 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/03/14 05:49:48 | 014,057,569 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
PRC - [2012/03/14 05:48:58 | 003,051,619 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/11/29 21:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/11/29 21:58:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/05/12 17:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/05/12 17:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/01/25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/01/25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/01/17 03:12:38 | 000,241,664 | ---- | M] (Yurion, Inc.) -- C:\Program Files (x86)\iriver\iriver plus 2\iAgent2.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/23 13:26:55 | 000,184,414 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\bd5179a413bc0c4b82eedc22c6cab101\re.dll
MOD - [2012/07/23 13:26:55 | 000,053,340 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
MOD - [2012/07/23 13:26:55 | 000,024,701 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\93e7e3d6030f426844228042348210cf\Service.dll
MOD - [2012/07/23 13:26:54 | 000,094,334 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\eb138ef0e4282611dbf485a302784646\LibYAML.dll
MOD - [2012/07/23 13:26:54 | 000,082,033 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
MOD - [2012/07/23 13:26:54 | 000,061,540 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\e56c61f7248672819579325af3387035\POSIX.dll
MOD - [2012/07/23 13:26:54 | 000,024,676 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
MOD - [2012/07/23 13:26:53 | 000,118,918 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
MOD - [2012/07/23 13:26:53 | 000,082,048 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
MOD - [2012/07/23 13:26:53 | 000,036,964 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\f233f63b6654362865c7577442edb9e3\Win32.dll
MOD - [2012/07/23 13:26:53 | 000,020,590 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
MOD - [2012/07/23 13:26:53 | 000,020,576 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
MOD - [2012/07/23 13:26:52 | 000,028,779 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
MOD - [2012/07/23 13:26:52 | 000,024,701 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
MOD - [2012/07/23 13:26:52 | 000,020,601 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\4461f48e31bde5c56b31b973b773de09\List.dll
MOD - [2012/07/23 13:26:51 | 000,032,878 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
MOD - [2012/07/23 13:26:51 | 000,028,774 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
MOD - [2012/07/23 13:26:51 | 000,024,679 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3552\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
MOD - [2012/06/13 17:20:01 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 17:19:44 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/12 23:11:02 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/12 23:10:52 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/12 23:10:50 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/12 23:10:44 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/12 23:10:43 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/10 17:27:19 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012/05/10 17:26:14 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65f0d70169a0e73b45307dddbd86f92b\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 17:26:08 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/10 17:24:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/10 16:55:28 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 16:55:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 16:55:14 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/10 16:54:31 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 16:54:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 16:54:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 16:54:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 16:53:52 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/09 23:33:46 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 23:31:10 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/09 23:31:08 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/09 23:31:05 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/09 23:31:00 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/02/04 13:53:45 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/01/08 10:45:15 | 000,115,137 | ---- | M] () -- C:\Users\RasmusJette\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
MOD - [2011/11/29 21:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/11 01:25:48 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/01/11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/20 14:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/11/13 04:03:52 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 15:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 15:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 15:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/16 15:18:38 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/03/10 16:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/07/14 16:12:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 18:45:41 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/14 05:49:48 | 014,057,569 | ---- | M] () [Auto | Running] -- C:/PROGRA~2/SQUEEZ~1/server/SqueezeSvr.exe -- (squeezesvc)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/16 15:16:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 14:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/16 00:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/10/27 03:25:54 | 000,095,928 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/16 16:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/03/10 18:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/10 16:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/10 15:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/04 16:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/28 07:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/19 23:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/08 02:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/08 02:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/5
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/5
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {76398524-47C8-490F-9927-3D7DFE50A95E}
IE:64bit: - HKLM\..\SearchScopes\{76398524-47C8-490F-9927-3D7DFE50A95E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/5
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/5
IE - HKLM\..\SearchScopes,DefaultScope = {76398524-47C8-490F-9927-3D7DFE50A95E}
IE - HKLM\..\SearchScopes\{76398524-47C8-490F-9927-3D7DFE50A95E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/5
IE - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
IE - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..\SearchScopes,DefaultScope = {76398524-47C8-490F-9927-3D7DFE50A95E}
IE - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..\SearchScopes\{76398524-47C8-490F-9927-3D7DFE50A95E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@verimatrix.com/ViewRightWeb: C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\RasmusJette\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\RasmusJette\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\RasmusJette\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@verimatrix.com/ViewRightWeb: C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/02/19 23:29:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/02/19 23:29:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/17 14:27:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/04 13:17:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/05 10:13:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/05 10:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RasmusJette\AppData\Roaming\mozilla\Extensions
[2012/07/05 10:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/15 00:39:13 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
[2012/06/15 00:39:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/15 00:39:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml

========== Chrome  ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\RasmusJette\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\RasmusJette\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\RasmusJette\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\RasmusJette\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\RasmusJette\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-s\u00F8gning = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: AVG Safe Search = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: AVG Do Not Track = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/10/16 15:49:36 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    activate.adobe.com
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000..\Run: [iPlusAgent2] C:\Program Files (x86)\iriver\iriver plus 2\iAgent2.exe (Yurion, Inc.)
O4 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: danid.dk ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..Trusted Domains: citrix.rn.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..Trusted Domains: e-boks.dk ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..Trusted Domains: hotmail.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..Trusted Domains: nemadgang.dk ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..Trusted Domains: nordea.dk ([www.netbank] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.10.10.4 212.10.10.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB403A5F-8F24-4E3B-9F14-2D8683566D0D}: DhcpNameServer = 212.10.10.4 212.10.10.5
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dbcdb2a1-6e62-11e0-a484-78e7d1cee812}\Shell - "" = AutoRun
O33 - MountPoints2\{dbcdb2a1-6e62-11e0-a484-78e7d1cee812}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/23 13:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/23 13:47:23 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\Desktop\Andreas' spil
[2012/07/23 13:17:38 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\AppData\Roaming\Malwarebytes
[2012/07/23 13:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/23 13:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/23 13:17:30 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/23 13:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/23 13:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/23 13:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/23 11:19:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\RasmusJette\Desktop\OTL.exe
[2012/07/18 14:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verimatrix
[2012/07/18 14:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Verimatrix
[2012/07/17 14:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/05 15:52:06 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\Documents\Isopskrifter
[2012/07/05 10:13:27 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\AppData\Roaming\Mozilla
[2012/07/05 10:13:27 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\AppData\Local\Mozilla
[2012/07/05 10:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/05 10:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/05 10:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/05 09:59:05 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/05 09:58:14 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\AppData\Local\Apps
[2012/07/05 09:58:13 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\AppData\Local\Deployment
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/23 14:24:21 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 14:24:21 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 14:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/23 14:08:01 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-256015621-3915457894-2407896354-1000UA.job
[2012/07/23 13:25:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/23 13:25:33 | 2146,918,399 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/23 13:17:31 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 13:09:16 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/23 12:42:33 | 003,605,974 | ---- | M] () -- C:\Users\RasmusJette\Desktop\Jeans 2.JPG
[2012/07/23 12:42:07 | 003,321,296 | ---- | M] () -- C:\Users\RasmusJette\Desktop\Jeans 1.JPG
[2012/07/23 11:20:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\RasmusJette\Desktop\OTL.exe
[2012/07/22 21:08:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-256015621-3915457894-2407896354-1000Core.job
[2012/07/22 17:49:07 | 101,968,570 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/21 08:33:24 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRasmusJette.job
[2012/07/18 20:46:08 | 000,001,104 | ---- | M] () -- C:\Users\RasmusJette\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2012/07/18 20:46:08 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/07/17 14:27:19 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/15 17:07:54 | 001,006,828 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/15 10:26:10 | 002,998,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/05 10:13:24 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/04 13:10:15 | 001,233,342 | ---- | M] () -- C:\Users\RasmusJette\Desktop\krølletMG_3.jpg
[2012/07/04 13:09:55 | 001,158,047 | ---- | M] () -- C:\Users\RasmusJette\Desktop\krølletMG_2.jpg
[2012/07/04 13:09:10 | 001,199,187 | ---- | M] () -- C:\Users\RasmusJette\Desktop\krølletMG_1.jpg
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/23 13:39:30 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\00000008.@
[2012/07/23 13:17:31 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 13:09:16 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/23 12:42:33 | 003,605,974 | ---- | C] () -- C:\Users\RasmusJette\Desktop\Jeans 2.JPG
[2012/07/23 12:42:07 | 003,321,296 | ---- | C] () -- C:\Users\RasmusJette\Desktop\Jeans 1.JPG
[2012/07/22 22:49:31 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\80000032.@
[2012/07/22 22:49:31 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\80000064.@
[2012/07/22 22:49:31 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\L\00000004.@
[2012/07/22 22:49:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\80000000.@
[2012/07/22 22:49:29 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\00000004.@
[2012/07/22 22:49:29 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\000000cb.@
[2012/07/05 10:13:24 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/05 10:13:23 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/05 09:58:41 | 000,000,966 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-256015621-3915457894-2407896354-1000UA.job
[2012/07/05 09:58:41 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-256015621-3915457894-2407896354-1000Core.job
[2012/07/04 13:10:15 | 001,233,342 | ---- | C] () -- C:\Users\RasmusJette\Desktop\krølletMG_3.jpg
[2012/07/04 13:09:55 | 001,158,047 | ---- | C] () -- C:\Users\RasmusJette\Desktop\krølletMG_2.jpg
[2012/07/04 13:09:10 | 001,199,187 | ---- | C] () -- C:\Users\RasmusJette\Desktop\krølletMG_1.jpg
[2012/03/11 12:33:38 | 000,004,608 | ---- | C] () -- C:\Users\RasmusJette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/26 12:36:51 | 000,000,082 | ---- | C] () -- C:\Windows\CykelInstall.ini
[2012/01/11 11:57:40 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\@
[2012/01/11 11:57:40 | 000,002,048 | -HS- | C] () -- C:\Users\RasmusJette\AppData\Local\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\@
[2012/01/07 10:34:06 | 000,000,254 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/09/01 18:34:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\log.sflog
[2011/07/15 13:07:33 | 000,001,854 | ---- | C] () -- C:\Users\RasmusJette\AppData\Roaming\GhostObjGAFix.xml
[2011/07/03 17:18:34 | 000,000,197 | ---- | C] () -- C:\Windows\compedia.ini
[2011/06/19 17:20:55 | 000,000,084 | ---- | C] () -- C:\Windows\KAInstall.ini
[2011/02/21 23:28:06 | 000,001,189 | ---- | C] () -- C:\Users\RasmusJette\AppData\Roaming\vso_ts_preview.xml
[2011/02/16 20:37:23 | 000,003,082 | ---- | C] () -- C:\Windows\SysWow64\affv9553p4now.sys
[2011/02/13 21:01:11 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/13 21:01:11 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/13 17:37:10 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/11/12 19:23:15 | 000,000,000 | ---- | C] () -- C:\Users\RasmusJette\temp.dat
[2010/11/01 18:42:13 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/11/01 18:42:13 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2010/10/31 00:45:34 | 000,000,099 | ---- | C] () -- C:\Users\RasmusJette\jagex_runescape_preferences2.dat
[2010/10/31 00:41:25 | 000,000,046 | ---- | C] () -- C:\Users\RasmusJette\jagex_runescape_preferences.dat
[2010/10/13 23:20:28 | 000,017,927 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/10/13 23:20:27 | 006,931,688 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/10/13 00:11:33 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/12 23:09:15 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/08/11 03:05:36 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/08/11 02:25:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/11 02:22:47 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/09/01 23:45:40 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Alawar Stargaze
[2011/11/27 01:15:48 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Artifex Mundi
[2010/12/11 20:12:09 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\AVG
[2011/10/25 22:24:29 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\AVG2012
[2012/01/04 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Awem
[2011/07/13 14:08:33 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Boolat Games
[2011/10/26 22:59:38 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Casual Box
[2011/12/12 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\casualArts
[2011/07/17 23:57:34 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\CattaleGames
[2010/11/12 19:49:06 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Cryptomathic
[2011/10/20 11:48:23 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\DailyMagic
[2010/10/26 00:00:07 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\dBpoweramp
[2011/12/22 00:17:31 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Deep Shadows
[2011/12/13 23:44:59 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\GameInvest
[2011/02/21 23:12:19 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\GetRightToGo
[2011/12/28 23:53:48 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\HitPoint Studios
[2011/12/03 00:50:26 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Hive Cluster
[2010/10/18 17:26:15 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\ICAClient
[2011/12/05 00:16:34 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\PlayFavoriteGames
[2011/12/05 00:08:12 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Rovio
[2011/12/28 23:53:12 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Samsung
[2010/10/30 00:10:24 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Scholastic
[2011/11/03 01:03:24 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\SpinTop Games
[2012/05/04 22:37:39 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Spotify
[2012/05/04 22:43:20 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\uTorrent
[2011/07/19 22:41:55 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\VampireSagaHL
[2012/01/07 00:10:21 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Vso
[2010/10/18 23:56:42 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppD
Avatar billede quack Nybegynder
23. juli 2012 - 17:49 #1
Og her er resten:

========== LOP Check ==========

[2011/09/01 23:45:40 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Alawar Stargaze
[2011/11/27 01:15:48 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Artifex Mundi
[2010/12/11 20:12:09 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\AVG
[2011/10/25 22:24:29 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\AVG2012
[2012/01/04 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Awem
[2011/07/13 14:08:33 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Boolat Games
[2011/10/26 22:59:38 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Casual Box
[2011/12/12 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\casualArts
[2011/07/17 23:57:34 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\CattaleGames
[2010/11/12 19:49:06 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Cryptomathic
[2011/10/20 11:48:23 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\DailyMagic
[2010/10/26 00:00:07 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\dBpoweramp
[2011/12/22 00:17:31 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Deep Shadows
[2011/12/13 23:44:59 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\GameInvest
[2011/02/21 23:12:19 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\GetRightToGo
[2011/12/28 23:53:48 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\HitPoint Studios
[2011/12/03 00:50:26 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Hive Cluster
[2010/10/18 17:26:15 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\ICAClient
[2011/12/05 00:16:34 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\PlayFavoriteGames
[2011/12/05 00:08:12 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Rovio
[2011/12/28 23:53:12 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Samsung
[2010/10/30 00:10:24 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Scholastic
[2011/11/03 01:03:24 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\SpinTop Games
[2012/05/04 22:37:39 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Spotify
[2012/05/04 22:43:20 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\uTorrent
[2011/07/19 22:41:55 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\VampireSagaHL
[2012/01/07 00:10:21 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Vso
[2010/10/18 23:56:42 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\WildTangent
[2010/10/14 21:55:38 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\WinBatch
[2010/10/13 00:11:32 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\_MDLogs
[2012/03/31 14:24:59 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/04/25 07:53:55 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE  >
[2010/08/11 03:15:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/08/11 03:15:25 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/08/11 03:12:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/08/11 03:12:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/08/11 03:12:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/08/11 03:15:25 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/08/11 03:12:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/08/11 03:15:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SERVICES  >
[2009/06/10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.AIP  >
[2008/09/18 03:07:48 | 000,118,784 | ---- | M] (Adobe Systems Incorporated) MD5=41EE0A80B951D675B9227F29651511E0 -- C:\Program Files (x86)\Adobe\Adobe Illustrator CS4\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.EXE  >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI  >
[2010/08/11 02:40:58 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=62DAC757CFBD330E4F2A2CF387F672EF -- C:\Windows\SysNative\da-DK\services.exe.mui
[2010/08/11 02:40:58 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=62DAC757CFBD330E4F2A2CF387F672EF -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_1fd5cd894ef1d409\services.exe.mui

< MD5 for: SERVICES.LNK  >
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF  >
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC  >
[2010/08/11 02:40:57 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\SysNative\da-DK\services.msc
[2010/08/11 02:41:00 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\SysWOW64\da-DK\services.msc
[2010/08/11 02:40:57 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_5a179d75255b6dfc\services.msc
[2010/08/11 02:41:00 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_fdf901f16cfdfcc6\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML  >
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.XML  >
[2011/03/02 10:44:46 | 000,000,762 | ---- | M] () MD5=EBDADB02384A0289B9DF7255EAB907D7 -- C:\Program Files (x86)\bilka_fotoservice4.7\Bilka fotoservice\Resources\services.xml

< MD5 for: SVCHOST.EXE  >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE  >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
Avatar billede sullep Nybegynder
24. juli 2012 - 17:04 #2
Du har et ZeroAccess/Sirefef Rootkits.


Du skal helst downloade fra en anden PC.

------
Download Farbar Recovery Scan Tool, gem den på en USB nøgle.
Til 32 bit.
http://download.bleepingcomputer.com/farbar/FRST.exe


Til 64 bit.
http://download.bleepingcomputer.com/farbar/FRST64.exe


Sæt USB nøglen i den inficerede PC.

Start PCen op med "Advanced Boot Options" (Tryk F8 flere gange under opstart)
Vælg "Repair Your Computer"
Vælg sprog.
Vælg Bruger konto.

Så skal du vælge Kommando Prompt.

Der skriver du notepad, og trykker <Enter>

Vælg Fil menu -> Åbn og vælg "Computer". Find drevbogstavet til din USB nøgle. Luk Notesblok.

Ved Kommando prompten skriver du e:\frst.exe (64 bit Windows e:\frst64)
Erstat e med det rigtige bogstav.

Når Farbar Recovery Scan Tool er startet, klikker du på Scan.
Den laver FRST.txt på USB nøglen. Kopier den herind i dit næste indlæg.
Avatar billede quack Nybegynder
24. juli 2012 - 19:28 #3
Hej Sullep

Tak fordi du gider hjælpe :-)

Her er FRST-loggen:

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 24-07-2012 19:18:36
Running from G:\
Windows 7 Home Premium  (X64) OS Language: Danish
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [568888 2010-01-18] ()
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1840720 2007-04-03] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED [3331944 2009-12-03] (Symantec Corporation)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-01-25] (EasyBits Software AS)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2010-07-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2012-03-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-03-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508624 2011-11-29] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\RasmusJette\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\RasmusJette\...\Run: [AdobeBridge]  [x]
HKU\RasmusJette\...\Run: [iPlusAgent2] "C:\Program Files (x86)\iriver\iriver plus 2\iAgent2.exe" [241664 2006-01-16] (Yurion, Inc.)
HKU\RasmusJette\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-10-20] (Valve Corporation)
HKU\RasmusJette\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [935312 2011-11-29] (Samsung)
HKU\RasmusJette\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2011-11-29] ()
HKU\RasmusJette\...\Run: [Google Update] "C:\Users\RasmusJette\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-04] (Google Inc.)
HKU\RasmusJette\...\Policies\system: [DisableLockWorkstation] 0
HKU\RasmusJette\...\Policies\system: [DisableChangePassword] 0
Tcpip\Parameters: [DhcpNameServer] 212.10.10.4 212.10.10.5
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech Media Server-ikon i systembakken.lnk
ShortcutTarget: Logitech Media Server-ikon i systembakken.lnk -> C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Logitech Inc.)

==================== Services (Whitelisted) ======

3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-14] (Adobe Systems Incorporated)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
2 squeezesvc; C:/PROGRA~2/SQUEEZ~1/server/SqueezeSvr.exe [x]

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-21] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-18] (AVG Technologies CZ, s.r.o.)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2010-04-16] (Citrix Systems, Inc.)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-24 19:18 - 2012-07-24 19:18 - 00000000 ____D C:\FRST
2012-07-24 01:33 - 2012-07-24 01:36 - 00000000 ____D C:\Users\RasmusJette\Desktop\Ting til salg
2012-07-23 04:46 - 2012-07-23 04:46 - 00158924 ____A C:\Users\RasmusJette\Desktop\OTL.Txt
2012-07-23 04:19 - 2012-07-23 04:19 - 00000367 ____A C:\Users\RasmusJette\Desktop\spørgsmål.txt
2012-07-23 03:53 - 2012-07-23 03:53 - 00000000 ____D C:\Program Files (x86)\ESET
2012-07-23 03:47 - 2012-07-23 03:50 - 00000000 ____D C:\Users\RasmusJette\Desktop\Andreas' spil
2012-07-23 03:17 - 2012-07-23 03:17 - 00001083 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 03:17 - 2012-07-23 03:17 - 00000000 ____D C:\Users\RasmusJette\AppData\Roaming\Malwarebytes
2012-07-23 03:17 - 2012-07-23 03:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-23 03:17 - 2012-07-23 03:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-23 03:17 - 2012-07-03 03:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-23 03:15 - 2012-07-23 03:15 - 10652120 ____A (Malwarebytes Corporation                                    ) C:\Users\RasmusJette\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-23 03:09 - 2012-07-23 03:09 - 00000836 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-23 03:09 - 2012-07-23 03:09 - 00000000 ____D C:\Program Files\CCleaner
2012-07-23 03:07 - 2012-07-23 03:07 - 03889704 ____A (Piriform Ltd) C:\Users\RasmusJette\Downloads\ccsetup320.exe
2012-07-23 01:19 - 2012-07-23 01:20 - 00596480 ____A (OldTimer Tools) C:\Users\RasmusJette\Desktop\OTL.exe
2012-07-18 10:45 - 2012-07-18 10:45 - 15267728 ____A (Google Inc.) C:\Users\RasmusJette\Downloads\picasa39-setup (2).exe
2012-07-18 10:44 - 2012-07-18 10:44 - 15267728 ____A (Google Inc.) C:\Users\RasmusJette\Downloads\picasa39-setup (1).exe
2012-07-18 04:52 - 2012-07-18 04:52 - 00000000 ____D C:\Users\All Users\Verimatrix
2012-07-18 04:52 - 2012-07-18 04:52 - 00000000 ____D C:\Program Files (x86)\Verimatrix
2012-07-14 13:51 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-14 13:48 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-14 13:48 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-14 13:48 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-14 13:48 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-14 13:48 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-14 13:48 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-14 13:48 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-14 13:48 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-14 13:48 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-14 13:48 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-14 13:48 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-14 13:48 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-14 13:48 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-14 13:48 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-14 13:48 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-14 13:48 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-14 13:48 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-14 13:48 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-14 13:48 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-14 13:48 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-14 13:48 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-14 13:48 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-14 13:48 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-14 13:48 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-14 13:48 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-14 13:48 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-14 13:48 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-14 13:48 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-14 05:41 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-14 05:41 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-14 05:41 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-14 05:41 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-14 05:41 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-14 05:41 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-14 05:41 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-14 05:41 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-14 05:40 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-14 05:40 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-14 05:40 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-14 05:40 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-14 05:40 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-14 05:40 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-14 05:40 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-14 05:40 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-14 05:40 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-14 05:40 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-14 05:40 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-05 05:52 - 2012-07-05 05:53 - 00000000 ____D C:\Users\RasmusJette\Documents\Isopskrifter
2012-07-05 00:13 - 2012-07-05 00:13 - 00001104 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-05 00:13 - 2012-07-05 00:13 - 00000000 ____D C:\Users\RasmusJette\AppData\Roaming\Mozilla
2012-07-05 00:13 - 2012-07-05 00:13 - 00000000 ____D C:\Users\RasmusJette\AppData\Local\Mozilla
2012-07-05 00:13 - 2012-07-05 00:13 - 00000000 ____D C:\Users\All Users\Mozilla
2012-07-05 00:13 - 2012-07-05 00:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-05 00:13 - 2012-07-05 00:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-07-04 23:58 - 2012-07-24 09:08 - 00000966 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-256015621-3915457894-2407896354-1000UA.job
2012-07-04 23:58 - 2012-07-23 11:08 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-256015621-3915457894-2407896354-1000Core.job
2012-07-04 23:58 - 2012-07-04 23:58 - 00000000 ____D C:\Users\RasmusJette\AppData\Local\Deployment
2012-07-04 23:58 - 2012-07-04 23:58 - 00000000 ____D C:\Users\RasmusJette\AppData\Local\Apps\2.0
2012-07-04 03:00 - 2012-07-04 03:00 - 01199187 ____A C:\Users\RasmusJette\Downloads\contentmediaexternalimagesmedia30

============ 3 Months Modified Files ========================

2012-07-24 09:12 - 2012-03-31 00:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-24 09:08 - 2012-07-04 23:58 - 00000966 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-256015621-3915457894-2407896354-1000UA.job
2012-07-23 23:59 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-23 23:59 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-23 23:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-23 23:51 - 2009-07-13 20:51 - 00088232 ____A C:\Windows\setupact.log
2012-07-23 23:50 - 2010-08-10 19:28 - 00243528 ____A C:\Windows\PFRO.log
2012-07-23 11:08 - 2012-07-04 23:58 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-256015621-3915457894-2407896354-1000Core.job
2012-07-23 04:46 - 2012-07-23 04:46 - 00158924 ____A C:\Users\RasmusJette\Desktop\OTL.Txt
2012-07-23 04:19 - 2012-07-23 04:19 - 00000367 ____A C:\Users\RasmusJette\Desktop\spørgsmål.txt
2012-07-23 03:17 - 2012-07-23 03:17 - 00001083 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-23 03:15 - 2012-07-23 03:15 - 10652120 ____A (Malwarebytes Corporation                                    ) C:\Users\RasmusJette\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-23 03:09 - 2012-07-23 03:09 - 00000836 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-23 03:07 - 2012-07-23 03:07 - 03889704 ____A (Piriform Ltd) C:\Users\RasmusJette\Downloads\ccsetup320.exe
2012-07-23 01:20 - 2012-07-23 01:19 - 00596480 ____A (OldTimer Tools) C:\Users\RasmusJette\Desktop\OTL.exe
2012-07-22 12:49 - 2010-10-12 07:16 - 01492597 ____A C:\Windows\WindowsUpdate.log
2012-07-22 03:37 - 2010-10-13 13:09 - 00039936 ____A C:\Users\RasmusJette\Documents\Børnepenge.xls
2012-07-22 03:35 - 2011-02-13 07:56 - 00863738 ____A C:\Users\RasmusJette\danid.log
2012-07-20 22:33 - 2010-12-10 10:03 - 00000356 ____A C:\Windows\Tasks\HPCeeScheduleForRasmusJette.job
2012-07-18 10:46 - 2012-03-11 01:16 - 00001080 ____A C:\Users\Public\Desktop\Picasa 3.lnk
2012-07-18 10:45 - 2012-07-18 10:45 - 15267728 ____A (Google Inc.) C:\Users\RasmusJette\Downloads\picasa39-setup (2).exe
2012-07-18 10:44 - 2012-07-18 10:44 - 15267728 ____A (Google Inc.) C:\Users\RasmusJette\Downloads\picasa39-setup (1).exe
2012-07-17 04:27 - 2011-10-25 12:25 - 00000941 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-16 00:30 - 2011-02-13 07:56 - 01097490 ____A C:\Users\RasmusJette\danid.log.1
2012-07-15 00:26 - 2009-07-13 20:45 - 02998640 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-14 13:49 - 2010-10-12 08:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-14 13:48 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini
2012-07-14 06:12 - 2012-03-31 00:07 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-14 06:12 - 2011-06-07 06:24 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-05 00:13 - 2012-07-05 00:13 - 00001104 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-04 03:00 - 2012-07-04 03:00 - 01199187 ____A C:\Users\RasmusJette\Downloads\contentmediaexternalimagesmedia30
2012-07-03 03:46 - 2012-07-23 03:17 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-20 06:54 - 2012-06-20 06:54 - 00002008 ____A C:\Users\Public\Desktop\Resonance.lnk
2012-06-16 09:47 - 2012-06-16 09:47 - 00001988 ____A C:\Users\Public\Desktop\Fallout.lnk
2012-06-12 13:09 - 2010-08-10 16:42 - 00642852 ____A C:\Windows\System32\perfh006.dat
2012-06-12 13:09 - 2010-08-10 16:42 - 00117854 ____A C:\Windows\System32\perfc006.dat
2012-06-12 13:09 - 2009-07-13 21:13 - 01496914 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-11 19:08 - 2012-07-14 13:51 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-14 05:41 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-14 05:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 23:19 - 2010-11-01 08:42 - 00000432 ____A C:\Windows\BRWMARK.INI
2012-06-05 22:06 - 2012-07-14 05:41 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-14 05:41 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-14 05:40 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-14 05:41 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-14 05:41 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-14 05:40 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 08:53 - 2012-06-04 08:53 - 00002377 ____A C:\Users\RasmusJette\Desktop\Bibzoom.lnk
2012-06-02 14:19 - 2012-06-22 12:06 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 12:06 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 12:06 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 12:06 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 12:06 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 12:06 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 12:06 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 05:19 - 2012-06-22 12:05 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-22 12:05 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-14 13:48 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-14 13:48 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-14 13:48 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-14 13:48 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-14 13:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-14 13:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-14 13:48 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-14 13:48 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-14 13:48 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-14 13:48 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-14 13:48 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-14 13:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-14 13:48 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-14 13:48 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-14 13:48 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-14 13:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-14 13:48 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-14 13:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-14 13:48 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-14 13:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-14 13:48 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-14 13:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-14 13:48 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-14 13:48 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-14 13:48 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-14 13:48 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-14 13:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-14 13:48 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-14 05:40 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-14 05:40 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-14 05:40 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-14 05:40 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-14 05:40 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-14 05:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-14 05:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-14 05:40 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-14 05:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-24 13:18 - 2012-05-24 13:18 - 04472832 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-05-04 03:06 - 2012-06-12 12:36 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 12:36 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 12:36 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-12 12:36 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 12:35 - 2012-04-28 12:35 - 00991232 ____A C:\Users\RasmusJette\Documents\Emma.indd
2012-04-27 19:55 - 2012-06-12 12:36 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys


ZeroAccess:
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\@
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\L
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\L\00000004.@
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\00000004.@
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\00000008.@
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\000000cb.@
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\80000000.@
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\80000032.@
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\80000064.@

ZeroAccess:
C:\Users\RasmusJette\AppData\Local\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}
C:\Users\RasmusJette\AppData\Local\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\@
C:\Users\RasmusJette\AppData\Local\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\L
C:\Users\RasmusJette\AppData\Local\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 8191.29 MB
Available physical RAM: 7137.03 MB
Total Pagefile: 8189.43 MB
Available Pagefile: 7122.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (RasmusJette-PC) (Fixed) (Total:1384.54 GB) (Free:635.1 GB) NTFS
2 Drive e: (HP_RECOVERY) (Fixed) (Total:12.63 GB) (Free:1.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.27 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status        Str.    Ledig    Dyn  GPT
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online        1397 GB      0 B       
  Disk 1    Online        7639 MB      0 B       
  Disk 2    Intet medie        0 B      0 B       
  Disk 3    Intet medie        0 B      0 B       
  Disk 4    Intet medie        0 B      0 B       
  Disk 5    Intet medie        0 B      0 B       

Partitions of Disk 0:
===============

  Partition ###  Type              Str.    Forskydning
  -------------  ----------------  -------  -----------
  Partition 1    Prim‘r            100 MB  1024 KB   
  Partition 2    Prim‘r            1384 GB  101 MB   
  Partition 3    Prim‘r              12 GB  1384 GB   

==================================================================================

Disk: 0
Partition 1
Type  : 07
Skjult: Nej
Aktiv : Ja
Forskydning i byte: 1048576

  Diskenhed  Bogs. Navn        Fs    Type        Str.    Status    Oplysn.
  ---------  ----  ----------  -----  ----------  -------  ---------  --------
* Diskenhed 1    Y  SYSTEM      NTFS  Partition    100 MB  I orden           

==================================================================================

Disk: 0
Partition 2
Type  : 07
Skjult: Nej
Aktiv : Nej
Forskydning i byte: 105906176

  Diskenhed  Bogs. Navn        Fs    Type        Str.    Status    Oplysn.
  ---------  ----  ----------  -----  ----------  -------  ---------  --------
* Diskenhed 2    C  RasmusJette  NTFS  Partition  1384 GB  I orden           

==================================================================================

Disk: 0
Partition 3
Type  : 07
Skjult: Nej
Aktiv : Nej
Forskydning i byte: 1486743404544

  Diskenhed  Bogs. Navn        Fs    Type        Str.    Status    Oplysn.
  ---------  ----  ----------  -----  ----------  -------  ---------  --------
* Diskenhed 3    E  HP_RECOVERY  NTFS  Partition    12 GB  I orden           

==================================================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Str.    Forskydning
  -------------  ----------------  -------  -----------
  Partition 1    Prim‘r            7638 MB    31 KB   

==================================================================================

Disk: 1
Partition 1
Type  : 0B
Skjult: Nej
Aktiv : Ja
Forskydning i byte: 32256

  Diskenhed  Bogs. Navn        Fs    Type        Str.    Status    Oplysn.
  ---------  ----  ----------  -----  ----------  -------  ---------  --------
* Diskenhed 4    G  KINGSTON    FAT32  Flytbar    7638 MB  I orden           

==================================================================================

==========================================================

Last Boot: 2012-07-18 03:17

======================= End Of Log ==========================
Avatar billede sullep Nybegynder
25. juli 2012 - 10:04 #4
Klik med højre-musetast på skrivebordet, vælg "Nyt tekstdokument", den skal du gi´ navnet fixlist.txt

Kopier alt herunder med fed skrift ind i fixlist.txt og kopier så fixlist.txt ind på din USB nøgle (samme sted som FRST64 ligger.
Du SKAL ha´ linjerne Start og end med


start
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\@
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\L
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\L\00000004.@
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\00000004.@
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\00000008.@
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\000000cb.@
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\80000000.@
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\80000032.@
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\80000064.@
C:\Users\RasmusJette\AppData\Local\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}
C:\Users\RasmusJette\AppData\Local\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\@
C:\Users\RasmusJette\AppData\Local\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\L
C:\Users\RasmusJette\AppData\Local\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe c:\windows\system32\services.exe
end



Start PCen op med Kommando prompt. (Som før)

Ved Kommando prompten starter du FRST64 (Farbar Recovery Scan Tool) og klikker på FIX (og venter til den er færdig)

Den laver Fixlog.txt på USB nøglen.
Kopier Fixlog.txt ind i dit næste indlæg
Avatar billede quack Nybegynder
25. juli 2012 - 10:23 #5
Den ser således ud:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-25 10:17:34 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248} moved successfully.
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\@ not found.
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\L not found.
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U not found.
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\L\00000004.@ not found.
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\00000004.@ not found.
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\00000008.@ not found.
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\000000cb.@ not found.
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\80000000.@ not found.
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\80000032.@ not found.
C:\Windows\Installer\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U\80000064.@ not found.
C:\Users\RasmusJette\AppData\Local\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248} moved successfully.
C:\Users\RasmusJette\AppData\Local\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\@ not found.
C:\Users\RasmusJette\AppData\Local\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\L not found.
C:\Users\RasmusJette\AppData\Local\{1b404ee8-58d3-28ea-bd3d-b2f84e3aa248}\U not found.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
c:\windows\system32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to c:\windows\system32\services.exe

==== End of Fixlog ====
Avatar billede sullep Nybegynder
25. juli 2012 - 10:46 #6
Hent combofix og gem den på skrivebordet.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Vigtigt-> Deaktiver dit antivirus/antispyware program. Da det/de kan "forstyrre" og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse. 

Kør så combofix.exe, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Den kan også findes her - > C:\ combofix txt

Får du noget der ligner denne fejl.
Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning
Så genstart, en gang mere, det burde løse det.

Vær tålmodig, der kan gå op til 30 min inden logfilen åbner.

>>

Opdater og kør en scan med Malwarebytes, lad den fjerne hvad den finder, kopier logfilen herind.
Avatar billede quack Nybegynder
25. juli 2012 - 12:21 #7
COMBOFIX

ComboFix 12-07-25.04 - RasmusJette 25-07-2012  11:52:17.1.6 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.45.1030.18.8191.6196 [GMT 2:00]
Kører fra: c:\users\RasmusJette\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Dannede nyt systemgendannelsespunkt
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\RASMUS~1\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\93e7e3d6030f426844228042348210cf\Service.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-3048\perl514.dll
c:\users\RasmusJette\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\4461f48e31bde5c56b31b973b773de09\List.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\93e7e3d6030f426844228042348210cf\Service.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\e56c61f7248672819579325af3387035\POSIX.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\users\RasmusJette\AppData\Local\Temp\pdk-RasmusJette-3048\perl514.dll
c:\users\RasmusJette\AppData\Roaming\vso_ts_preview.xml
c:\windows\SysWow64\muzapp.exe
c:\windows\TEMP\pdk-SYSTEM-2576\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
c:\windows\TEMP\pdk-SYSTEM-2576\17d0b152e63e6bfe81b4b19588538896\mro.dll
c:\windows\TEMP\pdk-SYSTEM-2576\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
c:\windows\TEMP\pdk-SYSTEM-2576\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
c:\windows\TEMP\pdk-SYSTEM-2576\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
c:\windows\TEMP\pdk-SYSTEM-2576\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
c:\windows\TEMP\pdk-SYSTEM-2576\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll
c:\windows\TEMP\pdk-SYSTEM-2576\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
c:\windows\TEMP\pdk-SYSTEM-2576\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
c:\windows\TEMP\pdk-SYSTEM-2576\3b7106dd14676048b10bbb09a990f74c\XS.dll
c:\windows\TEMP\pdk-SYSTEM-2576\4461f48e31bde5c56b31b973b773de09\List.dll
c:\windows\TEMP\pdk-SYSTEM-2576\44727051c604ef6b79894b64d4c63832\Expat.dll
c:\windows\TEMP\pdk-SYSTEM-2576\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
c:\windows\TEMP\pdk-SYSTEM-2576\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
c:\windows\TEMP\pdk-SYSTEM-2576\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
c:\windows\TEMP\pdk-SYSTEM-2576\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
c:\windows\TEMP\pdk-SYSTEM-2576\7f177c338672436e01c4f0bdbcf94491\EV.dll
c:\windows\TEMP\pdk-SYSTEM-2576\7f2598c08178217a0e2c754f3d568f28\Byte.dll
c:\windows\TEMP\pdk-SYSTEM-2576\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
c:\windows\TEMP\pdk-SYSTEM-2576\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
c:\windows\TEMP\pdk-SYSTEM-2576\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
c:\windows\TEMP\pdk-SYSTEM-2576\b6bd87c968599725b8ab2e5c25d3046a\API.dll
c:\windows\TEMP\pdk-SYSTEM-2576\b979ace6da01e63d651cce9ee2474fdc\Name.dll
c:\windows\TEMP\pdk-SYSTEM-2576\bc147d83c7c868eeee67082dcf55430c\File.dll
c:\windows\TEMP\pdk-SYSTEM-2576\bd5179a413bc0c4b82eedc22c6cab101\re.dll
c:\windows\TEMP\pdk-SYSTEM-2576\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
c:\windows\TEMP\pdk-SYSTEM-2576\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
c:\windows\TEMP\pdk-SYSTEM-2576\c344fd5536724b2af2e6453833b60203\SHA1.dll
c:\windows\TEMP\pdk-SYSTEM-2576\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
c:\windows\TEMP\pdk-SYSTEM-2576\c668a322917d32a5ea22894518aa9897\Base64.dll
c:\windows\TEMP\pdk-SYSTEM-2576\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
c:\windows\TEMP\pdk-SYSTEM-2576\d0bf009923f29116535c26d228271d6d\Scan.dll
c:\windows\TEMP\pdk-SYSTEM-2576\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
c:\windows\TEMP\pdk-SYSTEM-2576\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
c:\windows\TEMP\pdk-SYSTEM-2576\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
c:\windows\TEMP\pdk-SYSTEM-2576\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
c:\windows\TEMP\pdk-SYSTEM-2576\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
c:\windows\TEMP\pdk-SYSTEM-2576\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
c:\windows\TEMP\pdk-SYSTEM-2576\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
c:\windows\TEMP\pdk-SYSTEM-2576\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll
c:\windows\TEMP\pdk-SYSTEM-2576\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll
c:\windows\TEMP\pdk-SYSTEM-2576\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
c:\windows\TEMP\pdk-SYSTEM-2576\e56c61f7248672819579325af3387035\POSIX.dll
c:\windows\TEMP\pdk-SYSTEM-2576\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
c:\windows\TEMP\pdk-SYSTEM-2576\eb138ef0e4282611dbf485a302784646\LibYAML.dll
c:\windows\TEMP\pdk-SYSTEM-2576\f233f63b6654362865c7577442edb9e3\Win32.dll
c:\windows\TEMP\pdk-SYSTEM-2576\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
c:\windows\TEMP\pdk-SYSTEM-2576\perl514.dll
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-06-25 til 2012-07-25  )))))))))))))))))))))))))))))))))))
.
.
2012-07-25 03:18 . 2012-07-25 03:18    --------    d-----w-    C:\FRST
2012-07-23 11:53 . 2012-07-23 11:53    --------    d-----w-    c:\program files (x86)\ESET
2012-07-23 11:17 . 2012-07-23 11:17    --------    d-----w-    c:\users\RasmusJette\AppData\Roaming\Malwarebytes
2012-07-23 11:17 . 2012-07-23 11:17    --------    d-----w-    c:\programdata\Malwarebytes
2012-07-23 11:17 . 2012-07-23 11:17    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-23 11:17 . 2012-07-03 11:46    24904    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-07-23 11:09 . 2012-07-23 11:09    --------    d-----w-    c:\program files\CCleaner
2012-07-18 12:52 . 2012-07-18 12:52    --------    d-----w-    c:\program files (x86)\Verimatrix
2012-07-18 12:52 . 2012-07-18 12:52    --------    d-----w-    c:\programdata\Verimatrix
2012-07-14 21:51 . 2012-06-12 03:08    3148800    ----a-w-    c:\windows\system32\win32k.sys
2012-07-14 13:41 . 2012-06-06 06:06    2004480    ----a-w-    c:\windows\system32\msxml6.dll
2012-07-14 13:41 . 2012-06-06 06:06    1881600    ----a-w-    c:\windows\system32\msxml3.dll
2012-07-14 13:41 . 2012-06-06 05:05    1390080    ----a-w-    c:\windows\SysWow64\msxml6.dll
2012-07-14 13:41 . 2012-06-06 05:05    1236992    ----a-w-    c:\windows\SysWow64\msxml3.dll
2012-07-14 13:41 . 2010-06-26 03:55    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2012-07-14 13:41 . 2010-06-26 03:24    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2012-07-14 13:41 . 2012-06-09 05:43    14172672    ----a-w-    c:\windows\system32\shell32.dll
2012-07-05 08:13 . 2012-07-05 08:13    --------    d-----w-    c:\users\RasmusJette\AppData\Local\Mozilla
2012-07-05 08:13 . 2012-07-05 08:13    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2012-07-05 07:58 . 2012-07-05 07:58    --------    d-----w-    c:\users\RasmusJette\AppData\Local\Apps
2012-07-05 07:58 . 2012-07-05 07:58    --------    d-----w-    c:\users\RasmusJette\AppData\Local\Deployment
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 21:49 . 2010-10-12 16:35    59701280    ----a-w-    c:\windows\system32\MRT.exe
2012-07-14 14:12 . 2012-03-31 08:07    426184    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-14 14:12 . 2011-06-07 14:24    70344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 20:06    38424    ----a-w-    c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 20:06    2428952    ----a-w-    c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 20:06    44056    ----a-w-    c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 20:06    57880    ----a-w-    c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 20:06    701976    ----a-w-    c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 20:06    2622464    ----a-w-    c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 20:06    99840    ----a-w-    c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 20:05    186752    ----a-w-    c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 20:05    36864    ----a-w-    c:\windows\system32\wuapp.exe
2012-05-24 21:18 . 2012-05-24 21:18    4472832    ----a-w-    c:\windows\SysWow64\GPhotos.scr
2012-05-04 11:06 . 2012-06-12 20:36    5559664    ----a-w-    c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 20:36    3968368    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 20:36    3913072    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 20:36    209920    ----a-w-    c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 20:36    210944    ----a-w-    c:\windows\system32\drivers\rdpwd.sys
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
"iPlusAgent2"="c:\program files (x86)\iriver\iriver plus 2\iAgent2.exe" [2006-01-17 241664]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-10-20 1242448]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-11-29 935312]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-29 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-11 98304]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-01-25 61112]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-11-29 3508624]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Media Server-ikon i systembakken.lnk - c:\program files (x86)\Squeezebox\SqueezeTray.exe [2011-11-1 3051619]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ      autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 250056]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-10-27 95928]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-16 1038088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-15 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-12 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-10 202752]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-10 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-10 188928]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
--- Andre Services/Drivers i Hukommelsen ---
.
*NewlyCreated* - WS2IFSL
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 14:12]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-256015621-3915457894-2407896354-1000Core.job
- c:\users\RasmusJette\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 07:58]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-256015621-3915457894-2407896354-1000UA.job
- c:\users\RasmusJette\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 07:58]
.
2012-07-21 c:\windows\Tasks\HPCeeScheduleForRasmusJette.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2012-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.signon.stofanet.dk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: citrix.rn.dk
Trusted Zone: danid.dk
Trusted Zone: e-boks.dk\www
Trusted Zone: hotmail.com\www
Trusted Zone: nemadgang.dk\www
Trusted Zone: nordea.dk\www.netbank
Trusted Zone: danid.dk
TCP: DhcpNameServer = 212.10.10.4 212.10.10.5
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\RasmusJette\AppData\Roaming\Mozilla\Firefox\Profiles\x275q8ri.default\
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\squeezesvc]
"ImagePath"="C:/PROGRA~2/SQUEEZ~1/server/SqueezeSvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\squeezesvc]
"ImagePath"="C:/PROGRA~2/SQUEEZ~1/server/SqueezeSvr.exe"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre kørende processer ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\progra~2\SQUEEZ~1\server\SqueezeSvr.exe
.
**************************************************************************
.
Gennemført tid: 2012-07-25  12:09:39 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2012-07-25 10:09
.
Pre-Kørsel: 699.126.554.624 byte ledig
Post-Kørsel: 699.429.216.256 byte ledig
.
- - End Of File - - A72597357016EEBA9C09F6CC38C13442
Avatar billede quack Nybegynder
25. juli 2012 - 12:26 #8
Malwarebytes

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.23.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
RasmusJette :: RASMUSJETTE-HP [administrator]

25-07-2012 12:21:56
mbam-log-2012-07-25 (12-21-56).txt

Skanningstype: Hurtig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 196832
Tid gået: 4 minut(ter), 13 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 0
(Ingen skadelige objekter blev fundet)

(færdig)
Avatar billede sullep Nybegynder
25. juli 2012 - 13:58 #9
Kør OTL > Kopier teksten med fed skrift ind under "Custom Scans/Fixes" og klik på "Run Fix".


:OTL

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[ClearAllRestorePoints]
[EMPTYFLASH]
[Reboot]


Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd.

>>>

Download  filen Tdsskiller.zip fra dette link, pak den ud i en  mappe.

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Kør TDSSKiller.exe -> Klik på "Start Scan"

Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator.

Under "Change parameters" sætter du flueben ved "Detect TDLFS file system"

Klik på "Start Scan"

Hvis en inficeret fil bliver fundet, vil "Default action" være Cure, klik på Continue
Hvis den finder TDLFS file system, klikker du på Delete.
Hvis en mistænkelig fil opdages, vil "Default action" være Skip, klik på Continue
Hvis den ikke spørger om "Reboot" (genstart) så klik på "Report", kopier den tekst herind i tråden.

Genstart hvis den kræver det.

Hvis den genstarter kan du finde logfilen her :
C:\TDSSKiller.[Version]_[Dato]_[Tidspunkt]_log.txt.

Kopier den tekst herind I denne tråd.
Avatar billede quack Nybegynder
25. juli 2012 - 15:55 #10
OTL-log:

All processes killed
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c  >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.
C:\Users\RasmusJette\Desktop\cmd.bat deleted successfully.
C:\Users\RasmusJette\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RasmusJette
->Temp folder emptied: 3343607 bytes
->Temporary Internet Files folder emptied: 536266577 bytes
->Java cache emptied: 2123332 bytes
->FireFox cache emptied: 28241384 bytes
->Google Chrome cache emptied: 15709701 bytes
->Flash cache emptied: 108842 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12025283 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50517 bytes
RecycleBin emptied: 158924 bytes

Total Files Cleaned = 570.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: RasmusJette
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07252012_154239

Files\Folders moved on Reboot...
C:\Users\RasmusJette\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\RasmusJette\AppData\Local\Temp\~DF3B4D3A055D7A2AD6.TMP not found!
File\Folder C:\Users\RasmusJette\AppData\Local\Temp\~DFCC73384F4FF3AFD0.TMP not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\f233f63b6654362865c7577442edb9e3\Win32.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\eb138ef0e4282611dbf485a302784646\LibYAML.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\e56c61f7248672819579325af3387035\POSIX.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\d0bf009923f29116535c26d228271d6d\Scan.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\c668a322917d32a5ea22894518aa9897\Base64.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\c5cce8d16a1bd48692b421dcf46d3396\Util.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\c344fd5536724b2af2e6453833b60203\SHA1.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\c199d3c1960e7aeeecb599487952bed2\HiRes.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\bd5179a413bc0c4b82eedc22c6cab101\re.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\bc147d83c7c868eeee67082dcf55430c\File.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\b979ace6da01e63d651cce9ee2474fdc\Name.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\b6bd87c968599725b8ab2e5c25d3046a\API.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\aff7ee779ea184f884ed432c30a58f5d\Scale.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\7f2598c08178217a0e2c754f3d568f28\Byte.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\7f177c338672436e01c4f0bdbcf94491\EV.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\44727051c604ef6b79894b64d4c63832\Expat.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\4461f48e31bde5c56b31b973b773de09\List.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\3b7106dd14676048b10bbb09a990f74c\XS.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\19febd96672ffdb7ea244cef36aaa062\Zlib.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\17d0b152e63e6bfe81b4b19588538896\mro.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\0665c25e931c1ac0151b062449e91028\XSAccessor.dll not found!
File\Folder C:\Windows\temp\pdk-SYSTEM-2952\perl514.dll not found!

PendingFileRenameOperations files...
File C:\Users\RasmusJette\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\RasmusJette\AppData\Local\Temp\~DF3B4D3A055D7A2AD6.TMP not found!
File C:\Users\RasmusJette\AppData\Local\Temp\~DFCC73384F4FF3AFD0.TMP not found!
File C:\Windows\temp\pdk-SYSTEM-2952\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\f233f63b6654362865c7577442edb9e3\Win32.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\eb138ef0e4282611dbf485a302784646\LibYAML.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\e56c61f7248672819579325af3387035\POSIX.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\d0bf009923f29116535c26d228271d6d\Scan.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\c668a322917d32a5ea22894518aa9897\Base64.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\c5cce8d16a1bd48692b421dcf46d3396\Util.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\c344fd5536724b2af2e6453833b60203\SHA1.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\c199d3c1960e7aeeecb599487952bed2\HiRes.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\bd5179a413bc0c4b82eedc22c6cab101\re.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\bc147d83c7c868eeee67082dcf55430c\File.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\b979ace6da01e63d651cce9ee2474fdc\Name.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\b6bd87c968599725b8ab2e5c25d3046a\API.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\aff7ee779ea184f884ed432c30a58f5d\Scale.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\7f2598c08178217a0e2c754f3d568f28\Byte.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\7f177c338672436e01c4f0bdbcf94491\EV.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\44727051c604ef6b79894b64d4c63832\Expat.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\4461f48e31bde5c56b31b973b773de09\List.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\3b7106dd14676048b10bbb09a990f74c\XS.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\19febd96672ffdb7ea244cef36aaa062\Zlib.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\17d0b152e63e6bfe81b4b19588538896\mro.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\0665c25e931c1ac0151b062449e91028\XSAccessor.dll not found!
File C:\Windows\temp\pdk-SYSTEM-2952\perl514.dll not found!

Registry entries deleted on Reboot...
Avatar billede quack Nybegynder
25. juli 2012 - 15:59 #11
TDSSkiller:

15:56:21.0241 2416    TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:56:21.0397 2416    ============================================================
15:56:21.0397 2416    Current date / time: 2012/07/25 15:56:21.0397
15:56:21.0397 2416    SystemInfo:
15:56:21.0397 2416   
15:56:21.0397 2416    OS Version: 6.1.7601 ServicePack: 1.0
15:56:21.0397 2416    Product type: Workstation
15:56:21.0397 2416    ComputerName: RASMUSJETTE-HP
15:56:21.0397 2416    UserName: RasmusJette
15:56:21.0397 2416    Windows directory: C:\Windows
15:56:21.0397 2416    System windows directory: C:\Windows
15:56:21.0397 2416    Running under WOW64
15:56:21.0397 2416    Processor architecture: Intel x64
15:56:21.0397 2416    Number of processors: 6
15:56:21.0397 2416    Page size: 0x1000
15:56:21.0397 2416    Boot type: Normal boot
15:56:21.0397 2416    ============================================================
15:56:23.0425 2416    Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:56:23.0441 2416    ============================================================
15:56:23.0441 2416    \Device\Harddisk0\DR0:
15:56:23.0441 2416    MBR partitions:
15:56:23.0441 2416    \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:56:23.0441 2416    \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAD114000
15:56:23.0441 2416    \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAD146800, BlocksNum 0x1940800
15:56:23.0441 2416    ============================================================
15:56:23.0457 2416    C: <-> \Device\Harddisk0\DR0\Partition1
15:56:23.0628 2416    D: <-> \Device\Harddisk0\DR0\Partition2
15:56:23.0628 2416    ============================================================
15:56:23.0628 2416    Initialize success
15:56:23.0628 2416    ============================================================
15:56:45.0947 3124    ============================================================
15:56:45.0947 3124    Scan started
15:56:45.0947 3124    Mode: Manual; TDLFS;
15:56:45.0947 3124    ============================================================
15:56:48.0646 3124    1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:56:48.0677 3124    1394ohci - ok
15:56:48.0755 3124    ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:56:48.0755 3124    ACPI - ok
15:56:48.0818 3124    AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:56:48.0818 3124    AcpiPmi - ok
15:56:48.0880 3124    adfs            (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
15:56:48.0880 3124    adfs - ok
15:56:49.0411 3124    Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
15:56:49.0426 3124    Adobe Version Cue CS4 - ok
15:56:49.0847 3124    AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:56:49.0847 3124    AdobeFlashPlayerUpdateSvc - ok
15:56:50.0503 3124    adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:56:50.0518 3124    adp94xx - ok
15:56:50.0612 3124    adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:56:50.0612 3124    adpahci - ok
15:56:50.0643 3124    adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:56:50.0643 3124    adpu320 - ok
15:56:50.0674 3124    AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:56:50.0690 3124    AeLookupSvc - ok
15:56:50.0752 3124    AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:56:50.0783 3124    AFD - ok
15:56:50.0861 3124    agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:56:50.0861 3124    agp440 - ok
15:56:50.0877 3124    ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:56:50.0877 3124    ALG - ok
15:56:50.0908 3124    aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:56:50.0908 3124    aliide - ok
15:56:50.0939 3124    AMD External Events Utility (0de7bf2a2e64a841f9abf9558870d9c4) C:\Windows\system32\atiesrxx.exe
15:56:50.0955 3124    AMD External Events Utility - ok
15:56:50.0971 3124    amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:56:50.0971 3124    amdide - ok
15:56:51.0002 3124    AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:56:51.0002 3124    AmdK8 - ok
15:56:54.0278 3124    amdkmdag        (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atipmdag.sys
15:56:54.0403 3124    amdkmdag - ok
15:56:54.0543 3124    amdkmdap        (91e1daf0193bd2ab90b1b35c987237fe) C:\Windows\system32\DRIVERS\atikmpag.sys
15:56:54.0543 3124    amdkmdap - ok
15:56:54.0590 3124    AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:56:54.0590 3124    AmdPPM - ok
15:56:54.0621 3124    amdsata        (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
15:56:54.0621 3124    amdsata - ok
15:56:54.0668 3124    amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:56:54.0668 3124    amdsbs - ok
15:56:54.0683 3124    amdxata        (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
15:56:54.0683 3124    amdxata - ok
15:56:54.0746 3124    AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:56:54.0746 3124    AppID - ok
15:56:54.0777 3124    AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:56:54.0777 3124    AppIDSvc - ok
15:56:54.0824 3124    Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:56:54.0824 3124    Appinfo - ok
15:56:54.0917 3124    Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:56:54.0917 3124    Apple Mobile Device - ok
15:56:54.0949 3124    arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:56:54.0949 3124    arc - ok
15:56:54.0980 3124    arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:56:54.0980 3124    arcsas - ok
15:56:55.0027 3124    AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:56:55.0027 3124    AsyncMac - ok
15:56:55.0058 3124    atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:56:55.0073 3124    atapi - ok
15:56:55.0120 3124    AtiHdmiService  (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
15:56:55.0120 3124    AtiHdmiService - ok
15:56:55.0151 3124    AtiPcie        (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
15:56:55.0151 3124    AtiPcie - ok
15:56:55.0261 3124    AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:56:55.0276 3124    AudioEndpointBuilder - ok
15:56:55.0292 3124    AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:56:55.0292 3124    AudioSrv - ok
15:56:55.0853 3124    AVGIDSAgent    (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:56:55.0885 3124    AVGIDSAgent - ok
15:56:56.0041 3124    AVGIDSDriver    (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:56:56.0041 3124    AVGIDSDriver - ok
15:56:56.0072 3124    AVGIDSFilter    (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
15:56:56.0072 3124    AVGIDSFilter - ok
15:56:56.0119 3124    AVGIDSHA        (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
15:56:56.0119 3124    AVGIDSHA - ok
15:56:56.0181 3124    Avgldx64        (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
15:56:56.0181 3124    Avgldx64 - ok
15:56:56.0212 3124    Avgmfx64        (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:56:56.0212 3124    Avgmfx64 - ok
15:56:56.0228 3124    Avgrkx64        (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:56:56.0228 3124    Avgrkx64 - ok
15:56:56.0275 3124    Avgtdia        (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
15:56:56.0275 3124    Avgtdia - ok
15:56:56.0384 3124    avgwd          (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:56:56.0384 3124    avgwd - ok
15:56:56.0446 3124    AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:56:56.0462 3124    AxInstSV - ok
15:56:56.0540 3124    b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:56:56.0555 3124    b06bdrv - ok
15:56:56.0633 3124    b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:56:56.0649 3124    b57nd60a - ok
15:56:56.0727 3124    BBSvc          (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:56:56.0743 3124    BBSvc - ok
15:56:56.0805 3124    BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:56:56.0821 3124    BBUpdate - ok
15:56:56.0836 3124    BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:56:56.0852 3124    BDESVC - ok
15:56:56.0867 3124    Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:56:56.0867 3124    Beep - ok
15:56:56.0977 3124    BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:56:56.0992 3124    BFE - ok
15:56:57.0055 3124    blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:56:57.0055 3124    blbdrive - ok
15:56:57.0179 3124    Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:56:57.0179 3124    Bonjour Service - ok
15:56:57.0257 3124    bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:56:57.0257 3124    bowser - ok
15:56:57.0289 3124    BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:56:57.0289 3124    BrFiltLo - ok
15:56:57.0304 3124    BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:56:57.0304 3124    BrFiltUp - ok
15:56:57.0335 3124    BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:56:57.0351 3124    BridgeMP - ok
15:56:57.0445 3124    Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:56:57.0445 3124    Browser - ok
15:56:57.0491 3124    Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:56:57.0491 3124    Brserid - ok
15:56:57.0538 3124    BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:56:57.0538 3124    BrSerWdm - ok
15:56:57.0554 3124    BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:56:57.0554 3124    BrUsbMdm - ok
15:56:57.0585 3124    BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:56:57.0585 3124    BrUsbSer - ok
15:56:57.0601 3124    BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:56:57.0601 3124    BTHMODEM - ok
15:56:57.0647 3124    bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:56:57.0647 3124    bthserv - ok
15:56:57.0710 3124    catchme - ok
15:56:57.0741 3124    cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:56:57.0741 3124    cdfs - ok
15:56:57.0835 3124    cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:56:57.0850 3124    cdrom - ok
15:56:57.0897 3124    CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:56:57.0897 3124    CertPropSvc - ok
15:56:57.0959 3124    circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:56:57.0959 3124    circlass - ok
15:56:58.0069 3124    CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:56:58.0069 3124    CLFS - ok
15:56:58.0178 3124    clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:56:58.0193 3124    clr_optimization_v2.0.50727_32 - ok
15:56:58.0225 3124    clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:56:58.0225 3124    clr_optimization_v2.0.50727_64 - ok
15:56:58.0334 3124    clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:56:58.0349 3124    clr_optimization_v4.0.30319_32 - ok
15:56:58.0412 3124    clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:56:58.0412 3124    clr_optimization_v4.0.30319_64 - ok
15:56:58.0459 3124    CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:56:58.0459 3124    CmBatt - ok
15:56:58.0490 3124    cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:56:58.0490 3124    cmdide - ok
15:56:58.0599 3124    CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:56:58.0677 3124    CNG - ok
15:56:58.0693 3124    Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:56:58.0708 3124    Compbatt - ok
15:56:58.0755 3124    CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:56:58.0755 3124    CompositeBus - ok
15:56:58.0771 3124    COMSysApp - ok
15:56:58.0802 3124    crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:56:58.0817 3124    crcdisk - ok
15:56:58.0880 3124    CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:56:58.0880 3124    CryptSvc - ok
15:56:58.0942 3124    ctxusbm        (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
15:56:58.0942 3124    ctxusbm - ok
15:56:59.0098 3124    DAUpdaterSvc    (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
15:56:59.0114 3124    DAUpdaterSvc - ok
15:56:59.0379 3124    DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:56:59.0395 3124    DcomLaunch - ok
15:56:59.0457 3124    defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:56:59.0473 3124    defragsvc - ok
15:56:59.0535 3124    DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:56:59.0551 3124    DfsC - ok
15:56:59.0582 3124    dg_ssudbus      (bf4e72d6fa78fedc4b8577116eface7e) C:\Windows\system32\DRIVERS\ssudbus.sys
15:56:59.0582 3124    dg_ssudbus - ok
15:56:59.0675 3124    Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:56:59.0675 3124    Dhcp - ok
15:56:59.0691 3124    discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:56:59.0691 3124    discache - ok
15:56:59.0722 3124    Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:56:59.0722 3124    Disk - ok
15:56:59.0785 3124    Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:56:59.0785 3124    Dnscache - ok
15:56:59.0847 3124    dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:56:59.0863 3124    dot3svc - ok
15:56:59.0987 3124    DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:56:59.0987 3124    DPS - ok
15:57:00.0019 3124    drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:57:00.0034 3124    drmkaud - ok
15:57:00.0393 3124    DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:57:00.0409 3124    DXGKrnl - ok
15:57:00.0471 3124    EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:57:00.0471 3124    EapHost - ok
15:57:01.0516 3124    ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:57:01.0610 3124    ebdrv - ok
15:57:01.0766 3124    EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:57:01.0766 3124    EFS - ok
15:57:02.0000 3124    ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:57:02.0015 3124    ehRecvr - ok
15:57:02.0078 3124    ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:57:02.0156 3124    ehSched - ok
15:57:02.0764 3124    elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:57:02.0780 3124    elxstor - ok
15:57:02.0827 3124    ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:57:02.0827 3124    ErrDev - ok
15:57:02.0920 3124    EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:57:02.0920 3124    EventSystem - ok
15:57:02.0967 3124    exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:57:02.0983 3124    exfat - ok
15:57:02.0998 3124    ezSharedSvc - ok
15:57:03.0045 3124    fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:57:03.0045 3124    fastfat - ok
15:57:03.0154 3124    Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:57:03.0170 3124    Fax - ok
15:57:03.0217 3124    fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:57:03.0217 3124    fdc - ok
15:57:03.0232 3124    fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:57:03.0232 3124    fdPHost - ok
15:57:03.0248 3124    FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:57:03.0248 3124    FDResPub - ok
15:57:03.0279 3124    FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:57:03.0279 3124    FileInfo - ok
15:57:03.0279 3124    Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:57:03.0279 3124    Filetrace - ok
15:57:03.0856 3124    FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:57:03.0903 3124    FLEXnet Licensing Service - ok
15:57:05.0026 3124    FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:57:05.0057 3124    FLEXnet Licensing Service 64 - ok
15:57:05.0853 3124    flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:57:05.0853 3124    flpydisk - ok
15:57:05.0915 3124    FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:57:05.0931 3124    FltMgr - ok
15:57:06.0399 3124    FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:57:06.0430 3124    FontCache - ok
15:57:06.0586 3124    FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:57:06.0586 3124    FontCache3.0.0.0 - ok
15:57:06.0633 3124    FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:57:06.0633 3124    FsDepends - ok
15:57:06.0664 3124    Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:57:06.0664 3124    Fs_Rec - ok
15:57:06.0758 3124    fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:57:06.0836 3124    fvevol - ok
15:57:06.0898 3124    gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:57:06.0914 3124    gagp30kx - ok
15:57:06.0945 3124    GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:57:06.0945 3124    GEARAspiWDM - ok
15:57:07.0054 3124    gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:57:07.0070 3124    gpsvc - ok
15:57:07.0304 3124    gusvc          (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:57:07.0319 3124    gusvc - ok
15:57:07.0335 3124    hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:57:07.0335 3124    hcw85cir - ok
15:57:07.0865 3124    HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:57:07.0881 3124    HdAudAddService - ok
15:57:07.0943 3124    HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:57:07.0943 3124    HDAudBus - ok
15:57:07.0959 3124    HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:57:07.0959 3124    HidBatt - ok
15:57:07.0990 3124    HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:57:07.0990 3124    HidBth - ok
15:57:08.0037 3124    HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:57:08.0037 3124    HidIr - ok
15:57:08.0053 3124    hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:57:08.0053 3124    hidserv - ok
15:57:08.0068 3124    HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:57:08.0068 3124    HidUsb - ok
15:57:08.0131 3124    hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:57:08.0131 3124    hkmsvc - ok
15:57:08.0177 3124    HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:57:08.0193 3124    HomeGroupListener - ok
15:57:08.0318 3124    HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:57:08.0333 3124    HomeGroupProvider - ok
15:57:08.0458 3124    HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:57:08.0458 3124    HP Support Assistant Service - ok
15:57:08.0521 3124    HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:57:08.0521 3124    HPDrvMntSvc.exe - ok
15:57:08.0630 3124    hpqwmiex        (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:57:08.0661 3124    hpqwmiex - ok
15:57:08.0755 3124    HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:57:08.0755 3124    HpSAMD - ok
15:57:08.0864 3124    HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:57:08.0864 3124    HTTP - ok
15:57:08.0911 3124    hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:57:08.0926 3124    hwpolicy - ok
15:57:08.0957 3124    i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:57:08.0957 3124    i8042prt - ok
15:57:09.0004 3124    iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:57:09.0020 3124    iaStorV - ok
15:57:09.0597 3124    idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:57:09.0613 3124    idsvc - ok
15:57:09.0659 3124    iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:57:09.0691 3124    iirsp - ok
15:57:09.0800 3124    IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:57:09.0831 3124    IKEEXT - ok
15:57:10.0907 3124    IntcAzAudAddService (28ceefbd2c63f91dc17ded3e8d27ecf5) C:\Windows\system32\drivers\RTKVHD64.sys
15:57:10.0923 3124    IntcAzAudAddService - ok
15:57:11.0375 3124    intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:57:11.0375 3124    intelide - ok
15:57:11.0422 3124    intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:57:11.0422 3124    intelppm - ok
15:57:11.0469 3124    IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:57:11.0469 3124    IPBusEnum - ok
15:57:11.0516 3124    IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:57:11.0547 3124    IpFilterDriver - ok
15:57:11.0703 3124    iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:57:11.0719 3124    iphlpsvc - ok
15:57:11.0843 3124    IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:57:11.0843 3124    IPMIDRV - ok
15:57:11.0890 3124    IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:57:11.0890 3124    IPNAT - ok
15:57:12.0748 3124    iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:57:12.0764 3124    iPod Service - ok
15:57:12.0795 3124    IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:57:12.0795 3124    IRENUM - ok
15:57:12.0920 3124    isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:57:12.0920 3124    isapnp - ok
15:57:13.0169 3124    iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:57:13.0185 3124    iScsiPrt - ok
15:57:13.0216 3124    kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:57:13.0232 3124    kbdclass - ok
15:57:13.0263 3124    kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:57:13.0263 3124    kbdhid - ok
15:57:13.0325 3124    KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:57:13.0325 3124    KeyIso - ok
15:57:13.0497 3124    KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:57:13.0497 3124    KSecDD - ok
15:57:13.0544 3124    KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:57:13.0544 3124    KSecPkg - ok
15:57:13.0559 3124    ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:57:13.0575 3124    ksthunk - ok
15:57:13.0637 3124    KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:57:13.0653 3124    KtmRm - ok
15:57:13.0715 3124    LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:57:13.0715 3124    LanmanServer - ok
15:57:13.0762 3124    LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:57:13.0778 3124    LanmanWorkstation - ok
15:57:13.0856 3124    LightScribeService (3503f257b3203f824b1567238ebe17e2) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:57:13.0856 3124    LightScribeService - ok
15:57:13.0887 3124    lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:57:13.0887 3124    lltdio - ok
15:57:13.0934 3124    lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:57:13.0949 3124    lltdsvc - ok
15:57:13.0965 3124    lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:57:13.0965 3124    lmhosts - ok
15:57:14.0043 3124    LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:57:14.0074 3124    LSI_FC - ok
15:57:14.0090 3124    LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:57:14.0090 3124    LSI_SAS - ok
15:57:14.0121 3124    LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:57:14.0121 3124    LSI_SAS2 - ok
15:57:14.0152 3124    LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:57:14.0152 3124    LSI_SCSI - ok
15:57:14.0183 3124    luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:57:14.0183 3124    luafv - ok
15:57:14.0230 3124    Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:57:14.0246 3124    Mcx2Svc - ok
15:57:14.0261 3124    megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:57:14.0261 3124    megasas - ok
15:57:14.0293 3124    MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:57:14.0293 3124    MegaSR - ok
15:57:14.0324 3124    MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:57:14.0324 3124    MMCSS - ok
15:57:14.0339 3124    Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:57:14.0339 3124    Modem - ok
15:57:14.0371 3124    monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:57:14.0371 3124    monitor - ok
15:57:14.0433 3124    mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:57:14.0433 3124    mouclass - ok
15:57:14.0449 3124    mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:57:14.0449 3124    mouhid - ok
15:57:14.0495 3124    mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:57:14.0495 3124    mountmgr - ok
15:57:14.0605 3124    MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:57:14.0605 3124    MozillaMaintenance - ok
15:57:14.0667 3124    mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:57:14.0667 3124    mpio - ok
15:57:14.0683 3124    mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:57:14.0683 3124    mpsdrv - ok
15:57:15.0010 3124    MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:57:15.0026 3124    MpsSvc - ok
15:57:15.0213 3124    MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:57:15.0213 3124    MRxDAV - ok
15:57:15.0260 3124    mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:57:15.0260 3124    mrxsmb - ok
15:57:15.0775 3124    mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:57:15.0775 3124    mrxsmb10 - ok
15:57:15.0868 3124    mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:57:15.0884 3124    mrxsmb20 - ok
15:57:15.0946 3124    msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:57:15.0946 3124    msahci - ok
15:57:15.0993 3124    msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:57:15.0993 3124    msdsm - ok
15:57:16.0024 3124    MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:57:16.0024 3124    MSDTC - ok
15:57:16.0071 3124    Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:57:16.0071 3124    Msfs - ok
15:57:16.0087 3124    mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:57:16.0087 3124    mshidkmdf - ok
15:57:16.0102 3124    msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:57:16.0102 3124    msisadrv - ok
15:57:16.0133 3124    MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:57:16.0133 3124    MSiSCSI - ok
15:57:16.0149 3124    msiserver - ok
15:57:16.0180 3124    MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:57:16.0180 3124    MSKSSRV - ok
15:57:16.0196 3124    MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:57:16.0196 3124    MSPCLOCK - ok
15:57:16.0211 3124    MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:57:16.0211 3124    MSPQM - ok
15:57:16.0274 3124    MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:57:16.0289 3124    MsRPC - ok
15:57:16.0305 3124    mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:57:16.0305 3124    mssmbios - ok
15:57:16.0321 3124    MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:57:16.0321 3124    MSTEE - ok
15:57:16.0352 3124    MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:57:16.0352 3124    MTConfig - ok
15:57:16.0367 3124    Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:57:16.0367 3124    Mup - ok
15:57:16.0445 3124    napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:57:16.0461 3124    napagent - ok
15:57:16.0523 3124    NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:57:16.0523 3124    NativeWifiP - ok
15:57:16.0664 3124    NAUpdate        (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
15:57:16.0664 3124    NAUpdate - ok
15:57:16.0851 3124    NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:57:16.0882 3124    NDIS - ok
15:57:16.0945 3124    NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:57:16.0945 3124    NdisCap - ok
15:57:16.0960 3124    NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:57:16.0960 3124    NdisTapi - ok
15:57:17.0023 3124    Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:57:17.0023 3124    Ndisuio - ok
15:57:17.0116 3124    NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:57:17.0147 3124    NdisWan - ok
15:57:17.0272 3124    NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:57:17.0272 3124    NDProxy - ok
15:57:17.0319 3124    NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:57:17.0319 3124    NetBIOS - ok
15:57:17.0397 3124    NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:57:17.0397 3124    NetBT - ok
15:57:17.0428 3124    Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:57:17.0428 3124    Netlogon - ok
15:57:17.0491 3124    Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:57:17.0506 3124    Netman - ok
15:57:17.0631 3124    netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:57:17.0647 3124    netprofm - ok
15:57:17.0881 3124    NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:57:17.0896 3124    NetTcpPortSharing - ok
15:57:17.0927 3124    nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:57:17.0927 3124    nfrd960 - ok
15:57:18.0333 3124    NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:57:18.0364 3124    NlaSvc - ok
15:57:18.0411 3124    Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:57:18.0427 3124    Npfs - ok
15:57:18.0458 3124    nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:57:18.0458 3124    nsi - ok
15:57:18.0473 3124    nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:57:18.0473 3124    nsiproxy - ok
15:57:18.0785 3124    Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:57:18.0817 3124    Ntfs - ok
15:57:18.0973 3124    Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:57:18.0973 3124    Null - ok
15:57:19.0035 3124    nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:57:19.0035 3124    nvraid - ok
15:57:19.0082 3124    nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:57:19.0082 3124    nvstor - ok
15:57:19.0129 3124    nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:57:19.0129 3124    nv_agp - ok
15:57:19.0191 3124    ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:57:19.0191 3124    ohci1394 - ok
15:57:19.0269 3124    ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:57:19.0285 3124    ose - ok
15:57:19.0331 3124    p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:57:19.0347 3124    p2pimsvc - ok
15:57:19.0394 3124    p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:57:19.0409 3124    p2psvc - ok
15:57:19.0472 3124    Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:57:19.0472 3124    Parport - ok
15:57:19.0503 3124    partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:57:19.0503 3124    partmgr - ok
15:57:19.0534 3124    PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:57:19.0550 3124    PcaSvc - ok
15:57:19.0628 3124    pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:57:19.0628 3124    pci - ok
15:57:19.0690 3124    pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:57:19.0690 3124    pciide - ok
15:57:19.0737 3124    pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:57:19.0737 3124    pcmcia - ok
15:57:19.0768 3124    pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:57:19.0768 3124    pcw - ok
15:57:19.0831 3124    PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:57:19.0862 3124    PEAUTH - ok
15:57:19.0940 3124    PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:57:19.0955 3124    PerfHost - ok
15:57:20.0065 3124    pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:57:20.0080 3124    pla - ok
15:57:20.0189 3124    PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:57:20.0189 3124    PlugPlay - ok
15:57:20.0267 3124    PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:57:20.0283 3124    PNRPAutoReg - ok
15:57:20.0330 3124    PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:57:20.0330 3124    PNRPsvc - ok
15:57:20.0798 3124    PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:57:20.0829 3124    PolicyAgent - ok
15:57:20.0891 3124    Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:57:20.0891 3124    Power - ok
15:57:21.0001 3124    PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:57:21.0001 3124    PptpMiniport - ok
15:57:21.0032 3124    Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:57:21.0032 3124    Processor - ok
15:57:21.0094 3124    ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:57:21.0094 3124    ProfSvc - ok
15:57:21.0125 3124    ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:57:21.0125 3124    ProtectedStorage - ok
15:57:21.0172 3124    Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:57:21.0172 3124    Psched - ok
15:57:21.0250 3124    PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:57:21.0250 3124    PxHlpa64 - ok
15:57:21.0453 3124    ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:57:21.0500 3124    ql2300 - ok
15:57:21.0874 3124    ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:57:21.0905 3124    ql40xx - ok
15:57:21.0983 3124    QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:57:21.0983 3124    QWAVE - ok
15:57:22.0015 3124    QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:57:22.0046 3124    QWAVEdrv - ok
15:57:22.0077 3124    RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:57:22.0077 3124    RasAcd - ok
15:57:22.0124 3124    RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:57:22.0139 3124    RasAgileVpn - ok
15:57:22.0155 3124    RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:57:22.0171 3124    RasAuto - ok
15:57:22.0249 3124    Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:57:22.0264 3124    Rasl2tp - ok
15:57:22.0342 3124    RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:57:22.0358 3124    RasMan - ok
15:57:22.0405 3124    RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:57:22.0405 3124    RasPppoe - ok
15:57:22.0420 3124    RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:57:22.0436 3124    RasSstp - ok
15:57:22.0592 3124    rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:57:22.0607 3124    rdbss - ok
15:57:22.0639 3124    rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:57:22.0639 3124    rdpbus - ok
15:57:22.0654 3124    RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:57:22.0654 3124    RDPCDD - ok
15:57:22.0701 3124    RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:57:22.0701 3124    RDPENCDD - ok
15:57:22.0717 3124    RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:57:22.0717 3124    RDPREFMP - ok
15:57:22.0779 3124    RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:57:22.0795 3124    RDPWD - ok
15:57:22.0857 3124    rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:57:22.0857 3124    rdyboost - ok
15:57:22.0904 3124    RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:57:22.0904 3124    RemoteAccess - ok
15:57:22.0935 3124    RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:57:22.0935 3124    RemoteRegistry - ok
15:57:22.0951 3124    RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:57:22.0966 3124    RpcEptMapper - ok
15:57:22.0982 3124    RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:57:22.0982 3124    RpcLocator - ok
15:57:23.0263 3124    RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:57:23.0263 3124    RpcSs - ok
15:57:23.0309 3124    rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:57:23.0309 3124    rspndr - ok
15:57:23.0855 3124    RTL8167        (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:57:23.0855 3124    RTL8167 - ok
15:57:23.0887 3124    SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:57:23.0887 3124    SamSs - ok
15:57:24.0121 3124    sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:57:24.0136 3124    sbp2port - ok
15:57:24.0183 3124    SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:57:24.0183 3124    SCardSvr - ok
15:57:24.0230 3124    scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:57:24.0261 3124    scfilter - ok
15:57:24.0604 3124    Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:57:24.0620 3124    Schedule - ok
15:57:24.0713 3124    SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:57:24.0713 3124    SCPolicySvc - ok
15:57:24.0885 3124    SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:57:24.0916 3124    SDRSVC - ok
15:57:24.0994 3124    secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:57:24.0994 3124    secdrv - ok
15:57:25.0041 3124    seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:57:25.0041 3124    seclogon - ok
15:57:25.0088 3124    SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:57:25.0088 3124    SENS - ok
15:57:25.0103 3124    SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:57:25.0119 3124    SensrSvc - ok
15:57:25.0150 3124    Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:57:25.0150 3124    Serenum - ok
15:57:25.0181 3124    Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:57:25.0181 3124    Serial - ok
15:57:25.0244 3124    sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:57:25.0259 3124    sermouse - ok
15:57:25.0322 3124    SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:57:25.0337 3124    SessionEnv - ok
15:57:25.0384 3124    sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:57:25.0384 3124    sffdisk - ok
15:57:25.0400 3124    sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:57:25.0400 3124    sffp_mmc - ok
15:57:25.0415 3124    sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:57:25.0415 3124    sffp_sd - ok
15:57:25.0447 3124    sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:57:25.0447 3124    sfloppy - ok
15:57:25.0509 3124    SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:57:25.0525 3124    SharedAccess - ok
15:57:25.0727 3124    ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:57:25.0743 3124    ShellHWDetection - ok
15:57:25.0774 3124    SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:57:25.0774 3124    SiSRaid2 - ok
15:57:25.0805 3124    SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:57:25.0805 3124    SiSRaid4 - ok
15:57:25.0852 3124    Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:57:25.0852 3124    Smb - ok
15:57:25.0915 3124    SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:57:25.0930 3124    SNMPTRAP - ok
15:57:25.0946 3124    spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:57:25.0946 3124    spldr - ok
15:57:26.0133 3124    Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:57:26.0149 3124    Spooler - ok
15:57:27.0880 3124    sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:57:27.0911 3124    sppsvc - ok
15:57:28.0598 3124    sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:57:28.0598 3124    sppuinotify - ok
15:57:30.0080 3124    squeezesvc      (287d75a3d421d16d9feac81dddcb703a) C:/PROGRA~2/SQUEEZ~1/server/SqueezeSvr.exe
15:57:30.0142 3124    squeezesvc - ok
15:57:30.0283 3124    srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:57:30.0283 3124    srv - ok
15:57:30.0407 3124    srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:57:30.0407 3124    srv2 - ok
15:57:30.0485 3124    srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:57:30.0485 3124    srvnet - ok
15:57:30.0548 3124    SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:57:30.0548 3124    SSDPSRV - ok
15:57:30.0563 3124    SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:57:30.0579 3124    SstpSvc - ok
15:57:30.0657 3124    ssudmdm        (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
15:57:30.0673 3124    ssudmdm - ok
15:57:30.0751 3124    Steam Client Service - ok
15:57:30.0782 3124    stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:57:30.0782 3124    stexstor - ok
15:57:30.0875 3124    stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:57:30.0891 3124    stisvc - ok
15:57:30.0922 3124    swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:57:30.0922 3124    swenum - ok
15:57:30.0969 3124    swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:57:30.0969 3124    swprv - ok
15:57:31.0250 3124    SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:57:31.0265 3124    SysMain - ok
15:57:31.0499 3124    TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:57:31.0531 3124    TabletInputService - ok
15:57:31.0749 3124    TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:57:31.0765 3124    TapiSrv - ok
15:57:31.0780 3124    TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:57:31.0796 3124    TBS - ok
15:57:32.0201 3124    Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:57:32.0233 3124    Tcpip - ok
15:57:33.0871 3124    TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:57:33.0902 3124    TCPIP6 - ok
15:57:34.0666 3124    tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:57:34.0666 3124    tcpipreg - ok
15:57:34.0713 3124    TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:57:34.0713 3124    TDPIPE - ok
15:57:34.0775 3124    TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:57:34.0775 3124    TDTCP - ok
15:57:34.0853 3124    tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:57:34.0853 3124    tdx - ok
15:57:34.0900 3124    TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:57:34.0900 3124    TermDD - ok
15:57:35.0368 3124    TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:57:35.0384 3124    TermService - ok
15:57:35.0415 3124    Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:57:35.0415 3124    Themes - ok
15:57:35.0431 3124    THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:57:35.0446 3124    THREADORDER - ok
15:57:35.0540 3124    TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:57:35.0540 3124    TrkWks - ok
15:57:35.0789 3124    TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:57:35.0789 3124    TrustedInstaller - ok
15:57:35.0867 3124    tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:57:35.0914 3124    tssecsrv - ok
15:57:35.0961 3124    TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:57:35.0977 3124    TsUsbFlt - ok
15:57:36.0164 3124    tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:57:36.0179 3124    tunnel - ok
15:57:36.0226 3124    uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:57:36.0226 3124    uagp35 - ok
15:57:36.0289 3124    udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:57:36.0320 3124    udfs - ok
15:57:36.0367 3124    UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:57:36.0367 3124    UI0Detect - ok
15:57:36.0413 3124    uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:57:36.0413 3124    uliagpkx - ok
15:57:36.0476 3124    umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:57:36.0476 3124    umbus - ok
15:57:36.0523 3124    UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:57:36.0523 3124    UmPass - ok
15:57:36.0569 3124    upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:57:36.0585 3124    upnphost - ok
15:57:36.0601 3124    usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:57:36.0601 3124    usbccgp - ok
15:57:36.0647 3124    usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:57:36.0663 3124    usbcir - ok
15:57:36.0679 3124    usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:57:36.0679 3124    usbehci - ok
15:57:36.0710 3124    usbfilter      (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
15:57:36.0710 3124    usbfilter - ok
15:57:36.0757 3124    usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:57:36.0772 3124    usbhub - ok
15:57:36.0788 3124    usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:57:36.0788 3124    usbohci - ok
15:57:36.0803 3124    usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:57:36.0819 3124    usbprint - ok
15:57:36.0835 3124    USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:57:36.0835 3124    USBSTOR - ok
15:57:36.0850 3124    usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:57:36.0866 3124    usbuhci - ok
15:57:36.0866 3124    UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:57:36.0866 3124    UxSms - ok
15:57:36.0897 3124    VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:57:36.0897 3124    VaultSvc - ok
15:57:36.0913 3124    vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:57:36.0913 3124    vdrvroot - ok
15:57:36.0975 3124    vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:57:36.0991 3124    vds - ok
15:57:37.0022 3124    vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:57:37.0022 3124    vga - ok
15:57:37.0037 3124    VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:57:37.0037 3124    VgaSave - ok
15:57:37.0178 3124    vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:57:37.0209 3124    vhdmp - ok
15:57:37.0271 3124    viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:57:37.0271 3124    viaide - ok
15:57:37.0303 3124    volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:57:37.0303 3124    volmgr - ok
15:57:37.0381 3124    volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:57:37.0381 3124    volmgrx - ok
15:57:37.0427 3124    volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:57:37.0443 3124    volsnap - ok
15:57:37.0474 3124    vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:57:37.0474 3124    vsmraid - ok
15:57:37.0880 3124    VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:57:37.0895 3124    VSS - ok
15:57:38.0129 3124    vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:57:38.0145 3124    vwifibus - ok
15:57:38.0192 3124    W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:57:38.0239 3124    W32Time - ok
15:57:38.0270 3124    WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:57:38.0270 3124    WacomPen - ok
15:57:38.0348 3124    WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:57:38.0379 3124    WANARP - ok
15:57:38.0379 3124    Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:57:38.0395 3124    Wanarpv6 - ok
15:57:38.0941 3124    WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:57:38.0972 3124    WatAdminSvc - ok
15:57:39.0877 3124    wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:57:39.0955 3124    wbengine - ok
15:57:40.0750 3124    WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:57:40.0750 3124    WbioSrvc - ok
15:57:41.0031 3124    wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:57:41.0047 3124    wcncsvc - ok
15:57:41.0062 3124    WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:57:41.0078 3124    WcsPlugInService - ok
15:57:41.0140 3124    Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:57:41.0140 3124    Wd - ok
15:57:41.0218 3124    Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:57:41.0234 3124    Wdf01000 - ok
15:57:41.0265 3124    WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:57:41.0265 3124    WdiServiceHost - ok
15:57:41.0265 3124    WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:57:41.0265 3124    WdiSystemHost - ok
15:57:41.0327 3124    WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:57:41.0343 3124    WebClient - ok
15:57:41.0390 3124    Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:57:41.0390 3124    Wecsvc - ok
15:57:41.0405 3124    wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:57:41.0405 3124    wercplsupport - ok
15:57:41.0437 3124    WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:57:41.0437 3124    WerSvc - ok
15:57:41.0483 3124    WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:57:41.0483 3124    WfpLwf - ok
15:57:41.0499 3124    WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:57:41.0499 3124    WIMMount - ok
15:57:41.0561 3124    WinDefend - ok
15:57:41.0577 3124    WinHttpAutoProxySvc - ok
15:57:41.0873 3124    Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:57:41.0951 3124    Winmgmt - ok
15:57:43.0121 3124    WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:57:43.0184 3124    WinRM - ok
15:57:43.0387 3124    WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:57:43.0402 3124    WinUsb - ok
15:57:43.0777 3124    Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:57:43.0808 3124    Wlansvc - ok
15:57:43.0855 3124    WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:57:43.0855 3124    WmiAcpi - ok
15:57:43.0933 3124    wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:57:43.0933 3124    wmiApSrv - ok
15:57:43.0979 3124    WMPNetworkSvc - ok
15:57:44.0026 3124    WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:57:44.0026 3124    WPCSvc - ok
15:57:44.0182 3124    WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:57:44.0198 3124    WPDBusEnum - ok
15:57:44.0229 3124    ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:57:44.0245 3124    ws2ifsl - ok
15:57:44.0276 3124    wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:57:44.0291 3124    wscsvc - ok
15:57:44.0291 3124    WSearch - ok
15:57:45.0727 3124    wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:57:45.0820 3124    wuauserv - ok
15:57:46.0288 3124    WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:57:46.0288 3124    WudfPf - ok
15:57:46.0491 3124    WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:57:46.0522 3124    WUDFRd - ok
15:57:46.0569 3124    wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:57:46.0569 3124    wudfsvc - ok
15:57:46.0834 3124    WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:57:46.0850 3124    WwanSvc - ok
15:57:46.0897 3124    MBR (0x1B8)    (501b807c9f6aeb8f3331a729498f89c7) \Device\Harddisk0\DR0
15:57:48.0987 3124    \Device\Harddisk0\DR0 - ok
15:57:49.0003 3124    Boot (0x1200)  (4b7af0abbca316350b5f11e01d0b95e2) \Device\Harddisk0\DR0\Partition0
15:57:49.0018 3124    \Device\Harddisk0\DR0\Partition0 - ok
15:57:49.0049 3124    Boot (0x1200)  (c753a309f20c9fc66d09519f5916c45b) \Device\Harddisk0\DR0\Partition1
15:57:49.0065 3124    \Device\Harddisk0\DR0\Partition1 - ok
15:57:49.0112 3124    Boot (0x1200)  (2910ca2b1aa59b0225dc6a65db45c194) \Device\Harddisk0\DR0\Partition2
15:57:49.0159 3124    \Device\Harddisk0\DR0\Partition2 - ok
15:57:49.0159 3124    ============================================================
15:57:49.0159 3124    Scan finished
15:57:49.0159 3124    ============================================================
15:57:49.0174 3440    Detected object count: 0
15:57:49.0174 3440    Actual detected object count: 0
Avatar billede sullep Nybegynder
25. juli 2012 - 16:59 #12
Hent og gem aswMBR  på skrivebordet.
http://public.avast.com/~gmerek/aswMBR.exe


Start aswMBR og klik på "Scan"

Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator.

Når den er færdig med at scanne, klikker du på "SAVE LOG" og sender loggen herind.

>>


PS.: Vista/Win7 - HøjreMusseTast - "Kør som Administrator." på de programfiler.

Kør OTL > Kopier teksten med fed skrift ind under "Custom Scans/Fixes"
Nede til højre, sætter du fluben ved, "LOP Check" og "Purity Check", marker Scan All Users,
Klik på "Run Scan". Din computer vil nu blive scannet og efter et stykke tid vil 1 logs åbne sig.


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /rp /s
%systemroot%\*. /mp /s


Der åbnes et notesblok vindue  OTL.txt kopier teksten fra dem herind.

Fortæl om din PC opfører sig normal igen?
Avatar billede quack Nybegynder
25. juli 2012 - 22:34 #13
Jeg kan ikke få aswMBR til at fuldføre en scanning. Den kører fint i ca. 45 minutter, hvorefter den hoster en "antirootkit holdt op med at fungere"-meddelelse op.

Nedenfor er OTL-loggen.

Og ja, min PC lader til at opføre sig normalt igen. Siden i formiddag har AVG ikke detekteret malware, og alt andet kører fint.

OTL:

OTL logfile created on: 7/25/2012 10:15:10 PM - Run 4
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\RasmusJette\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

8.00 Gb Total Physical Memory | 5.05 Gb Available Physical Memory | 63.09% Memory free
16.00 Gb Paging File | 12.91 Gb Available in Paging File | 80.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.54 Gb Total Space | 651.23 Gb Free Space | 47.04% Space Free | Partition Type: NTFS
Drive D: | 12.63 Gb Total Space | 1.54 Gb Free Space | 12.17% Space Free | Partition Type: NTFS

Computer Name: RASMUSJETTE-HP | User Name: RasmusJette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/23 11:20:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\RasmusJette\Desktop\OTL.exe
PRC - [2012/07/14 16:12:10 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/26 09:00:48 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/03/14 05:49:48 | 014,057,569 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
PRC - [2012/03/14 05:48:58 | 003,051,619 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/11/29 21:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/11/29 21:58:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/05/12 17:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/05/12 17:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/01/25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/11/20 19:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/01/17 03:12:38 | 000,241,664 | ---- | M] (Yurion, Inc.) -- C:\Program Files (x86)\iriver\iriver plus 2\iAgent2.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/25 20:19:29 | 000,024,701 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\93e7e3d6030f426844228042348210cf\Service.dll
MOD - [2012/07/25 20:19:24 | 000,184,414 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\bd5179a413bc0c4b82eedc22c6cab101\re.dll
MOD - [2012/07/25 20:19:24 | 000,094,334 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\eb138ef0e4282611dbf485a302784646\LibYAML.dll
MOD - [2012/07/25 20:19:24 | 000,053,340 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
MOD - [2012/07/25 20:19:23 | 000,082,033 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
MOD - [2012/07/25 20:19:23 | 000,061,540 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\e56c61f7248672819579325af3387035\POSIX.dll
MOD - [2012/07/25 20:19:23 | 000,024,676 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
MOD - [2012/07/25 20:19:23 | 000,020,590 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
MOD - [2012/07/25 20:19:22 | 000,118,918 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
MOD - [2012/07/25 20:19:22 | 000,082,048 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
MOD - [2012/07/25 20:19:22 | 000,036,964 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\f233f63b6654362865c7577442edb9e3\Win32.dll
MOD - [2012/07/25 20:19:22 | 000,028,779 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
MOD - [2012/07/25 20:19:22 | 000,020,601 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\4461f48e31bde5c56b31b973b773de09\List.dll
MOD - [2012/07/25 20:19:22 | 000,020,576 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
MOD - [2012/07/25 20:19:21 | 000,032,878 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
MOD - [2012/07/25 20:19:21 | 000,028,774 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
MOD - [2012/07/25 20:19:21 | 000,024,701 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
MOD - [2012/07/25 20:19:21 | 000,024,679 | R--- | M] () -- C:\Users\RASMUS~1\AppData\Local\Temp\pdk-RasmusJette-5784\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
MOD - [2012/07/25 15:52:16 | 000,115,137 | ---- | M] () -- C:\Users\RasmusJette\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
MOD - [2012/06/13 17:20:01 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 17:19:44 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/12 23:11:02 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/12 23:10:52 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/12 23:10:50 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/12 23:10:44 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/12 23:10:43 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/10 17:27:19 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012/05/10 17:26:14 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65f0d70169a0e73b45307dddbd86f92b\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 17:26:08 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/10 17:24:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/10 16:55:28 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 16:55:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 16:55:14 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/10 16:54:31 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 16:54:24 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 16:54:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 16:54:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 16:53:52 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/09 23:33:46 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 23:31:10 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/09 23:31:08 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/09 23:31:05 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/09 23:31:00 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/02/04 13:53:45 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/11/29 21:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/11 01:25:48 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/01/11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/13 04:03:52 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 15:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 15:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 15:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/18 19:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/16 15:18:38 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/03/10 16:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/07/14 16:12:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 18:45:41 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/14 05:49:48 | 014,057,569 | ---- | M] () [Auto | Running] -- C:/PROGRA~2/SQUEEZ~1/server/SqueezeSvr.exe -- (squeezesvc)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/16 15:16:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 14:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/16 00:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/10/27 03:25:54 | 000,095,928 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/16 16:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/03/10 18:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/10 16:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/10 15:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/04 16:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/28 07:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/19 23:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/08 02:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/08 02:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/5
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {76398524-47C8-490F-9927-3D7DFE50A95E}
IE:64bit: - HKLM\..\SearchScopes\{76398524-47C8-490F-9927-3D7DFE50A95E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/5
IE - HKLM\..\SearchScopes,DefaultScope = {76398524-47C8-490F-9927-3D7DFE50A95E}
IE - HKLM\..\SearchScopes\{76398524-47C8-490F-9927-3D7DFE50A95E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.signon.stofanet.dk/
IE - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..\SearchScopes,DefaultScope = {76398524-47C8-490F-9927-3D7DFE50A95E}
IE - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..\SearchScopes\{76398524-47C8-490F-9927-3D7DFE50A95E}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@verimatrix.com/ViewRightWeb: C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\RasmusJette\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\RasmusJette\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\RasmusJette\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@verimatrix.com/ViewRightWeb: C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/02/19 23:29:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/02/19 23:29:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/17 14:27:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/04 13:17:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/05 10:13:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/05 10:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RasmusJette\AppData\Roaming\mozilla\Extensions
[2012/07/05 10:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/15 00:39:13 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
[2012/06/15 00:39:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/15 00:39:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml

========== Chrome  ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\RasmusJette\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\RasmusJette\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\RasmusJette\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\RasmusJette\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\RasmusJette\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-s\u00F8gning = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: AVG Safe Search = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: AVG Do Not Track = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\RasmusJette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/25 15:42:40 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000..\Run: [iPlusAgent2] C:\Program Files (x86)\iriver\iriver plus 2\iAgent2.exe (Yurion, Inc.)
O4 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15:64bit: - ..Trusted Domains: danid.dk ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..Trusted Domains: citrix.rn.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..Trusted Domains: e-boks.dk ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..Trusted Domains: hotmail.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..Trusted Domains: nemadgang.dk ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-256015621-3915457894-2407896354-1000\..Trusted Domains: nordea.dk ([www.netbank] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.10.10.4 212.10.10.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB403A5F-8F24-4E3B-9F14-2D8683566D0D}: DhcpNameServer = 212.10.10.4 212.10.10.5
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2012/07/25 20:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech Media Server
[2012/07/25 20:07:09 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\RasmusJette\Desktop\aswMBR.exe
[2012/07/25 15:42:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/25 15:40:29 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\Desktop\tdsskiller
[2012/07/25 12:02:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/25 11:59:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/25 11:49:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/25 11:49:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/25 11:49:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/25 11:49:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/25 11:47:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/25 11:47:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/25 11:44:15 | 004,584,441 | R--- | C] (Swearware) -- C:\Users\RasmusJette\Desktop\ComboFix.exe
[2012/07/25 05:18:30 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/24 11:33:30 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\Desktop\Ting til salg
[2012/07/23 13:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/23 13:47:23 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\Desktop\Andreas' spil
[2012/07/23 13:17:38 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\AppData\Roaming\Malwarebytes
[2012/07/23 13:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/23 13:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/23 13:17:30 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/23 13:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/23 13:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/23 13:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/23 11:19:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\RasmusJette\Desktop\OTL.exe
[2012/07/18 14:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verimatrix
[2012/07/18 14:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Verimatrix
[2012/07/17 14:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/14 23:48:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/14 23:48:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/14 23:48:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/14 23:48:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/14 23:48:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/14 23:48:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/14 23:48:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/14 23:48:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/14 23:48:21 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/14 23:48:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/14 23:48:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/14 23:48:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/14 23:48:21 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/14 15:41:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/14 15:41:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/14 15:40:55 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/14 15:40:52 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/14 15:40:51 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/05 15:52:06 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\Documents\Isopskrifter
[2012/07/05 10:13:27 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\AppData\Roaming\Mozilla
[2012/07/05 10:13:27 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\AppData\Local\Mozilla
[2012/07/05 10:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/05 10:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/05 10:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/05 09:59:05 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/05 09:58:14 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\AppData\Local\Apps
[2012/07/05 09:58:13 | 000,000,000 | ---D | C] -- C:\Users\RasmusJette\AppData\Local\Deployment

========== Files - Modified Within 30 Days ==========

[2012/07/25 22:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/25 22:08:00 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-256015621-3915457894-2407896354-1000UA.job
[2012/07/25 21:08:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-256015621-3915457894-2407896354-1000Core.job
[2012/07/25 20:19:15 | 000,001,028 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Media Server-ikon i systembakken.lnk
[2012/07/25 20:19:15 | 000,001,026 | ---- | M] () -- C:\Users\RasmusJette\Desktop\Logitech Media Server.lnk
[2012/07/25 20:07:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\RasmusJette\Desktop\aswMBR.exe
[2012/07/25 18:50:44 | 102,141,859 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/25 18:50:26 | 001,017,222 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/25 15:58:20 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 15:58:20 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 15:50:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/25 15:50:08 | 2146,918,399 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/25 15:42:40 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/25 15:40:14 | 002,117,108 | ---- | M] () -- C:\Users\RasmusJette\Desktop\tdsskiller.zip
[2012/07/25 11:44:16 | 004,584,441 | R--- | M] (Swearware) -- C:\Users\RasmusJette\Desktop\ComboFix.exe
[2012/07/23 13:17:31 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 13:09:16 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/23 11:20:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\RasmusJette\Desktop\OTL.exe
[2012/07/21 08:33:24 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRasmusJette.job
[2012/07/18 20:46:08 | 000,001,104 | ---- | M] () -- C:\Users\RasmusJette\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2012/07/18 20:46:08 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/07/17 14:27:19 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/15 10:26:10 | 002,998,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/14 16:12:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/14 16:12:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/05 10:13:24 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/04 13:10:15 | 001,233,342 | ---- | M] () -- C:\Users\RasmusJette\Desktop\krølletMG_3.jpg
[2012/07/04 13:09:55 | 001,158,047 | ---- | M] () -- C:\Users\RasmusJette\Desktop\krølletMG_2.jpg
[2012/07/04 13:09:10 | 001,199,187 | ---- | M] () -- C:\Users\RasmusJette\Desktop\krølletMG_1.jpg
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/25 15:40:14 | 002,117,108 | ---- | C] () -- C:\Users\RasmusJette\Desktop\tdsskiller.zip
[2012/07/25 11:49:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/25 11:49:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/25 11:49:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/25 11:49:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/25 11:49:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/23 13:17:31 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/23 13:09:16 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/05 10:13:24 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/05 10:13:23 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/05 09:58:41 | 000,000,966 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-256015621-3915457894-2407896354-1000UA.job
[2012/07/05 09:58:41 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-256015621-3915457894-2407896354-1000Core.job
[2012/07/04 13:10:15 | 001,233,342 | ---- | C] () -- C:\Users\RasmusJette\Desktop\krølletMG_3.jpg
[2012/07/04 13:09:55 | 001,158,047 | ---- | C] () -- C:\Users\RasmusJette\Desktop\krølletMG_2.jpg
[2012/07/04 13:09:10 | 001,199,187 | ---- | C] () -- C:\Users\RasmusJette\Desktop\krølletMG_1.jpg
[2012/03/11 12:33:38 | 000,004,608 | ---- | C] () -- C:\Users\RasmusJette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/26 12:36:51 | 000,000,082 | ---- | C] () -- C:\Windows\CykelInstall.ini
[2012/01/07 10:34:06 | 000,000,254 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/09/01 18:34:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\log.sflog
[2011/07/15 13:07:33 | 000,001,854 | ---- | C] () -- C:\Users\RasmusJette\AppData\Roaming\GhostObjGAFix.xml
[2011/07/03 17:18:34 | 000,000,197 | ---- | C] () -- C:\Windows\compedia.ini
[2011/06/19 17:20:55 | 000,000,084 | ---- | C] () -- C:\Windows\KAInstall.ini
[2011/02/16 20:37:23 | 000,003,082 | ---- | C] () -- C:\Windows\SysWow64\affv9553p4now.sys
[2011/02/13 21:01:11 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/13 21:01:11 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/13 17:37:10 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/11/12 19:23:15 | 000,000,000 | ---- | C] () -- C:\Users\RasmusJette\temp.dat
[2010/11/01 18:42:13 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/11/01 18:42:13 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2010/10/31 00:45:34 | 000,000,099 | ---- | C] () -- C:\Users\RasmusJette\jagex_runescape_preferences2.dat
[2010/10/31 00:41:25 | 000,000,046 | ---- | C] () -- C:\Users\RasmusJette\jagex_runescape_preferences.dat
[2010/10/13 23:20:28 | 000,017,927 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/10/13 23:20:27 | 006,931,688 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/10/13 00:11:33 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/12 23:09:15 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/09/28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/08/11 03:05:36 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/08/11 02:25:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/11 02:22:47 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/09/01 23:45:40 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Alawar Stargaze
[2011/11/27 01:15:48 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Artifex Mundi
[2010/12/11 20:12:09 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\AVG
[2011/10/25 22:24:29 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\AVG2012
[2012/01/04 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Awem
[2011/07/13 14:08:33 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Boolat Games
[2011/10/26 22:59:38 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Casual Box
[2011/12/12 00:44:49 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\casualArts
[2011/07/17 23:57:34 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\CattaleGames
[2010/11/12 19:49:06 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Cryptomathic
[2011/10/20 11:48:23 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\DailyMagic
[2010/10/26 00:00:07 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\dBpoweramp
[2011/12/22 00:17:31 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Deep Shadows
[2011/12/13 23:44:59 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\GameInvest
[2011/02/21 23:12:19 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\GetRightToGo
[2011/12/28 23:53:48 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\HitPoint Studios
[2011/12/03 00:50:26 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Hive Cluster
[2010/10/18 17:26:15 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\ICAClient
[2011/12/05 00:16:34 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\PlayFavoriteGames
[2011/12/05 00:08:12 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Rovio
[2011/12/28 23:53:12 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Samsung
[2010/10/30 00:10:24 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Scholastic
[2011/11/03 01:03:24 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\SpinTop Games
[2012/05/04 22:37:39 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Spotify
[2012/05/04 22:43:20 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\uTorrent
[2011/07/19 22:41:55 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\VampireSagaHL
[2012/01/07 00:10:21 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\Vso
[2010/10/18 23:56:42 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\WildTangent
[2010/10/14 21:55:38 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\WinBatch
[2010/10/13 00:11:32 | 000,000,000 | ---D | M] -- C:\Users\RasmusJette\AppData\Roaming\_MDLogs
[2012/03/31 14:24:59 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/04/25 07:53:55 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE  >
[2010/08/11 03:15:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02
Avatar billede quack Nybegynder
25. juli 2012 - 23:12 #14
Resten:



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE  >
[2010/08/11 03:15:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/08/11 03:15:25 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/08/11 03:12:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/08/11 03:12:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/08/11 03:12:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/08/11 03:15:25 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/08/11 03:12:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/08/11 03:15:25 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SERVICES  >
[2009/06/10 23:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.AIP  >
[2008/09/18 03:07:48 | 000,118,784 | ---- | M] (Adobe Systems Incorporated) MD5=41EE0A80B951D675B9227F29651511E0 -- C:\Program Files (x86)\Adobe\Adobe Illustrator CS4\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.EXE  >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI  >
[2010/08/11 02:40:58 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=62DAC757CFBD330E4F2A2CF387F672EF -- C:\Windows\SysNative\da-DK\services.exe.mui
[2010/08/11 02:40:58 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=62DAC757CFBD330E4F2A2CF387F672EF -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_1fd5cd894ef1d409\services.exe.mui

< MD5 for: SERVICES.LNK  >
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 06:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF  >
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 22:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC  >
[2010/08/11 02:40:57 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\SysNative\da-DK\services.msc
[2010/08/11 02:41:00 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\SysWOW64\da-DK\services.msc
[2010/08/11 02:40:57 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_5a179d75255b6dfc\services.msc
[2010/08/11 02:41:00 | 000,092,751 | ---- | M] () MD5=45061F4B05648B0549C709E431A9D33F -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_fdf901f16cfdfcc6\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 22:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML  >
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 22:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.XML  >
[2011/03/02 10:44:46 | 000,000,762 | ---- | M] () MD5=EBDADB02384A0289B9DF7255EAB907D7 -- C:\Program Files (x86)\bilka_fotoservice4.7\Bilka fotoservice\Resources\services.xml

< MD5 for: SVCHOST.EXE  >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE  >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
Avatar billede sullep Nybegynder
26. juli 2012 - 11:32 #15
Det lyder godt at PC´n kører normalt og fint igen.

Du fjerner Combofix sådan > Tryk på windows tast + R. > Det  åbner "KØR" > Skriv Combofix /Uninstall

Husk mellemrum efter Combofix.

>>

Kør OTL > Klik på "CleanUp".

Det vil afinstaller OTL, de andre programmer vi har brugt til rensning må du slette manuelt.

>>

Når der bruges fildelings programmer indbyder man selv til at få snavs på sin PC, afinstaller uTorrent.

>>

Ca. 5% af alt snavs snyder sig fint forbi din sikkerhedspakke hvis du ikke har opdateret Java, Adobe Reader og Flash. Desuden er det vigtigt at især ældre versioner af disse tre programmer er afinstalleret.

Sådan tjekker du om du har seneste version af Java:

Gå ind på siden her: http://java.com/en/download/installed.jsp og klik på "Verify Java version"
Nu undersøges om du har seneste Java. Hvis ikke så skal du downloade seneste version og installere den. Før du gør det skal du gå i Kontrolpanelet og finde "Tilføj/fjern programmer og afinstallere den gamle version. Der kan ligge flere forældede versioner så afinstaller også dem. Du bør genstarte før du installerer seneste version. Seneste version hedder i skrivende stund, den 20. juli 2012: Version 7 Update 5

Sådan tjekker du om du har seneste version af Adobe Reader:

Start > Programmer > Adobe Reader. Åbn Adobe Reader. Klik på "Hjælp" i menuen allerøverst. Klik på "Kontrollér for opdateringer" Får du en info som siger: "Der er ingen tilgængelige opdateringer" så har du seneste version. Seneste version er i skrivende stund, den 20. juli 2012:
10.1.3. Det kan du også læse hvis du klikker på "Hjælp" én gang til og derefter på "Om Adobe Reader". Du vil så se at der nederst i venstre hjørne står: "Version 10.1.3".
Har du ikke seneste version af Adobe Reader så hent den her: http://get.adobe.com/dk/reader/?promoid=DAGCC  Du må endelig huske at fjerne fluebenet ved "Medtag i din download" FØR du downloader ellers får du en toolbar med i købet.

Sådan tjekker du om du har seneste version af Flash:

På denne side http://www.adobe.com/software/flash/about/  kan du tjekke hvilken version af Flash du har på din computer. Hos mig står der: You have version 11,3,300,265  installed. På samme side ser jeg at det er seneste version, så det er helt ok hos mig.

Hvis du ikke har seneste version går du ind på denne side: http://get.adobe.com/flashplayer/ og downloader seneste version. Husk endelig at fjerne fluebenet ved: Include in your download, for ellers får du en fjollet toolbar med i dit download. Det kan være, at du skal deaktivere din sikkerhedspakke for at få lov til at downloade flash.
Avatar billede quack Nybegynder
26. juli 2012 - 20:06 #16
Det er meget, meget fornemt - tak for den store hjælp!

Er det så noget med, at du smider et "svar" nu, så jeg kan tildele dig dine velfortjente point?
Avatar billede sullep Nybegynder
27. juli 2012 - 08:34 #17
Velbekomme og god sommer.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
5 min siden iPad: Sort slukke firkant Af goglov i iOS, iPhone & iPad
51 min siden Hvilke sange sang The Beatles til koncerten i K.B Hallen 1964 ? Af Ikke-ekspert i Diverse
I dag 17:09 Lukke spørgsmål der ikke reageres på Af Uvanga i Forslag til ændringer
I dag 14:09 Windows Update virker ikke. Af barth i Andet software
I dag 08:22 Problemer med at åbne filer i Google Drev Af TTA i Excel
White papers
Flere white papers »


Premium
Teaser billede
Klar opfordring fra det norske datatilsyn: Du skal have en exitstrategi for amerikanske cloud-tjenester
Læs mere »
HP fyrer tusindvis af ansatte: 71 danske medarbejderes fremtid svæver i det uvisse
SKI afblæser rammeaftale til 3,4 milliarder kroner: Er nødt til at ændre en række forhold
Er godt i gang med at opgradere til Windows 11: Der er flere ting, som du kan lære af Satairs erfaringer
Se alle »
Computerworld
Teaser billede
Vi prøvekører den nye Tesla Model Y: Man kan sige hvad man vil om Elon Musk, men han kan saftsuseme godt bygge biler
Læs mere »
Flere millioner Chrome-brugere ramt af ondsindede udvidelser: Du skal selv afinstallere dem manuelt for at være beskyttet
Ny mikro-pc er mindre end en spillekonsol og byder på super-evner
Test: Nyt indendørs overvågningskamera har nogle snedige tricks gemt i softwarepakken
Se alle »
CIO
Teaser billede
Carsten advarede som it-sikkerhedschef om problemer og blev fyret: "Det endte med voksen-mobning af værste skuffe"
Læs mere »
Microsoft fuldender sit løfte om europæisk data-opbevaring – men der er en række undtagelser
Offentlige virksomheder hjemtager ejerskab af deres it: Her er årsagerne
Sådan gjorde Københavns Kommune klar til Windows 11 på 25.000 computere: "Vi har gjort det til en driftsopgave"
Se alle »
Job & Karriere
Teaser billede
40 år gammelt dansk it-selskab fusionerer med hollandsk firma og skifter navn
Læs mere »
Her er deres månedsløn: Så meget tjener CIO'erne i de danske regioner - den bedst lønnede får mere end digitaliseringsministeren
Microsoft fyrer de dårligst performende ansatte: Disse jobtitler bliver ramt
Carsten advarede som it-sikkerhedschef om problemer og blev fyret: "Det endte med voksen-mobning af værste skuffe"
Se alle »
White paper
Teaser billede
Sikkerhed gjort enkelt: Beskyt din virksomhed direkte i browseren
Læs mere »
TIDSBEGRÆNSET KAMPAGNE: Overvejer du at udskifte eller tilføje printere i din forretning? Vi kan tilbyde én eller flere maskiner GRATIS.
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »