Re: Windows update is not running - win 7 x64
Hi, Itpusher. Yes, it found what I suspected.
06:05:23.0036 5876 Scan finished
06:05:23.0036 5876 ============================================================
06:05:23.0067 7300 Detected object count: 1
06:05:23.0067 7300 Actual detected object count: 1
06:09:59.0297 7300 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
06:09:59.0297 7300 C:\windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
06:15:06.0555 2568 Deinitialize success
Please rescan again with
TDSSKiller.exe.
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
- Click the Start Scan button. Do not use the computer during the scan!
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
- Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
- A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
Please follow these instructions carefully.
Download ComboFix from the following location:
Link 1
!!! IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
- If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
- Double-click ComboFix.exe on your desktop and follow the prompts.
- Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
- When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.
Hi again,
here is the file - a large one !
Regards
Itpusher
Edit to paste log:
ComboFix 13-03-13.02 - cp 13-03-2013 19:07:32.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.45.1030.18.8102.6557 [GMT 1:00]
Kører fra: c:\users\cp\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
c:\program files (x86)\GadgetBox\gaDGetboxtb.dll
c:\programdata\100
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\TheBflix
c:\programdata\TheBflix\background.html
c:\programdata\TheBflix\bhoclass.dll
c:\programdata\TheBflix\content.js
c:\programdata\TheBflix\data\content.js
c:\programdata\TheBflix\data\jsondb.js
c:\programdata\TheBflix\ppjemjejnnojomfekgbpbbnecicblllf.crx
c:\programdata\TheBflix\settings.ini
C:\Thumbs.db
c:\users\cp\AppData\Local\assembly\tmp
c:\users\cp\AppData\Roaming\msconfig.ini
c:\users\cp\AppData\Roaming\skype.ini
c:\users\cp\g2mdlhlpx.exe
c:\users\itpusher\AppData\Local\assembly\tmp
c:\users\itpusher\AppData\Roaming\k 36
c:\users\itpusher\AppData\Roaming\k 36\j.exe
c:\users\itpusher\AppData\Roaming\k 36\r.lnk
c:\users\itpusher\AppData\Roaming\k 36\settings.txt
c:\users\itpusher\AppData\Roaming\k 36\tk.lnk
c:\users\itpusher\g2mdlhlpx.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\@
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\L\00000004.@
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\L\201d3dde
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\L\76603ac3
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\00000004.@
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\00000008.@
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\000000cb.@
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\80000000.@
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\80000032.@
c:\windows\Installer\{4835385a-b096-9719-2ea1-2fbcaaa3cc2e}\U\80000064.@
c:\windows\SysWow64\10561057
c:\windows\SysWow64\10561058
c:\windows\SysWow64\c_8577.nls
c:\windows\SysWow64\l_inntl.nls
.
Inficeret kopi af c:\windows\system32\services.exe blev fundet og desinficeret
Genskabt kopi fra - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2013-02-13 til 2013-03-13 )))))))))))))))))))))))))))))))))))
.
.
2013-03-13 18:20 . 2013-03-13 18:20 -------- d-----w- c:\users\Palette\AppData\Local\temp
2013-03-13 18:20 . 2013-03-13 18:20 -------- d-----w- c:\users\itpusher\AppData\Local\temp
2013-03-13 18:20 . 2013-03-13 18:20 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-03-13 18:20 . 2013-03-13 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-13 18:20 . 2013-03-13 18:20 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2013-03-13 18:20 . 2013-03-13 18:20 -------- d-----w- c:\users\administrator\AppData\Local\temp
2013-03-13 14:33 . 2013-03-13 14:33 -------- d-----w- c:\program files\Citrix
2013-03-12 21:55 . 2013-03-12 22:05 -------- d-----w- c:\program files (x86)\Delta
2013-03-10 19:15 . 2013-03-10 23:37 -------- d-----w- c:\windows\system32\catroot2
2013-03-10 14:46 . 2013-03-13 14:33 -------- d-----w- c:\programdata\Citrix
2013-03-10 14:45 . 2013-03-10 14:45 -------- d-----w- c:\program files (x86)\Common Files\Citrix
2013-03-10 13:38 . 2013-03-10 13:38 -------- d-----w- c:\users\itpusher\AppData\Local\Adobe
2013-03-10 13:35 . 2013-03-10 13:35 -------- d-----w- C:\$WINDOWS.~BT
2013-03-10 12:58 . 2013-03-10 22:27 -------- d-----w- c:\users\itpusher\AppData\Roaming\PC Cleaners
2013-03-10 12:58 . 2013-03-10 12:58 -------- d-----w- c:\users\itpusher\AppData\Roaming\PCPro
2013-03-10 11:54 . 2013-03-10 11:54 -------- d-----w- c:\program files (x86)\7-Zip
2013-03-09 15:26 . 2013-03-09 15:26 -------- d-----w- c:\program files (x86)\XML Notepad 2007
2013-03-08 14:11 . 2012-01-13 09:07 106408 ----a-r- c:\windows\system32\drivers\acsock64.sys
2013-03-08 13:18 . 2013-03-08 13:18 -------- d-----w- c:\users\cp\AppData\Roaming\PC Cleaners
2013-03-08 13:18 . 2013-03-08 13:18 -------- d-----w- c:\users\cp\AppData\Roaming\PCPro
2013-03-08 13:03 . 2012-12-22 18:53 4728712 ----a-w- c:\windows\uninst.exe
2013-03-08 13:03 . 2013-03-08 13:36 -------- d-----w- c:\programdata\PC1Data
2013-03-07 17:31 . 2013-03-07 17:31 -------- d-----w- c:\users\cp\AppData\Roaming\unikgame
2013-03-07 17:28 . 2013-03-07 17:28 -------- d-----w- c:\users\cp\AppData\Roaming\GreenSauceGames
2013-03-05 21:45 . 2013-03-05 21:45 -------- d-----w- c:\program files (x86)\RealNetworks
2013-03-05 21:45 . 2013-03-05 21:45 -------- d-----w- c:\programdata\RealNetworks
2013-03-05 21:45 . 2013-03-05 21:45 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-03-05 21:44 . 2013-03-05 21:44 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-03-05 21:44 . 2013-03-05 21:44 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-03-04 14:40 . 2013-03-04 14:40 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2013-03-03 13:06 . 2013-03-06 07:56 -------- d-----w- c:\users\Palette602
2013-03-03 12:44 . 2013-03-03 12:44 -------- d-----w- c:\users\Palette610
2013-03-03 09:58 . 2013-03-03 12:17 -------- d-----w- c:\users\cp\AppData\Roaming\FVZilla
2013-03-03 09:58 . 2013-03-03 12:17 -------- d-----w- c:\program files (x86)\Free Video Zilla
2013-03-02 17:29 . 2013-03-02 17:31 196608 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-02-27 17:50 . 2013-02-27 17:50 -------- d-----w- c:\users\cp\AppData\Roaming\BlamGames
2013-02-27 17:44 . 2013-02-27 17:44 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-02-27 17:33 . 2013-02-27 17:38 -------- d-----w- c:\program files (x86)\The Keepers 2 - The Order's Last Secret CE
2013-02-25 08:50 . 2010-04-03 10:51 47456 ----a-w- c:\windows\SysWow64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2013-02-25 08:50 . 2010-04-03 09:57 77152 ----a-w- c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2013-02-25 08:50 . 2010-04-03 10:51 73568 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.51.2500.0.dll
2013-02-25 08:50 . 2010-04-03 09:57 79200 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.51.2500.0.dll
2013-02-25 08:47 . 2013-02-25 08:47 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2013-02-25 08:46 . 2013-02-25 08:46 -------- d-----w- c:\program files\Microsoft.NET
2013-02-25 08:44 . 2013-02-25 08:45 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2013-02-25 08:44 . 2013-02-25 08:44 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2013-02-25 08:44 . 2013-02-25 08:44 -------- d-----w- c:\windows\system32\1033
2013-02-21 12:56 . 2013-02-21 12:57 -------- d-----w- c:\users\cp\AppData\Roaming\Realore_Whiterra Roads Of Rome 2
2013-02-21 12:34 . 2013-02-21 12:35 -------- d-----w- c:\users\cp\AppData\Roaming\Realore_Whiterra Roads Of Rome
2013-02-21 12:33 . 2013-02-21 12:34 -------- d-----w- c:\program files (x86)\Roads of Rome
2013-02-17 09:17 . 2013-02-17 09:17 -------- d-----w- c:\windows\CheckSur
2013-02-16 16:32 . 2013-02-18 16:55 -------- d-----w- c:\users\cp\AppData\Local\Torch
2013-02-16 09:24 . 2013-02-17 15:04 -------- dc-h--w- c:\programdata\{E0634565-E271-4760-99E4-50A964525826}
2013-02-16 09:24 . 2013-02-16 09:24 -------- d-----w- c:\users\cp\AppData\Local\PackageAware
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 10:53 . 2013-02-13 10:58 -------- d-----w- c:\users\cp\AppData\Roaming\PerformerSoft
2013-02-13 10:53 . 2012-12-19 14:53 19632 ----a-w- c:\windows\system32\roboot64.exe
2013-02-13 07:00 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 07:00 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 07:00 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 07:00 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 07:00 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 07:00 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 07:00 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 07:00 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 07:00 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 07:00 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 07:00 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 07:00 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 17:26 . 2013-02-12 17:26 -------- d-----w- c:\program files (x86)\ISO Image Burner
2013-02-12 16:39 . 2011-09-28 08:20 40960 ----a-w- c:\windows\SysWow64\SSubTmr6.dll
2013-02-12 16:39 . 2013-02-12 17:19 -------- d-----w- c:\users\cp\AppData\Roaming\FreeBurner
2013-02-12 16:39 . 2013-02-13 10:59 -------- d-----w- c:\program files (x86)\Free Easy CD DVD Burner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-11 15:51 . 2013-03-11 15:51 272824 ----a-w- C:\tom982.zip
2013-02-27 11:01 . 2012-03-29 16:26 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 11:01 . 2011-10-13 16:28 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-21 16:40 . 2012-02-04 13:55 2112832 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-02-14 02:04 . 2011-10-15 17:42 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-29 07:51 . 2013-01-29 07:51 110080 ----a-r- c:\users\cp\AppData\Roaming\Microsoft\Installer\{3260EEB5-1E2B-4044-A35F-0B8BF577E210}\IconF7A21AF7.exe
2013-01-29 07:51 . 2013-01-29 07:51 110080 ----a-r- c:\users\cp\AppData\Roaming\Microsoft\Installer\{3260EEB5-1E2B-4044-A35F-0B8BF577E210}\IconD7F16134.exe
2013-01-29 07:51 . 2013-01-29 07:51 110080 ----a-r- c:\users\cp\AppData\Roaming\Microsoft\Installer\{3260EEB5-1E2B-4044-A35F-0B8BF577E210}\Icon5B4E0377.exe
2013-01-09 06:35 . 2013-01-09 06:35 159 ----a-w- c:\programdata\dsgsdgdsgdsgw.reg
2013-01-09 06:35 . 2012-12-28 20:22 2819 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
2013-01-04 04:43 . 2013-02-13 07:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 05:31 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 05:31 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 05:31 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 05:31 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-10-05 21:47 . 2010-09-30 00:21 129024 ----a-w- c:\program files (x86)\Common Files\Uninstall.exe
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{390C7E87-153C-12DB-2EA6-0BB301EB26E9}]
2006-11-29 20:06 73728 ----a-w- c:\windows\SysWOW64\d3dx9_322.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{b52d0735-ec19-448a-abde-e01b5bd275d2}]
2012-10-03 05:57 1031240 ----a-w- c:\users\cp\AppData\Roaming\DownTangoLauncherToolbar\DownTangoLauncherToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{b52d0735-ec19-448a-abde-e01b5bd275d2}"= "c:\users\cp\AppData\Roaming\DownTangoLauncherToolbar\DownTangoLauncherToolbar.dll" [2012-10-03 1031240]
.
[HKEY_CLASSES_ROOT\clsid\{b52d0735-ec19-448a-abde-e01b5bd275d2}]
[HKEY_CLASSES_ROOT\wtb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{036ec50e-b1e7-481c-8e5a-24e42150f9e3}]
[HKEY_CLASSES_ROOT\wtb.Band]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-05-23 371896]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-05 295072]
.
c:\users\cp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Skærmklipper og startprogram til OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-02-03 23:09 75360 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PMS;PMS;c:\palette\BBA60\Webroot\BMS\Palette.Baltzar.Interface.WinService.MaintenanceService.exe [2012-01-24 45568]
R2 PMS610;PMS610;c:\palette\BBA610\BMS610\\PMS610\Palette.Baltzar.Interface.WinService.MaintenanceService.exe [2013-02-28 48640]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-03 2656280]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-01-13 106408]
R3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\DRIVERS\ctxva51.sys [2011-12-20 45720]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2011-02-07 63336]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [2012-09-17 125024]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [2012-11-16 182728]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg64.sys [2012-11-01 93600]
R3 pctplsm;pctplsm;c:\windows\System32\drivers\pctplsm64.sys [2012-11-01 87968]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2012-10-31 403416]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2012-10-31 42648]
R3 ThreatFire;ThreatFire;c:\program files (x86)\PC Tools Security\TFEngine\TFService.exe service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [2009-04-02 161256]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\DRIVERS\vnaap.sys [2009-04-02 161256]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1255736]
R3 WMSVC;Tjenesten Web Management;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-06-14 134456]
R4 cpextender;Check Point SSL Network Extender;c:\program files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [2011-10-18 355496]
R4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2011-02-03 464480]
R4 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-07-15 137272]
R4 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2011-01-12 36864]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R4 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R4 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-02-07 320000]
R4 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [2011-07-06 1698360]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-26 13336]
R4 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
R4 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2011-02-09 1318912]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2011-01-15 1116656]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-17 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-06-17 431456]
R4 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2010-11-11 502464]
R4 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2011-01-22 3154224]
S0 MfeEpePc;MfeEpePc; [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-10-22 413448]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2012-10-31 66344]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2012-10-31 709552]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-05-17 93272]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-10-31 347016]
S1 pctNdisLW64;PC Tools NDIS 6 LightWeight filter;c:\windows\system32\DRIVERS\pctNdisLW64.sys [2012-06-30 77976]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-11-01 253256]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2010-01-26 44576]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2012-10-23 580728]
S2 Readsoft;Readsoft;c:\flexlm\lmgrd.exe [2009-07-09 1500424]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2010-10-19 374048]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2010-10-19 292128]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2013-02-22 2849120]
S2 Test602;Test602;c:\palette\BBA602\BMS602\Palette.Baltzar.Interface.WinService.MaintenanceService.exe [2012-10-03 48640]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2010-11-11 32192]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [2011-11-13 56160]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-01-30 174168]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2011-02-08 26712]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-10-23 77144]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Indhold af mappen 'Planlagte Opgaver'
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:01]
.
2013-02-24 c:\windows\Tasks\HPCeeScheduleForcp.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-03-12 c:\windows\Tasks\HPCeeScheduleForITPRO$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\cp\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\cp\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\cp\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\cp\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
mStart Page = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE: {{45d8438c-b51d-47a8-aeea-9061535f25f1} - {b52d0735-ec19-448a-abde-e01b5bd275d2} - c:\users\cp\AppData\Roaming\DownTangoLauncherToolbar\DownTangoLauncherToolbar.dll
Trusted Zone: btjunkie.org
Trusted Zone: citrix.com\www
Trusted Zone: egmont.com\onesystem
Trusted Zone: google.dk\www
Trusted Zone: isohunt.com\www
Trusted Zone: itpro
Trusted Zone: palette.se\helpdesk
Trusted Zone: sbs.dk\sslvpn
Trusted Zone: senmatic.com\vpn
Trusted Zone: sttcondigi.com\gate
Trusted Zone: xnxx.com\video
TCP: DhcpNameServer = 192.168.1.1
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://vpn-emea.navico.com/SNX/CSHELL/extender.cab
FF - ProfilePath -
.
- - - - TOMME GENVEJE FJERNET - - - -
.
BHO-{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
Toolbar-10 - (no file)
Toolbar-{3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - c:\program files (x86)\GadgetBox\gadgetBoxTB.dll
Toolbar-Locked - (no file)
Toolbar-{82E1477C-B154-48D3-9891-33D83C26BCD3} - c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)
AddRemove-1ClickDownload - c:\program files (x86)\TornTV.com\uninst.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-delta - c:\program files (x86)\Delta\delta\1.8.10.0\GUninstaller.exe
AddRemove-Delta Chrome Toolbar - c:\users\cp\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
.
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre kørende processer ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\flexlm\EHLM.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Gennemført tid: 2013-03-13 20:07:35 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2013-03-13 19:07
.
Pre-Kørsel: 134.843.707.392 byte ledig
Post-Kørsel: 134.256.021.504 byte ledig
.
- - End Of File - - 4ADC685ADA2BEF8E2E516AB6C7BC4C35