CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede 2hans Juniormester
21. oktober 2014 - 21:41 Der er 13 kommentarer og
1 løsning

hjælp til at fjerne Astromenda m.fl.

Hej
Jeg forsøgte at hente Sketchup Pro, men jeg fik en masse skidt i stedet, blandt andet "Astromenda Serch, Cut The Rope m.m.

Jeg har forsøgt at fjerne det med rensepakken, men astromenda serch huserer stadig.

Jeg håber I kan se, om der er noget i logfilerne, der viser, hvad jeg kan gøre for at slippe for det møg. :)


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21-10-2014
Scan Time: 20:20:30
Logfile: Mbam log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.10.21.08
Rootkit Database: v2014.10.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320366
Time Elapsed: 5 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe, 2700, Delete-on-Reboot, [441824f3b6c6a4925383927f946fad53]

Modules: 0
(No malicious items detected)

Registry Keys: 30
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [92ca1106ec9013232754bc1f53afef11],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [92ca1106ec9013232754bc1f53afef11],
PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3b2cb4c8-72ab-4b25-8fa1-219b36a60bed}, Quarantined, [87d535e26418300688abf6d138c9d42c],
PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{9303da31-7a21-45fd-bd61-03ea56853012}, Quarantined, [87d535e26418300688abf6d138c9d42c],
PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}, Quarantined, [87d535e26418300688abf6d138c9d42c],
PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D6625FAD-EF8D-465C-B9D3-81BB22C40253}, Quarantined, [87d535e26418300688abf6d138c9d42c],
PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9303da31-7a21-45fd-bd61-03ea56853012}, Quarantined, [87d535e26418300688abf6d138c9d42c],
PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3B2CB4C8-72AB-4B25-8FA1-219B36A60BED}, Quarantined, [87d535e26418300688abf6d138c9d42c],
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean Pro_is1, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean-Pro_is1, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AdvanceElite, Quarantined, [6fed6fa82557270fca5dfa96bd477987],
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [b4a85cbbf58776c05c0d91ffa75d3ec2],
PUP.Optional.AdvanceElite.A, HKLM\SOFTWARE\WOW6432NODE\AdvanceElite, Quarantined, [451750c7bac267cff533c3cd7c8853ad],
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [4319b364df9da2949fcab1df7d87f40c],
PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, Quarantined, [96c656c14f2d132309f4e735699a15eb],
PUP.Optional.AdvancedSystemProtector.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\Advanced-System Protector, Quarantined, [b7a51700afcd1c1a00bc8d9744bfd927],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, Quarantined, [d7859681a7d5fc3a7bb0230c7192649c],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [4a1275a297e52313dca3210e15ee43bd],
PUP.Optional.AdvanceElite.A, HKU\S-1-5-21-2975562932-2066206378-1495734966-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\AdvanceElite, Quarantined, [005c71a6c0bc171f58d17f111ee6fc04],
PUP.Optional.Astromenda.A, HKU\S-1-5-21-2975562932-2066206378-1495734966-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wse_astromenda, Quarantined, [91cb9b7c87f5b77fa558a57f7f845fa1],
PUP.Optional.Astromenda.A, HKU\S-1-5-21-2975562932-2066206378-1495734966-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [87d5df38d7a530066703fe922adaf808],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2975562932-2066206378-1495734966-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [d78527f01a628caa455f3222ec17768a],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2975562932-2066206378-1495734966-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [d18bb1663e3e989e34c3bab0a85cca36],
PUP.Optional.AdvancedSystemProtector.A, HKU\S-1-5-21-2975562932-2066206378-1495734966-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\Advanced-System Protector, Quarantined, [b7a5c7505e1ef73fb00d60c4946fab55],
PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-2975562932-2066206378-1495734966-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, Quarantined, [3d1f898eb6c6ab8b8d0b6d0362a2a25e],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2975562932-2066206378-1495734966-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [e5771bfc3745fc3a76085fd0a162c63a],
PUP.Optional.Astromenda, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WSE_Astromenda, Quarantined, [441824f3b6c6a4925383927f946fad53],

Registry Values: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2975562932-2066206378-1495734966-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1K1J1N2U0R1O1F, Quarantined, [d18bb1663e3e989e34c3bab0a85cca36]
PUP.Optional.Astromenda, HKU\S-1-5-21-2975562932-2066206378-1495734966-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BRS, C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS, Quarantined, [441824f3b6c6a4925383927f946fad53]

Registry Data: 1
PUP.Optional.Astromenda.A, HKU\S-1-5-21-2975562932-2066206378-1495734966-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://astromenda.com/?f=1&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1Qzuzy0CtB0AyBtDzzyBtA0B0FyE0DyDyCyCtN0D0Tzu0StCtDtByDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByB0FyCyDtD0EyBtGyEzyzyyCtGyD0A0EtCtGzz0EyB0EtGyEyD0E0FtC0B0E0D0CtB0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtB0A0DyDyEtAyEtGtD0CyB0AtGyEtB0FtAtGzztD0A0DtGyC0F0DtCtD0AtD0A0CtB0D0A2Q&cr=957418631&ir=, Good: (www.google.com), Bad: (http://astromenda.com/?f=1&a=ast_ir_14_43_ch&cd=2XzuyEtN2Y1L1Qzuzy0CtB0AyBtDzzyBtA0B0FyE0DyDyCyCtN0D0Tzu0StCtDtByDtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByB0FyCyDtD0EyBtGyEzyzyyCtGyD0A0EtCtGzz0EyB0EtGyEyD0E0FtC0B0E0D0CtB0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtB0A0DyDyEtAyEtGtD0CyB0AtGyEtB0FtAtGzztD0A0DtGyC0F0DtCtD0AtD0A0CtB0D0A2Q&cr=957418631&ir=),Replaced,[164650c7fe7e320474ac59d0a95c46ba]

Folders: 82
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro, Quarantined, [66f664b3f4880d29d6f53ffdaa59c53b],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite, Quarantined, [6fed6fa82557270fca5dfa96bd477987],
PUP.Optional.RegCleanerPro.A, C:\Users\Administrator\AppData\Roaming\Systweak\RegClean Pro, Quarantined, [97c530e793e99c9a193e1ad57d85de22],
PUP.Optional.RegCleanerPro.A, C:\Users\Administrator\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, Quarantined, [97c530e793e99c9a193e1ad57d85de22],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\data, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blackfriday, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\weather\images, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\css, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\about, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\apps, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\clean, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\discovery, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\favorites, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\ftue, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\icons\pageAction, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\image-upload, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\loaders, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\notifications, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\phone, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\review-gifs\cat, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\search, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\bubbles, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\buttons, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\city, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\clean, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\disco, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\fishing, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\forest, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\mountains, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\planets, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sea, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\space, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\strips, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\themes\sunset, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\img\user, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\js, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\lib, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\locales, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ar, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\de, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\en, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\es, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\fr, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\he, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\it, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ja, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\nl, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\pl, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\pt_BR, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\ru, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_locales\tr, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\_metadata, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda, Delete-on-Reboot, [441824f3b6c6a4925383927f946fad53],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\bh, Quarantined, [441824f3b6c6a4925383927f946fad53],
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS, Delete-on-Reboot, [441824f3b6c6a4925383927f946fad53],
PUP.Optional.Astromenda.A, C:\Users\Administrator\AppData\Roaming\WSE_Astromenda, Quarantined, [73e98f88adcfb482549b25ecff0403fd],
PUP.Optional.Astromenda.A, C:\Users\Administrator\AppData\Roaming\WSE_Astromenda\icons_3.5.1.4, Quarantined, [73e98f88adcfb482549b25ecff0403fd],
PUP.Optional.Astromenda.A, C:\Users\Administrator\AppData\Roaming\WSE_Astromenda\UpdateProc, Quarantined, [73e98f88adcfb482549b25ecff0403fd],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector, Quarantined, [cb91987ff68637ff50deb35f758e966a],
PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced-System Protector\signatures, Quarantined, [cb91987ff68637ff50deb35f758e966a],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Administrator\AppData\Roaming\Systweak\Advanced-System Protector, Quarantined, [95c7a96e1d5f2e08929c7d95db2837c9],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\Administrator\AppData\Roaming\Systweak\Advanced-System Protector\2.1.1000.14138, Quarantined, [95c7a96e1d5f2e08929c7d95db2837c9],

Files: 595
PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\AdvanceElitebho.dll, Quarantined, [87d535e26418300688abf6d138c9d42c],
PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.exe, Quarantined, [ce8ec84f58249f97260e18af946d43bd],
PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\sasnative64.exe, Quarantined, [cb918c8bd9a3f64088e2baf8c53c42be],
PUP.Optional.Bandoo.A, C:\Users\Administrator\Downloads\iMeshSetup-r393-n-bc.exe, Quarantined, [471522f5eb9159dd876c87bbe31ead53],
PUP.Optional.Astromenda.A, C:\Windows\System32\Tasks\WSE_Astromenda, Quarantined, [7ae26ea9dca046f02b9354c858ab2bd5],
PUP.Optional.Astromenda.A, C:\Windows\Tasks\WSE_Astromenda.job, Quarantined, [93c9bf5835477abc675874a8d3307e82],
PUP.Optional.AdvancedSystemProtector, C:\Windows\System32\Tasks\Advanced-System Protector_startup, Quarantined, [0a524dcae9937eb80c201a0b867d827e],
PUP.Optional.AdvancedSystemProtector, C:\Users\Public\Desktop\Advanced-System Protector.lnk, Quarantined, [8bd19a7d9ce04ee8b2001e07ad5635cb],
PUP.Optional.RegCleanerPro, C:\Users\Public\Desktop\RegClean Pro.lnk, Quarantined, [0359ed2a275586b0e5edc16600031fe1],
PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\RegClean Pro, Quarantined, [b4a85dba413b191d478d39eef0138878],
PUP.Optional.RegCleanPro.A, C:\Windows\System32\Tasks\RegClean Pro_DEFAULT, Quarantined, [c39977a0c3b983b370a01121eb1858a8],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk, Quarantined, [66f664b3f4880d29d6f53ffdaa59c53b],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Afinstaller (fjern) RegClean Pro.lnk, Quarantined, [66f664b3f4880d29d6f53ffdaa59c53b],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk, Quarantined, [66f664b3f4880d29d6f53ffdaa59c53b],
PUP.Optional.RegCleanerPro.J, C:\Windows\Tasks\RegClean Pro_UPDATES.job, Quarantined, [76e66ea9403ce74fc72bc6908c77a65a],
PUP.Optional.RegCleanPro.A, C:\Windows\Tasks\RegClean Pro_DEFAULT.job, Quarantined, [38244fc82a52a294d1c62f3ae51fc040],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe.config, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\norwegian_asp_NO.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AdvancedSystemProtector.exe, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AppResource.dll, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\asp.ico, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\AspManager.exe, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\aspsys.dll, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\ASPUninstall.exe, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\categories.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Chinese_asp_ZH-CN.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Chinese_uninst.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Communication.dll, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\danish_asp_DA.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Danish_uninst.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\dutch_asp_NL.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Dutch_uninst.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\eng_asp_en.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\eng_uninst.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\filetypehelper.exe, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Finnish_asp_FI.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Finnish_uninst_fi.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\french_asp_FR.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\French_uninst.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\german_asp_DE.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\German_uninst.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Norwegian_uninst.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\polish_uninst_pl.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\portugese_uninst_pt.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\portuguese_asp_PT-BR.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Portuguese_uninst.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\russian_asp_ru.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\russian_uninst_ru.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\scandll.dll, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\spanish_asp_ES.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\spanish_uninst.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\swedish_asp_SV.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\swedish_uninst.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\greek_uninst_el.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Interop.IWshRuntimeLibrary.dll, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\italian_asp_IT.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Italian_uninst.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\japanese_asp_JA.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Japanese_uninst.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\korean_uninst_ko.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\loading_withWhiteBG.avi, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Microsoft.Win32.TaskScheduler.DLL, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\System.Core.dll, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\System.Data.SQLite.dll, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\TPS.ico, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\traditionalcn_uninst_zh-tw.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Turkish_uninst_tr.ini, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unins000.dat, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unins000.exe, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unins000.msg, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\unrar.dll, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.Compression.dll, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.Compression.Formats.dll, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.FileSystem.dll, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Xceed.Zip.dll, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack\clamscan.exe, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack\libclamav.dll, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\clamunpack\readme.txt, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.com, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.exe, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.pif, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\asp-fixer.scr, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\ASP-Troubleshooter.chm, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\firefox.com, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\iexplore.exe, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.AdvancedSystemProtector.A, C:\Program Files (x86)\ASP\Troubleshooter\iexplore.lnk, Quarantined, [223abe59275539fd82a891fcd52f59a7],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Chinese_rcp.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\FileList.rcp, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Chinese_uninst.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\CleanSchedule.exe, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Danish_rcp.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Danish_uninst.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Dutch_rcp.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Dutch_uninst.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\eng_rcp.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\eng_uninst.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Japanese_rcp.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Japanese_uninst.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\korean_rcp_ko.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\korean_uninst_ko.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\LicMgr.dll, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Norwegian_rcp.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Norwegian_uninst.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\polish_rcp_pl.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\polish_uninst_pl.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\portugese_rcp_pt.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\portugese_uninst_pt.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Portuguese_rcp.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Portuguese_uninst.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\RCPUninstall.exe, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Finnish_rcp_fi.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Finnish_uninst_fi.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\French_rcp.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\French_uninst.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\German_rcp.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\German_uninst.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\greek_rcp_el.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\greek_uninst_el.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\install_left_image.bmp, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\isxdl.dll, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Italian_rcp.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Italian_uninst.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\RegCleanPro.exe, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\RegList.rcp, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\russian_rcp_ru.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\russian_uninst_ru.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Spanish_rcp.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\spanish_uninst.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Swedish_rcp.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\swedish_uninst.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\systweakasp.exe, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\TPS.ico, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\TraditionalCn_rcp_zh-tw.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\traditionalcn_uninst_zh-tw.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\turkish_rcp_tr.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\Turkish_uninst_tr.ini, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\unins000.dat, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\unins000.exe, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\unins000.msg, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.RegCleanPro.A, C:\Program Files (x86)\RCP\xmllite.dll, Quarantined, [f567fb1ceb91b48223090588659ffc04],
PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\AdvanceElite.ico, Quarantined, [6fed6fa82557270fca5dfa96bd477987],
PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\7za.exe, Quarantined, [6fed6fa82557270fca5dfa96bd477987],
PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\AdvanceEliteUninstall.exe, Quarantined, [6fed6fa82557270fca5dfa96bd477987],
PUP.Optional.AdvanceElite.A, C:\Program Files (x86)\AdvanceElite\updateAdvanceElite.InstallState, Quarantined, [6fed6fa82557270fca5dfa96bd477987],
PUP.Optional.RegCleanerPro.A, C:\Users\Administrator\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup3.bin, Quarantined, [97c530e793e99c9a193e1ad57d85de22],
PUP.Optional.RegCleanerPro.A, C:\Users\Administrator\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup4.bin, Quarantined, [97c530e793e99c9a193e1ad57d85de22],
PUP.Optional.RegCleanerPro.A, C:\Users\Administrator\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup6.bin, Quarantined, [97c530e793e99c9a193e1ad57d85de22],
PUP.Optional.RegCleanerPro.A, C:\Users\Administrator\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Danish_rcp.dat, Quarantined, [97c530e793e99c9a193e1ad57d85de22],
PUP.Optional.RegCleanerPro.A, C:\Users\Administrator\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp, Quarantined, [97c530e793e99c9a193e1ad57d85de22],
PUP.Optional.RegCleanerPro.A, C:\Users\Administrator\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_10-21-2014.log, Quarantined, [97c530e793e99c9a193e1ad57d85de22],
PUP.Optional.RegCleanerPro.A, C:\Users\Administrator\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\rcpupdate.ini, Quarantined, [97c530e793e99c9a193e1ad57d85de22],
PUP.Optional.RegCleanerPro.A, C:\Users\Administrator\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp, Quarantined, [97c530e793e99c9a193e1ad57d85de22],
PUP.Optional.RegCleanerPro.A, C:\Users\Administrator\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp, Quarantined, [97c530e793e99c9a193e1ad57d85de22],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\background.html, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\manifest.json, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\newtab.html, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\opentab.html, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\comp.png, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\phone-frame.png, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\phone.png, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\0-mobile.jpg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\0.jpg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\1-mobile.jpg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\1.jpg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\2-mobile.jpg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\2.jpg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\3-mobile.jpg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\3.jpg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\4-mobile.jpg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\4.jpg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\5-mobile.jpg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\facebook\images\carousel\screenshots\5.jpg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\data\gallery.json, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\9gag.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\afterDownload.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\aim.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\aim_alt.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\amazon.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\apple.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\app_store.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\arto.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\aws.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\baidu.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\basecamp.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\bebo.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\behance.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\bing.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\blogger.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\bnter.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\brightkite.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\cinch.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\cloudapp.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\coroflot.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\creative_commons.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\dailybooth.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\delicious.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\designbump.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\designfloat.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\designmoo.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\deviantart.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\digg.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\digg_alt.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\diigo.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\dribbble.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\dropbox.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\drupal.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\dzone.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\ebay.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\ember.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\etsy.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\evernote.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\expedia.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\facebook.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\facebook_alt.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\facebook_places.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\facto.me.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\feedburner.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\flickr.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\folkd.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\formspring.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\forrst.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\foursquare.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\foxtab.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\friendfeed.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\friendster.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\funmoods.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\gdgt.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\github.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\github_alt.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\gmail.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\goodreads.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\google-drive.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\google.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\google_buzz.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\google_talk.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\gowalla.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\gowalla_alt.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\grooveshark.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\hacker_news.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae\0.3.6_0\app\spots\gallery\images\hi5.svg, Quarantined, [fa62c552710b0333f3e2a071a45f7b85],
PUP.Optional.Astromenda, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Def
Avatar billede 2hans Juniormester
21. oktober 2014 - 21:42 #1
ups.. Hijackthis filen


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:05:30, on 21-10-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Users\Administrator\Desktop\Fix\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Hjælp til logon til Microsoft-konto - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - Startup: Dropbox.lnk = Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Skærmklipper og startprogram til OneNote 2010.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: S&end til OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Vis eller skjul HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 18389 bytes
Avatar billede f-arn Guru
21. oktober 2014 - 22:14 #2
Jeg har forsøgt at fjerne det med rensepakken, men astromenda serch huserer stadig.

Hvilken rensepakke?

------

Hent AdwCleaner af Xplode, og gem den på dit Skrivebord.

Luk alle åbne programmer !

Deaktiver dit sikkerhedprogram, mens du kører den !

Start AdwCleaner, tryk på "Scan - lad den scanne og klik så på "Delete"

Mht.: Vista og Windows 7/8 - Højreklik på filen - Kør som Administrator.

Programmet vil automatisk genstarte PCen, og åbne en logfil som du skal kopiere herind i næste indlæg.

Logfilen kan også findes her: C:\AdwCleaner[S0].txt

------

Fjern Alle USB nøgler og Externe Harddiske før du kører programmet.

Hent og gem RogueKiller på dit skrivebord.

Den kan også hentes her

Husk at vælge den rigtige version. (64 bit)

Deaktiver dit sikkerhedprogram, mens du kører den :exclaim:

Luk alle vinduer og kør "RogueKiller" (Hvis den blokeres, kør den flere gange)

Hvis den slet ikke vil køre, prøv at omdøbe den til winlogon.exe

Mht.: Vista og Windows 7/8 - Højreklik på filen - Kør som Administrator.

Lad det indledende scan køre.

Tryk SCAN.

Når den har scannet færdig, klikker du på report,gemmer den og kopierer den herind.

Du skal ikke fjerne noget  !
Avatar billede Slettet bruger
21. oktober 2014 - 22:20 #3
http://malwaretips.com/blogs/remove-astromenda-virus/
Avatar billede 2hans Juniormester
21. oktober 2014 - 22:59 #4
Jeg har anvendt "pakken" der foreslås under "virus", Combofix, MBam, Hijackthis og CCcleaner.




Herunder er loggen fra Adwcleaner:

# AdwCleaner v4.001 - Report created 21/10/2014 at 22:55:32
# Updated 20/10/2014 by Xplode
# Database : 2014-10-21.1
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Administrator - FREDENSBORGKOMM
# Running from : C:\Users\Administrator\Desktop\adwcleaner_4.001.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Administrator\Desktop\MyPC Backup.lnk
File Found : C:\Users\Administrator\Desktop\Sync Folder.lnk
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Systweak
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Found : C:\Users\Administrator\AppData\LocalLow\HPAppData
Folder Found : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found : C:\Users\Administrator\AppData\Roaming\Systweak
Folder Found : C:\Windows\Util

***** [ Scheduled Tasks ] *****

Task Found : advanced-System Protector_startup
Task Found : LaunchSignup
Task Found : RegClean Pro

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\BRS
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\BRS
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\systweak
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [2775 octets] - [21/10/2014 22:47:48]
AdwCleaner[R1].txt - [2835 octets] - [21/10/2014 22:50:57]
AdwCleaner[R2].txt - [2895 octets] - [21/10/2014 22:52:05]
AdwCleaner[R3].txt - [2787 octets] - [21/10/2014 22:55:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [2847 octets] ##########
Avatar billede 2hans Juniormester
21. oktober 2014 - 23:05 #5
Logfilen fra Rougekiller:

RogueKiller V10.0.2.0 [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Administrator]
Mode : Scan -- Date : 10/21/2014  23:04:09

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] adwcleaner_4.001.exe -- C:\Users\Administrator\Desktop\adwcleaner_4.001.exe
  • -> Killed [TermProc]

¤¤¤ Registry : 22 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14B45B85-86C4-4170-B2E9-DC734F52DB58} | DhcpNameServer : 10.120.170.10 10.120.170.11  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{14B45B85-86C4-4170-B2E9-DC734F52DB58} | DhcpNameServer : 10.120.170.10 10.120.170.11  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{14B45B85-86C4-4170-B2E9-DC734F52DB58} | DhcpNameServer : 10.120.170.10 10.120.170.11  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{14B45B85-86C4-4170-B2E9-DC734F52DB58} | DhcpNameServer : 10.120.170.10 10.120.170.11  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1      localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZ7TD128HAFV-000 +++++
--- User ---
[MBR] 41fc017b3186d51407cae4d97d273bac
[BSP] d7aeb65805a33d0cea8e49af08f13e15 : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 94410 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 196425728 | Size: 18000 MB
3 - [XXXXXX] OS/2-HIBER (0x84) [HIDDEN!] Offset (sectors): 233289728 | Size: 8192 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 05288f37f6f89b7a3bd7daa4286493bb
[BSP] 540e6d56499f32ad5d4af7f57e240953 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 94410 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 196425728 | Size: 18000 MB
3 - [XXXXXX] OS/2-HIBER (0x84) [HIDDEN!] Offset (sectors): 233289728 | Size: 8192 MB
Avatar billede poko1 Ekspert
22. oktober 2014 - 09:03 #6
Du skal køre ADWCleaner færdig lige som i denne vejledning.
http://gratisupload.dk/vis/712017
Avatar billede 2hans Juniormester
22. oktober 2014 - 19:22 #7
ok, jeg kaster lige nye logfiler fra ADWcleaner og Roguekiller:

# AdwCleaner v4.001 - Report created 22/10/2014 at 19:01:49
# DB v2014-10-21.1
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Administrator - FREDENSBORGKOMM
# Running from : C:\Users\Administrator\Desktop\adwcleaner_4.001.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Administrator\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Systweak
Folder Deleted : C:\Windows\Util
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\Users\Administrator\Desktop\MyPC Backup.lnk
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Administrator\Desktop\Sync Folder.lnk

***** [ Scheduled Tasks ] *****

Task Deleted : advanced-System Protector_startup
Task Deleted : LaunchSignup
Task Deleted : RegClean Pro

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\BRS
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [2775 octets] - [21/10/2014 22:47:48]
AdwCleaner[R1].txt - [2835 octets] - [21/10/2014 22:50:57]
AdwCleaner[R2].txt - [2895 octets] - [21/10/2014 22:52:05]
AdwCleaner[R3].txt - [2955 octets] - [21/10/2014 22:55:32]
AdwCleaner[R4].txt - [3015 octets] - [22/10/2014 18:58:34]
AdwCleaner[S0].txt - [2773 octets] - [22/10/2014 19:01:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2833 octets] ##########




RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Administrator]
Mode : Scan -- Date : 10/22/2014  19:17:41

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 23 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BackupStack (C:\Program Files (x86)\MyPC Backup\BackupStack.exe) -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14B45B85-86C4-4170-B2E9-DC734F52DB58} | DhcpNameServer : 10.120.170.10 10.120.170.11  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{14B45B85-86C4-4170-B2E9-DC734F52DB58} | DhcpNameServer : 10.120.170.10 10.120.170.11  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{14B45B85-86C4-4170-B2E9-DC734F52DB58} | DhcpNameServer : 10.120.170.10 10.120.170.11  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{14B45B85-86C4-4170-B2E9-DC734F52DB58} | DhcpNameServer : 10.120.170.10 10.120.170.11  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1      localhost

¤¤¤ Antirootkit : 11 (Driver: Loaded) ¤¤¤
[IAT:Addr] (explorer.exe @ systemcpl.dll) NETAPI32.dll - DsRoleFreeMemory : C:\Windows\system32\DSROLE.DLL @ 0x7fefa801438
[IAT:Addr] (explorer.exe @ systemcpl.dll) NETAPI32.dll - DsRoleGetPrimaryDomainInformation : C:\Windows\system32\DSROLE.DLL @ 0x7fefa801010
[IAT:Addr] (explorer.exe @ systemcpl.dll) NETAPI32.dll - NetServerGetInfo : C:\Windows\system32\srvcli.dll @ 0x7fefceb1968
[IAT:Addr] (explorer.exe @ systemcpl.dll) slc.dll - SLOpen : C:\Windows\system32\SPPC.DLL @ 0x7fee75785c4
[IAT:Addr] (explorer.exe @ systemcpl.dll) slc.dll - SLGetLicensingStatusInformation : C:\Windows\system32\SPPC.DLL @ 0x7fee757aab4
[IAT:Addr] (explorer.exe @ systemcpl.dll) slc.dll - SLGetSLIDList : C:\Windows\system32\SPPC.DLL @ 0x7fee7579c44
[IAT:Addr] (explorer.exe @ systemcpl.dll) slc.dll - SLGetPKeyInformation : C:\Windows\system32\SPPC.DLL @ 0x7fee757a974
[IAT:Addr] (explorer.exe @ systemcpl.dll) slc.dll - SLClose : C:\Windows\system32\SPPC.DLL @ 0x7fee75786f0
[IAT:Addr] (explorer.exe @ systemcpl.dll) slc.dll - SLGetProductSkuInformation : C:\Windows\system32\SPPC.DLL @ 0x7fee757a8e0
[IAT:Addr] (explorer.exe @ systemcpl.dll) slc.dll - SLRegisterEvent : C:\Windows\system32\SPPC.DLL @ 0x7fee757b218
[IAT:Addr] (explorer.exe @ systemcpl.dll) slc.dll - SLUnregisterEvent : C:\Windows\system32\SPPC.DLL @ 0x7fee757b2d0

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG MZ7TD128HAFV-000 +++++
--- User ---
[MBR] 41fc017b3186d51407cae4d97d273bac
[BSP] d7aeb65805a33d0cea8e49af08f13e15 : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 94410 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 196425728 | Size: 18000 MB
3 - [XXXXXX] OS/2-HIBER (0x84) [HIDDEN!] Offset (sectors): 233289728 | Size: 8192 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 05288f37f6f89b7a3bd7daa4286493bb
[BSP] 540e6d56499f32ad5d4af7f57e240953 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 94410 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 196425728 | Size: 18000 MB
3 - [XXXXXX] OS/2-HIBER (0x84) [HIDDEN!] Offset (sectors): 233289728 | Size: 8192 MB


============================================
RKreport_SCN_10212014_230409.log
Avatar billede f-arn Guru
22. oktober 2014 - 19:59 #8
Fint :)

Jeg vil gerne se den kog ComboFix lavede, så vil du godt kopiere den herind. Den ligger normalt som C:\Combofix.txt

Du skal ikke køre den igen!!!!!!!!
Avatar billede 2hans Juniormester
22. oktober 2014 - 21:24 #9
ok, den kommer her :)

ComboFix 14-10-21.01 - Administrator 21-10-2014  20:52:13.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.45.1030.18.7888.5494 [GMT 2:00]
Kører fra: c:\users\Administrator\Desktop\Fix\ComboFix.exe
Kommandoer benyttet :: c:\users\Administrator\Desktop\Fix\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Dannede nyt systemgendannelsespunkt
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MyPC Backup
c:\program files (x86)\MyPC Backup\aff.conf
c:\program files (x86)\MyPC Backup\AlphaVSS.51.x86.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.52.x64.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.52.x86.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.60.x64.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.60.x86.dll
c:\program files (x86)\MyPC Backup\AlphaVSS.Common.dll
c:\program files (x86)\MyPC Backup\AWSSDK.dll
c:\program files (x86)\MyPC Backup\BackupStack.exe
c:\program files (x86)\MyPC Backup\Configuration Updater.exe
c:\program files (x86)\MyPC Backup\Crypto32.dll
c:\program files (x86)\MyPC Backup\Crypto64.dll
c:\program files (x86)\MyPC Backup\Database\mpcb_backup_conf.db
c:\program files (x86)\MyPC Backup\Database\mpcb_file_cache.db
c:\program files (x86)\MyPC Backup\Database\mpcb_queues.db
c:\program files (x86)\MyPC Backup\Database\mpcb_settings.db
c:\program files (x86)\MyPC Backup\Database\mpcb_sig_cache.db
c:\program files (x86)\MyPC Backup\de_DE.mo
c:\program files (x86)\MyPC Backup\diffstack.dll
c:\program files (x86)\MyPC Backup\es_ES.mo
c:\program files (x86)\MyPC Backup\fr_FR.mo
c:\program files (x86)\MyPC Backup\GetText.dll
c:\program files (x86)\MyPC Backup\it_IT.mo
c:\program files (x86)\MyPC Backup\LinqBridge.dll
c:\program files (x86)\MyPC Backup\log\WAIT_HANDLES.log
c:\program files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll
c:\program files (x86)\MyPC Backup\MPCBClient.dll
c:\program files (x86)\MyPC Backup\MPCBContextMenu.dll
c:\program files (x86)\MyPC Backup\MPCBIconOverlays.dll
c:\program files (x86)\MyPC Backup\MyPC Backup.exe
c:\program files (x86)\MyPC Backup\mypcbackup.ico
c:\program files (x86)\MyPC Backup\ObjectListView.dll
c:\program files (x86)\MyPC Backup\pt_PT.mo
c:\program files (x86)\MyPC Backup\RegisterExtensionDotNet20_x64.exe
c:\program files (x86)\MyPC Backup\RegisterExtensionDotNet20_x86.exe
c:\program files (x86)\MyPC Backup\RestartExplorer.exe
c:\program files (x86)\MyPC Backup\Service Start.exe
c:\program files (x86)\MyPC Backup\Shared Stack.dll
c:\program files (x86)\MyPC Backup\Signup Wizard.exe
c:\program files (x86)\MyPC Backup\syncicon.ico
c:\program files (x86)\MyPC Backup\syncing.ico
c:\program files (x86)\MyPC Backup\tick.ico
c:\program files (x86)\MyPC Backup\uninst.exe
c:\program files (x86)\MyPC Backup\UnRegisterExtensions.exe
c:\program files (x86)\MyPC Backup\Updater.exe
c:\program files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
c:\program files (x86)\MyPC Backup\x86\System.Data.SQLite.dll
c:\programdata\Roaming
c:\users\ADMINI~1\AppData\Local\Temp\7zS45DC\HPSLPSVC64.DLL
c:\users\Administrator\AppData\Local\Temp\7zS45DC\HPSLPSVC64.DLL
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
D:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2014-09-21 til 2014-10-21  )))))))))))))))))))))))))))))))))))
.
.
2014-10-21 18:18 . 2014-10-21 18:18    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-21 18:18 . 2014-10-21 18:18    --------    d-----w-    c:\programdata\Malwarebytes
2014-10-21 18:18 . 2014-10-01 09:39    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-21 18:18 . 2014-10-01 09:39    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-21 18:18 . 2014-10-01 09:39    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-10-21 18:10 . 2014-10-21 18:10    --------    d-----w-    c:\program files\CCleaner
2014-10-21 17:42 . 2014-10-21 18:27    --------    d-----w-    c:\programdata\Systweak
2014-10-21 17:42 . 2014-10-21 18:27    --------    d-----w-    c:\users\Administrator\AppData\Roaming\Systweak
2014-10-21 17:42 . 2014-08-29 15:02    20296    ----a-w-    c:\windows\system32\roboot64.exe
2014-10-21 17:15 . 2014-10-21 18:13    --------    d-----w-    c:\users\Administrator\AppData\Roaming\inkscape
2014-10-21 16:55 . 2014-10-21 16:59    --------    d-----w-    c:\program files (x86)\Inkscape
2014-10-21 01:32 . 2014-10-14 19:59    11627712    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E43E7EBF-7CE2-4497-B3A4-99C9743DE0E1}\mpengine.dll
2014-10-20 23:59 . 2014-10-14 19:59    11627712    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-20 12:32 . 2014-10-20 12:32    --------    d-----w-    c:\users\Administrator\AppData\Roaming\HPAppData
2014-10-18 20:29 . 2014-10-18 20:29    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-10-18 08:19 . 2014-10-18 08:20    --------    d-----w-    c:\users\Administrator\AppData\Roaming\Dropbox
2014-10-17 17:23 . 2014-10-17 17:23    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-10-16 18:22 . 2014-09-04 05:23    424448    ----a-w-    c:\windows\system32\rastls.dll
2014-10-07 14:49 . 2014-10-07 14:49    --------    d-----w-    c:\program files (x86)\Servage.net
2014-10-03 00:09 . 2014-09-17 00:08    1188440    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40232B63-3BD3-4661-9BC7-1E7B1B293FF7}\gapaengine.dll
2014-10-02 20:27 . 2014-09-25 02:08    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-10-02 20:27 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-10-02 18:59 . 2014-10-02 18:59    --------    d-----r-    c:\users\Administrator\Creative Cloud Files
2014-09-24 06:27 . 2014-09-09 22:11    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-24 06:27 . 2014-09-09 21:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-18 20:28 . 2014-02-07 21:32    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-17 01:00 . 2014-02-07 18:36    103265616    ----a-w-    c:\windows\system32\MRT.exe
2014-09-26 01:02 . 2014-02-07 21:26    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-26 01:02 . 2014-02-07 21:26    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-22 06:42 . 2010-11-21 03:27    278152    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-17 00:08 . 2014-02-19 22:19    1188440    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-13 01:21 . 2014-02-20 00:22    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-09-12 10:46    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-12 10:46    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-01 11:53 . 2014-09-12 10:46    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-12 10:46    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 00:35 . 2014-07-25 00:35    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47    869544    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-21 14:07    222920    ----a-w-    c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-21 14:07    222920    ----a-w-    c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-21 14:07    222920    ----a-w-    c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:09    131480    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-08-27 248208]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-02-28 133400]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-07-22 2694040]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-08-30 703888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-10-18 35487064]
Skærmklipper og startprogram til OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2012-4-1 1390368]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ      scecli c:\program files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NisSrv;Microsoft Netværksinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
.
.
--- Andre Services/Drivers i Hukommelsen ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-16 23:28    1089352    ----a-w-    c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Indhold af mappen 'Planlagte Opgaver'
.
2014-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-07 01:02]
.
2014-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 04:27]
.
2014-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-22 04:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-07-16 09:06    672416    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-07-16 09:06    672416    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-07-16 09:06    672416    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-21 14:07    261832    ----a-w-    c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-21 14:07    261832    ----a-w-    c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-21 14:07    261832    ----a-w-    c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-08-17 04:10    164760    ----a-w-    c:\users\Administrator\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-04-17 12480616]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-09 1158248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-28 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-28 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-28 439064]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
.
------- Yderligere scanning -------
.
uStart Page = www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: S&end til OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: fredensborg.dk\email
Trusted Zone: fredensborg.dk\portal
Trusted Zone: google.dk\www
Trusted Zone: live.com\login
Trusted Zone: microsoft.com\office
TCP: DhcpNameServer = 192.168.1.1
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c8,2b,
  8e,30,1a,d6,05,9b,c4,11,24,74,4b,20,dc
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,c4,
  06,9f,be,ea,0d,b0,9e,ba,17,8e,6d,fe,d9
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8b,0f,
  68,c2,80,45,09,a3,e3,94,9a,f3,9a,6e,59
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,d3,
  c5,77,f2,32,0c,a9,7c,dc,65,c3,86,cb,b3
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b4,e8,
  aa,13,58,30,06,af,2a,02,f3,02,cd,41,e5
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,3b,1b,69,51,46,
  4b,e0,1d,fd,0f,b6,9d,8f,85,36,01,09,1f
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,3b,1b,2e,df,5c,
  1d,50,d1,6c,06,aa,01,36,c8,36,72,2f,7b
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,3b,1b,ef,e3,e4,
  e1,7c,99,42,00,a8,ca,4e,32,e3,55,eb,4c
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,fd,6e,ae,72,b8,45,40,b0,36,59,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9f,fd,6e,ae,72,b8,45,40,b0,36,59,\
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itdb"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ite"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itlp"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itls"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pls"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2975562932-2066206378-1495734966-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre kørende processer ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\users\Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
c:\program files (x86)\Citrix\Receiver\Receiver.exe
c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Gennemført tid: 2014-10-21  20:58:47 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2014-10-21 18:58
.
Pre-Kørsel: 24.954.114.048 byte ledig
Post-Kørsel: 24.569.470.976 byte ledig
.
- - End Of File - - EE25B545AEF419EBEB3C7F91FECCBDDA
Avatar billede 2hans Juniormester
22. oktober 2014 - 21:26 #10
Jeg har nulstillet både IE og Chrome, ved ikke om jeg bure have gjort det
Avatar billede f-arn Guru
23. oktober 2014 - 20:25 #11
Vil du godt køre nedenstående, og fortælle hvordan PCen kører nu?

Hent Junkware Removal Tool af Thisisu, og gem den på dit Skrivebord.

Deaktiver dit sikkerhedprogram, mens du kører den :exclaim:

Start JRT

Mht.: Vista og Windows 7/8 - Højreklik på filen - Kør som Administrator.

Vær tålmodig mens den kører, da det kan ta' noget tid.

Den laver en logfil (JRT.txt) på skrivebordet, som du skal kopiere herind i næste indlæg.
Avatar billede 2hans Juniormester
04. december 2014 - 20:59 #12
Hejsa f-arn
Ups, jeg glemte at få lukket af her. Det virkede, og PC'en kører mega rimeligt nu :) Smid lige et svar, så jeg kan give dig dine points.

Mange hilsner
Hans
Avatar billede f-arn Guru
04. december 2014 - 23:35 #13
Det lyder godt, men vi skal lige ha' ryddet op efter os :-)

Tast  <Windows> + <R> samtidig og kopier dette ind: combofix /uninstall

Tryk enter

Det vil fjerne ComboFix og nulstille urets indstillinger.

Nulstille systemgendannelsen.

Skjule filtypenavne hvis det kræves.

Skjule System/skjulte filer hvis det kræves.

------

Hent DelFix af Xplode, og gem den på dit Skrivebord.

Start den og sæt flueben i følgende.

Remove disinfection tools

Create registry backup

Klik så på Run.

Den laver en log (DelFix.txt), som jeg ikke skal se :)

Det vil fjerne de fleste værktøjer vi har brugt.

Hvis der efterlades noget, må du slette det manuelt.
Avatar billede 2hans Juniormester
05. december 2014 - 13:51 #14
øøh, ok, jeg kaster mig lige over det, når jeg kommer hjem :)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Google ser ud til at være malware, lyder advarsel på alle vore mobiler! Af vbr i Virus 9 30/10/202312:12 15/12/202310:17
Jeg får en fejl på Enhedssikkerhed Af pouls i Virus 8 04/06/202321:28 05/06/202316:28
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 04:49 Google fotos billeder slettes når de slettes fra enhed Af Helweg i Cloudtjenester
I går 22:04 Adgang til vandaflæsningsdata Af nemlig i PHP
I går 17:32 Fuldt opladet iPhone svigter Af prox1 i Fri debat
I går 08:15 Ctrl + Backspace Af xl-Enthusiast i Excel
21/0419:56 App ala Winamp Af smasherdk i Apps til Android
White papers
Flere white papers »


Premium
Teaser billede
Efter exit fra Capgemini: Her er Claus Rydkjærs nye job - får topstilling i svensk milliard-koncern
Læs mere »
AI-bølgen kan sætte CIO’er i en svær situation: Risikerer at blive sat på porten og skiftet ud
Hackergruppe modtog enorm løsesum efter angreb: Nu sælges sundhedsdata på amerikanske borgere alligevel på det mørke net
Apple og Microsoft står overfor to store sejre i EU
Se alle »
Computerworld
Teaser billede
Du bør vente med at købe ny bærbar: En pc-revolution vil ramme allerede til sommer
Læs mere »
På tur i BMW's mægtigste elbil: Sådan er livet ombord i en monumental million-ellert
Guldager: Jeg har bare tre enkle ønsker til min næste bil
Taler til sanserne: Den sjoveste elbil, som du overhovedet kan få, ser ud til at blive kinesisk
Se alle »
CIO
Teaser billede
Nu kan mange flere opgradere deres gamle Windows 10-pc'er til Windows 11: Se om du kan opgradere
Læs mere »
Aldrende SAP-konsulenter er et kæmpe problem i markedet: Virksomheder tør ikke uddanne nye
Kæmpe prisstigninger på vej fra Microsoft: Dynamics 365 bliver op til 16 procent dyrere
Danske CloudNordic går konkurs efter stort ransomware-angreb
Se alle »
Job & Karriere
Teaser billede
NNIT flytter til det centrale København: Her er selskabets nye hovedkvarter
Læs mere »
Knap 40 procent af disse it-folk tjener tjener mindst 57.000 kroner om måneden
Så meget tjener dine kollegaer: Her er alle data fra Computerworlds store it-lønstatistik for 2024
Så meget tjener cheferne i den danske it-branche: Halvdelen får mere end 77.000 kroner om måneden
Se alle »
White paper
Teaser billede
Cybersikkerhed: Skær antallet af alarmer ned fra tusindvis til blot en håndfuld
Læs mere »
Nemmere overblik, styring og omkostningskontrol i dit multicloud-miljø
Det behøver ikke at gøre ondt: Sådan gør du livet lettere for kunder med multicloud
Sådan høster du forretningsfordelene ved Internet of Things
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »