Jump to content

Nidalee

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

 Content Type 

Posts posted by Nidalee

    Evil infection.

    in Resolved Malware Removal Logs

    Posted

    Installed new version of Adobe, even tho i already had that version I just had 2 versions.

     

    Made a fresh install of Malwarebytes and its fully working now.

     

    I recovered Recyle bin, it was disabled in my registry, or it was disabled i just enabled that and then it came back.

     

    I changed the response of the keyboard and its working now. I guess I did something wrong the first time I tried this.

     

    I have some questions for you.

     

    1. Should I keep 360 Total Security? Or should I go for G Data, or Trustport or something like that?

    2. How do I increase the startup speed? I have everything disabled in the msconfig startup.

    3. If I format my Computer, would this increase my FPS again, or is it hardware damaged?

    4. Was I even infected? Other than trojans and malwares?

     

    Thank you very much for your time AdvancedSetup, I really appreciate what you guys do for people.

    Evil infection.

    in Resolved Malware Removal Logs

    Posted

    Results of screen317's Security Check version 0.99.96  

     Windows 7 Service Pack 1 x64 (UAC is enabled)  

     Internet Explorer 11  

    ``````````````Antivirus/Firewall Check:`````````````` 

    360 Total Security   

     WMI entry may not exist for antivirus; attempting automatic update. 

    `````````Anti-malware/Other Utilities Check:````````` 

     Spybot - Search & Destroy 

      Java 64-bit 8 Update 31  

      Adobe Flash Player 12.0.0.77 Flash Player out of Date!  

     Adobe Reader XI  

     Mozilla Firefox (35.0) 

     Google Chrome (40.0.2214.115) 

    ````````Process Check: objlist.exe by Laurent````````  

    `````````````````System Health check````````````````` 

     Total Fragmentation on Drive C:  

    ````````````````````End of Log`````````````````````` 

     

     

    May I close the black box when it says "Results have been copied to checkup.txt, itch should open... now!" ?

     

    My computer have actually dropped frames, when playing games. Went from 200 frames to 70-100ish. Had 200fps before we started, now its 70-100ish.

    Malwarebytes cant fix the real time protection, that makes me think im still infected, unless the feature does not work. But it worked long time ago.

    Keyboard writes 2 times still. But not everytime just sometimes, its really annoying, even if i plug in a new keyboard it does it.

     

    The bootup is fixed. It can start now w/o the windows CD.

    Got really fast boot times now.

    Very clean and fast overall.

    Thank you for your help.

     

    The only things i've gotta find out, is the keyboard error, and the frames in games.

    Evil infection.

    in Resolved Malware Removal Logs

    Posted

    ComboFix 15-02-16.01 - Jonas 23-02-2015  20:17:00.1.8 - x64

    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.45.1033.18.12170.8529 [GMT 1:00]

    Kører fra: c:\users\Jonas\Desktop\ComboFix.exe

    AV: 360 Total Security *Disabled/Updated* {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}

    SP: 360 Total Security *Disabled/Updated* {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((((((((((((((((((((((   Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\program files (x86)\DuckDNSUpdater\DuckDnsUpdater.exe

    c:\programdata\000B581C_S__0

    c:\users\Jonas\AppData\Local\assembly\tmp

    c:\users\Jonas\AppData\Roaming\Windows32

    c:\users\Jonas\Desktop\ 

    c:\windows\SysWow64\networkdlllsp.dll

    .

    .

    (((((((((((((((((((((((((((((((((((((((   Drivers/Tjenester   )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    -------\Service_AdobeUpdateService

    .

    .

    (((((((((((((((((((((((((((((   Filer skabt fra 2015-01-23 til 2015-02-23  )))))))))))))))))))))))))))))))))))

    .

    .

    2015-02-23 00:43 . 2015-01-07 03:10 782848 ----a-w- c:\windows\system32\gpsvc.dll

    2015-02-23 00:43 . 2015-01-07 02:44 79872 ----a-w- c:\windows\SysWow64\gpapi.dll

    2015-02-23 00:43 . 2015-01-07 01:48 290816 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

    2015-02-23 00:43 . 2015-01-07 01:48 129024 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

    2015-02-23 00:43 . 2015-01-07 01:48 105984 ----a-w- c:\windows\system32\drivers\dfsc.sys

    2015-02-23 00:43 . 2015-01-07 04:09 13312 ----a-w- c:\windows\system32\drivers\da-DK\mup.sys.mui

    2015-02-23 00:43 . 2015-01-07 01:49 310272 ----a-w- c:\windows\system32\drivers\rdbss.sys

    2015-02-23 00:43 . 2015-01-07 01:49 159232 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

    2015-02-23 00:43 . 2015-01-07 03:15 104896 ----a-w- c:\windows\system32\drivers\mup.sys

    2015-02-23 00:43 . 2015-01-07 03:04 12800 ----a-w- c:\windows\system32\drivers\en-US\mup.sys.mui

    2015-02-23 00:30 . 2015-02-23 00:30 -------- d-----w- c:\programdata\360SD

    2015-02-23 00:25 . 2015-02-23 11:31 -------- d-----w- C:\$360Section

    2015-02-23 00:05 . 2015-02-23 11:31 -------- d-----w- c:\programdata\360Quarant

    2015-02-23 00:05 . 2015-02-23 00:37 -------- d-----w- c:\users\Jonas\AppData\Roaming\360safe

    2015-02-23 00:00 . 2015-02-23 00:05 -------- d-----w- c:\programdata\360TotalSecurity

    2015-02-23 00:00 . 2015-02-23 11:33 -------- d-----w- c:\programdata\360safe

    2015-02-23 00:00 . 2015-02-12 13:35 314448 ----a-w- c:\windows\system32\drivers\360fsflt.sys

    2015-02-23 00:00 . 2015-02-23 00:00 -------- d-----r- C:\360SANDBOX

    2015-02-23 00:00 . 2015-02-12 13:35 305736 ----a-w- c:\windows\system32\drivers\360Box64.sys

    2015-02-23 00:00 . 2015-02-12 13:35 40520 ----a-w- c:\windows\system32\drivers\360Camera64.sys

    2015-02-23 00:00 . 2015-02-12 13:35 100424 ----a-w- c:\windows\system32\drivers\360AntiHacker64.sys

    2015-02-23 00:00 . 2015-02-12 13:35 180816 ----a-w- c:\windows\system32\drivers\BAPIDRV64.SYS

    2015-02-23 00:00 . 2015-02-12 13:35 77896 ----a-w- c:\windows\system32\drivers\360AvFlt.sys

    2015-02-23 00:00 . 2015-02-23 00:00 -------- d-----w- c:\program files (x86)\360

    2015-02-21 22:07 . 2015-02-23 00:26 -------- d-----w- c:\program files (x86)\BorderlineFunc

    2015-02-21 22:07 . 2015-02-23 02:15 -------- d-----w- c:\program files (x86)\Ask the Gooru

    2015-02-21 15:28 . 2015-02-21 15:28 -------- d-----w- c:\program files (x86)\ESET

    2015-02-21 05:45 . 2015-02-23 19:30 -------- d-----w- c:\program files (x86)\DuckDNSUpdater

    2015-02-21 02:26 . 2015-02-21 02:26 73840 ----a-w- c:\program files (x86)\Mozilla Firefox\wow_helper.exe

    2015-02-21 02:03 . 2015-02-21 02:03 -------- d-----w- c:\program files (x86)\ERUNT

    2015-02-20 22:41 . 2015-02-20 22:49 -------- d-----w- c:\users\Jonas\AppData\Local\DotNet Resolver

    2015-02-20 12:49 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A49F7E7-994D-4C6E-A447-CEDE6B7DC952}\mpengine.dll

    2015-02-19 21:59 . 2015-02-19 21:59 -------- d-----w- c:\program files (x86)\GMT-MAX.ORG

    2015-02-19 21:44 . 2015-02-19 21:44 -------- d-----w- c:\program files (x86)\Origin Games

    2015-02-19 21:43 . 2015-02-19 21:46 -------- d-----w- c:\users\Jonas\AppData\Roaming\Origin

    2015-02-19 21:43 . 2015-02-19 21:44 -------- d-----w- c:\users\Jonas\AppData\Local\Origin

    2015-02-19 20:45 . 2015-02-19 20:45 -------- d-----w- c:\users\Jonas\jagexcache

    2015-02-19 20:14 . 2015-02-23 19:36 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

    2015-02-19 20:13 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

    2015-02-19 20:13 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

    2015-02-19 20:13 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

    2015-02-19 20:13 . 2015-02-19 20:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

    2015-02-19 20:00 . 2015-02-23 07:34 -------- d-----w- C:\AdwCleaner

    2015-02-19 18:20 . 2015-02-19 18:20 -------- d-----w- c:\users\Jonas\AppData\Local\Steam

    2015-02-15 15:40 . 2015-02-15 15:40 605552 ----a-w- c:\windows\system32\winload.bak

    2015-02-15 15:40 . 2015-02-15 15:40 5554112 ----a-w- c:\windows\system32\ntoskrnl.bak

    2015-02-15 15:39 . 2015-02-15 15:39 -------- d-----w- C:\Crash

    2015-02-15 15:36 . 2015-02-15 15:36 -------- d-----w- c:\users\Jonas\AppData\Local\SCE

    2015-02-14 23:35 . 2015-02-22 16:39 -------- d-----w- c:\program files (x86)\Origin

    2015-02-14 22:05 . 2015-02-14 22:05 -------- d-----w- c:\programdata\FlyVPN

    2015-02-13 22:56 . 2015-02-13 23:06 -------- d-----w- C:\shitshow

    2015-02-13 15:10 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll

    2015-02-13 15:10 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll

    2015-02-13 15:10 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll

    2015-02-13 15:10 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll

    2015-02-12 20:04 . 2015-02-21 19:57 -------- d-----w- c:\users\Jonas\AppData\Local\DarkN3ss.com

    2015-02-11 09:24 . 2015-01-15 08:06 60416 ----a-w- c:\windows\system32\msobjs.dll

    2015-02-11 09:23 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys

    2015-02-08 01:33 . 2015-02-19 20:59 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys

    2015-02-08 01:33 . 2015-02-08 01:33 -------- d-----w- c:\programdata\RogueKiller

    2015-02-08 01:28 . 2015-02-21 21:38 -------- d-----w- C:\FRST

    2015-02-04 21:56 . 2015-02-04 21:56 -------- d-----w- c:\program files\AutoHotkey

    2015-02-04 00:15 . 2015-02-04 00:16 -------- d-----w- c:\program files (x86)\Mod Organizer

    2015-02-03 22:39 . 2015-02-05 13:21 -------- d-----w- c:\users\Jonas\AppData\Local\Skyrim

    2015-02-03 22:39 . 2015-02-03 22:39 -------- d-----w- c:\users\Jonas\AppData\Local\Black_Tree_Gaming

    2015-02-03 22:38 . 2015-02-03 22:38 -------- d-----w- c:\program files\Nexus Mod Manager

    2015-02-03 22:12 . 2015-02-21 02:41 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim

    2015-02-01 18:43 . 2015-02-01 18:43 -------- d-----w- c:\program files (x86)\GPU-Z

    2015-01-30 09:57 . 2015-02-09 21:26 -------- d-----w- c:\users\Jonas\AppData\Roaming\NVIDIA

    2015-01-29 23:21 . 2015-01-29 23:21 -------- d-----w- C:\W32Dasm

    2015-01-29 16:51 . 2015-01-30 08:24 -------- d-----w- c:\program files (x86)\InnerSpace

    2015-01-28 10:47 . 2015-01-28 10:56 -------- d-----w- c:\users\Jonas\AppData\Roaming\NulledIO

    2015-01-28 09:09 . 2015-01-28 09:09 236080 ----a-w- c:\windows\RegBootClean64.exe

    2015-01-28 08:53 . 2013-09-28 02:56 285208 ----a-w- c:\windows\system32\drivers\tmcomm.sys

    2015-01-27 23:37 . 2015-01-27 23:37 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET

    2015-01-26 21:48 . 2015-01-26 21:49 -------- d-----w- c:\users\Jonas\AppData\Local\NVIDIA

    2015-01-26 21:48 . 2015-01-16 06:41 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll

    2015-01-26 21:48 . 2015-01-16 06:41 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll

    2015-01-26 21:48 . 2015-01-16 06:41 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll

    2015-01-26 21:48 . 2015-01-16 06:41 1514528 ----a-w- c:\windows\system32\nvspcap64.dll

    2015-01-26 21:48 . 2015-01-09 22:27 621200 ----a-w- c:\windows\SysWow64\nvStreaming.exe

    2015-01-26 21:48 . 2015-01-26 21:48 -------- d-----w- c:\windows\SysWow64\NV

    2015-01-26 21:48 . 2015-01-26 21:48 -------- d-----w- c:\windows\system32\NV

    2015-01-26 21:26 . 2015-01-09 23:30 6860432 ----a-w- c:\windows\system32\nvcpl.dll

    2015-01-26 21:26 . 2015-01-09 23:30 3517256 ----a-w- c:\windows\system32\nvsvc64.dll

    2015-01-26 21:26 . 2015-01-09 23:29 935056 ----a-w- c:\windows\system32\nvvsvc.exe

    2015-01-26 21:26 . 2015-01-09 23:29 2558608 ----a-w- c:\windows\system32\nvsvcr.dll

    2015-01-26 21:26 . 2015-01-09 23:29 75080 ----a-w- c:\windows\system32\nv3dappshextr.dll

    2015-01-26 21:26 . 2015-01-09 23:29 62608 ----a-w- c:\windows\system32\nvshext.dll

    2015-01-26 21:26 . 2015-01-09 23:29 385352 ----a-w- c:\windows\system32\nvmctray.dll

    2015-01-26 21:26 . 2015-01-09 23:29 1097872 ----a-w- c:\windows\system32\nv3dappshext.dll

    2015-01-26 21:26 . 2015-01-09 19:47 4173527 ----a-w- c:\windows\system32\nvcoproc.bin

    2015-01-26 20:04 . 2015-01-26 20:04 -------- d-----w- C:\NVIDIA

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2015-02-23 00:38 . 2014-08-26 06:30 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2015-02-23 00:38 . 2014-08-26 06:30 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2015-02-20 04:48 . 2014-01-03 23:23 605552 ----a-w- c:\windows\system32\winload.exe

    2015-02-12 07:26 . 2014-01-03 23:33 116773704 ----a-w- c:\windows\system32\MRT.exe

    2015-01-10 08:07 . 2013-12-10 14:32 994712 ----a-w- c:\windows\system32\nvumdshimx.dll

    2015-01-10 08:07 . 2013-12-10 14:32 877488 ----a-w- c:\windows\SysWow64\nvumdshim.dll

    2015-01-10 08:07 . 2013-12-10 14:32 177624 ----a-w- c:\windows\system32\nvinitx.dll

    2015-01-10 08:07 . 2013-12-10 14:32 164568 ----a-w- c:\windows\SysWow64\nvinit.dll

    2015-01-10 08:07 . 2013-12-10 14:32 14115944 ----a-w- c:\windows\SysWow64\nvd3dum.dll

    2015-01-10 08:07 . 2013-12-10 14:32 3298816 ----a-w- c:\windows\system32\nvapi64.dll

    2014-12-30 09:35 . 2014-12-30 09:35 177832 ----a-w- c:\windows\system32\drivers\rzudd.sys

    2014-12-30 09:28 . 2014-12-30 09:28 990720 ----a-w- c:\windows\SysWow64\rzdevicedll.dll

    2014-12-30 09:28 . 2014-12-30 09:28 78848 ----a-w- c:\windows\SysWow64\rzvirtualdev.dll

    2014-12-30 09:28 . 2014-12-30 09:28 89088 ----a-w- c:\windows\SysWow64\rzdevinfo.dll

    2014-12-30 09:28 . 2014-12-30 09:28 155136 ----a-w- c:\windows\SysWow64\rztouchdll.dll

    2014-12-30 09:28 . 2014-12-30 09:28 117248 ----a-w- c:\windows\SysWow64\rzdisplaydll.dll

    2014-12-30 09:28 . 2014-12-30 09:28 419840 ----a-w- c:\windows\SysWow64\rzaudiodll.dll

    2014-12-22 23:41 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe

    2014-12-19 03:22 . 2014-12-19 03:22 9728 ----a-w- c:\windows\SysWow64\RzStats.IPC.dll

    2014-12-19 03:06 . 2015-01-14 08:03 210432 ----a-w- c:\windows\system32\profsvc.dll

    2014-12-19 01:46 . 2015-01-14 08:02 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys

    2014-12-11 17:47 . 2015-01-14 08:03 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe

    2014-12-10 20:43 . 2015-01-20 20:19 129600 ----a-w- c:\windows\system32\drivers\rzpnk.sys

    2014-12-09 22:21 . 2015-01-20 20:18 37184 ----a-w- c:\windows\system32\drivers\rzpmgrk.sys

    2014-12-07 20:37 . 2014-12-07 20:37 6231552 ----a-r- c:\users\Jonas\AppData\Roaming\Microsoft\Installer\{6D8FB164-2A7D-43B2-A59E-E16BF568ACB0}\DesktopIcon.exe

    2014-12-06 04:17 . 2015-01-14 08:02 303616 ----a-w- c:\windows\system32\nlasvc.dll

    2014-12-06 03:50 . 2015-01-14 08:02 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll

    2014-12-06 03:50 . 2015-01-14 08:02 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

    .

    .

    (((((((((((((((((((((((((((((((((((   Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Bemærk* tomme linier & lovlige standard linier vises ikke  

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

    2014-11-26 11:19 233128 ----a-w- c:\users\Jonas\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

    2014-11-26 11:19 233128 ----a-w- c:\users\Jonas\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

    2014-11-26 11:19 233128 ----a-w- c:\users\Jonas\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

    2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

    2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

    2014-11-12 00:41 1729744 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 152544 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 152544 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 152544 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 152544 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 152544 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 152544 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 152544 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 152544 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "Sound Blaster Recon3Di Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" [2011-12-21 880640]

    "QHSafeTray"="c:\program files (x86)\360\Total Security\safemon\QHSafeTray.exe" [2015-02-12 1208944]

    .

    c:\users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Dropbox.lnk - c:\users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "TaskbarNoThumbnail"= 1 (0x1)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

    "LoadAppInit_DLLs"=1 (0x1)

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Notification Packages REG_MULTI_SZ   scecli c:\program files\ThinkPad\Bluetooth Software\BtwProximityCP.dll

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

    @=""

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

    R3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\DRIVERS\360AvFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360AvFlt.sys [x]

    R3 ALSysIO;ALSysIO;c:\users\Jonas\AppData\Local\Temp\ALSysIO64.sys;c:\users\Jonas\AppData\Local\Temp\ALSysIO64.sys [x]

    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

    R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys;c:\windows\SYSNATIVE\drivers\PktIcpt.sys [x]

    R3 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]

    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

    R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

    R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]

    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]

    R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]

    R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

    R3 tsusbhub;tsusbhub;tsusbhub [x]

    R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

    R4 ActivControl;Activcontrol;c:\program files\Activ Software\ActivDriver\ActivControlsvc.exe;c:\program files\Activ Software\ActivDriver\ActivControlsvc.exe [x]

    R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]

    R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]

    R4 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]

    R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]

    R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]

    R4 CtHdaSvc;Sound Core3D Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x]

    R4 GingerUpdateService;GingerUpdateService;c:\program files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe;c:\program files (x86)\Ginger\GingerUpdateService\GingerUpdateService.exe [x]

    R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]

    R4 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]

    R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]

    R4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

    R4 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]

    R4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

    R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]

    R4 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

    R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

    R4 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]

    R4 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]

    R4 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [x]

    R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]

    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

    R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

    R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

    R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]

    S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

    S1 360Box64;360Box mini-filter driver;c:\windows\system32\DRIVERS\360Box64.sys;c:\windows\SYSNATIVE\DRIVERS\360Box64.sys [x]

    S1 360Camera;360Safe Camera Filter Service;c:\windows\system32\Drivers\360Camera64.sys;c:\windows\SYSNATIVE\Drivers\360Camera64.sys [x]

    S1 360FsFlt;360FsFlt mini-filter driver;c:\windows\system32\DRIVERS\360FsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\360FsFlt.sys [x]

    S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV64.sys;c:\windows\SYSNATIVE\DRIVERS\BAPIDRV64.sys [x]

    S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]

    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

    S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]

    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

    S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]

    S2 ClickToRunSvc;Microsoft Office-tjenesten Klik og kør;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]

    S2 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]

    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]

    S2 QHActiveDefense;360 Total Security;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe;c:\program files (x86)\360\Total Security\safemon\QHActiveDefense.exe [x]

    S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]

    S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]

    S3 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\Drivers\360AntiHacker64.sys;c:\windows\SYSNATIVE\Drivers\360AntiHacker64.sys [x]

    S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys;c:\windows\SYSNATIVE\DRIVERS\Ak27x64.sys [x]

    S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]

    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

    S3 cthda;Sound Core3D(CtHda.sys);c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x]

    S3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys;c:\windows\SYSNATIVE\DRIVERS\dcdbas64.sys [x]

    S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

    S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

    S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]

    S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]

    S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]

    .

    .

    --- Andre Services/Drivers i Hukommelsen ---

    .

    *NewlyCreated* - MBAMSWISSARMY

    *NewlyCreated* - MBAMWEBACCESSCONTROL

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

    iissvcs REG_MULTI_SZ   w3svc was

    apphost REG_MULTI_SZ   apphostsvc

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2015-02-23 07:54 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]

    @="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"

    [HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]

    2014-12-19 14:57 1039008 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]

    @="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"

    [HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]

    2014-12-19 14:57 1039008 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]

    @="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"

    [HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]

    2014-12-19 14:57 1039008 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

    2014-11-26 11:19 260776 ----a-w- c:\users\Jonas\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

    2014-11-26 11:19 260776 ----a-w- c:\users\Jonas\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

    2014-11-26 11:19 260776 ----a-w- c:\users\Jonas\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

    2015-01-21 14:03 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

    2015-01-21 14:03 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

    2015-01-21 14:03 2334928 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 185824 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 185824 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 185824 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 185824 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 185824 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 185824 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 185824 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

    2015-02-11 01:12 185824 ----a-w- c:\users\Jonas\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"

    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

    2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-01-16 2585928]

    .

    ------- Yderligere scanning -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://www.google.com

    mStart Page = hxxp://www.google.com

    mLocal Page = c:\windows\SysWOW64\blank.htm

    mDefault_Page_URL = hxxp://www.google.com

    uSearchAssistant = www.google.com

    IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

    Trusted Zone: clonewarsadventures.com

    Trusted Zone: dell.com

    Trusted Zone: freerealms.com

    Trusted Zone: hola.org

    Trusted Zone: soe.com

    Trusted Zone: sony.com

    TCP: DhcpNameServer = 193.162.153.164 194.239.134.83

    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

    FF - ProfilePath - c:\users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\cq3l04rs.default\

    .

    .

    ------- Fil Associationer -------

    .

    inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1

    txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1

    .

    - - - - TOMME GENVEJE FJERNET - - - -

    .

    Wow6432Node-HKLM-Run-<NO NAME> - (no file)

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DuckDnsUpdater.lnk - c:\program files (x86)\DuckDNSUpdater\DuckDnsUpdater.exe

    AddRemove-PokkiDownloadHelper - c:\users\Jonas\AppData\Local\Pokki\Download Helper\PokkiDownloadHelper.exe

    .

    .

    .

    --------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

    .

    [HKEY_LOCAL_MACHINE\software\BlueStacks]

    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

       00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker6"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.16"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker6"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

    @Denied: (A) (Everyone)

    @SACL=

    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

    @Denied: (A) (Everyone)

    @SACL=

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

    @SACL=

    "Key"="ActionsPane3"

    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]

    @SACL=

    @=""

    "0"="ActionsPane Schema for Add-Ins"

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions]

    @SACL=

    .

    ------------------------ Andre kørende processer ------------------------

    .

    c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe

    c:\program files (x86)\360\Total Security\safemon\QHWatchdog.exe

    .

    **************************************************************************

    .

    Gennemført tid: 2015-02-23  20:45:38 - maskinen blev genstartet

    ComboFix-quarantined-files.txt  2015-02-23 19:45

    .

    Pre-Kørsel: 347.030.224.896 byte ledig

    Post-Kørsel: 347.526.520.832 byte ledig

    .

    - - End Of File - - 8A346F8BD26E3357B2B3DA34F67D32A1

    A36C5E4F47E84449FF07ED3517B43A31

     

     

     

     

    I am sure that I closed my Anti-Virus down, but in task manager its still showing, and I cannot end the task then it gives me error.

    AujQO7.png

    Evil infection.

    in Resolved Malware Removal Logs

    Posted

    This is my personal computer, but its a laptop, so I'm using it at my school.

    I did close my Anti-Virus, also Malwarebytes, but it wont let me.

     

    I dont think my school network would block the download link, as i can access bleepingcomputer just fine.

    I can also download Rkill with no problems at all.

     

    So I dont know what is causing this.

     

    I disabled everything Qihoo 360 and Malwarebytes and its still blocked.

     

    Thank you very much for helping mee by the way!

    Evil infection.

    in Resolved Malware Removal Logs

    Posted

    Java did open an empty log, I did this 2 times to be sure that I got a blank document.

     

    TFC seemed to clean 9.000 MB of data, so this is great!

     

    Combofix seems to be blocked for me? -> Heres an image of the site i get.

    puDoPp.png

     

    Also my Malwarebytes cant active the internet protection.

    skXG4s.png

    Evil infection.

    in Resolved Malware Removal Logs

    Posted

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 6.4.2 (02.02.2015:1)

    OS: Windows 7 Ultimate x64

    Ran by Jonas on 21-02-2015 at 15:33:15,43

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

     

     

    ~~~ Services

     

     

     

    ~~~ Registry Values

     

     

     

    ~~~ Registry Keys

     

     

     

    ~~~ Files

     

     

     

    ~~~ Folders

     

     

     

    ~~~ Event Viewer Logs were cleared

     

     

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on 21-02-2015 at 15:37:08,01

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     


    # AdwCleaner v4.111 - Logfile created 21/02/2015 at 15:38:52

    # Updated 18/02/2015 by Xplode

    # Database : 2015-02-18.3 [server]

    # Operating system : Windows 7 Ultimate Service Pack 1 (x64)

    # Username : Jonas - JONAS-PC

    # Running from : C:\Users\Jonas\Desktop\adwcleaner_4.111.exe

    # Option : Scan

     

    ***** [ Services ] *****

     

     

    ***** [ Files / Folders ] *****

     

     

    ***** [ Scheduled tasks ] *****

     

     

    ***** [ Shortcuts ] *****

     

     

    ***** [ Registry ] *****

     

     

    ***** [ Web browsers ] *****

     

    -\\ Internet Explorer v11.0.9600.17631

     

     

    -\\ Mozilla Firefox v35.0 (x86 da)

     

     

    -\\ Google Chrome v40.0.2214.115

     

     

    -\\ Chromium v

     

    *************************

     

    AdwCleaner[R0].txt - [13183 bytes] - [19/02/2015 21:01:07]

    AdwCleaner[R1].txt - [730 bytes] - [21/02/2015 15:38:52]

    AdwCleaner[s0].txt - [13850 bytes] - [19/02/2015 21:03:44]

     

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [848 bytes] ##########

     

     


    Malwarebytes Anti-Malware

    www.malwarebytes.org

     

    Scan Date: 21-02-2015

    Scan Time: 15:42:32

    Logfile: 

    Administrator: Yes

     

    Version: 2.00.4.1028

    Malware Database: v2015.02.21.04

    Rootkit Database: v2015.02.20.01

    License: Premium

    Malware Protection: Enabled

    Malicious Website Protection: Disabled

    Self-protection: Enabled

     

    OS: Windows 7 Service Pack 1

    CPU: x64

    File System: NTFS

    User: Jonas

     

    Scan Type: Threat Scan

    Result: Completed

    Objects Scanned: 454783

    Time Elapsed: 41 min, 15 sec

     

    Memory: Enabled

    Startup: Enabled

    Filesystem: Enabled

    Archives: Enabled

    Rootkits: Enabled

    Heuristics: Enabled

    PUP: Enabled

    PUM: Enabled

     

    Processes: 0

    (No malicious items detected)

     

    Modules: 0

    (No malicious items detected)

     

    Registry Keys: 0

    (No malicious items detected)

     

    Registry Values: 0

    (No malicious items detected)

     

    Registry Data: 0

    (No malicious items detected)

     

    Folders: 0

    (No malicious items detected)

     

    Files: 0

    (No malicious items detected)

     

    Physical Sectors: 0

    (No malicious items detected)

     

     

    (end)

     

    ESET found lots of detections that MBAM didnt?

    Also the cracks are in my recycle bin, but i dont have one on my desktop and my folder is empty.


     


    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$R62RDIL.rar a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RABCLH2.zip a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RBOLIDG.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RBSBKNQ.rar a variant of MSIL/CoinMiner.OV trojan deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RK4FVKD.exe a variant of MSIL/Packed.Confuser.J potentially unwanted application deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RKXUSXP.zip a variant of MSIL/Packed.Confuser.J potentially unwanted application deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RLXT52O.zip a variant of Win32/BitCoinMiner.BV potentially unsafe application deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RMN3E8S.rar a variant of Win32/TrojanDropper.Agent.PYN trojan deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RMQD74O.zip a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$ROXKMNE.zip a variant of Win32/HackTool.Crack.CX potentially unsafe application deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RQL9JNX.rar a variant of Win32/TrojanDropper.Agent.PYN trojan deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RXPVQHI.zip a variant of MSIL/Packed.Confuser.J potentially unwanted application deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RY2VCW4.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RYKIA2S.rar multiple threats deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RYXNCGU.rar a variant of Win32/TrojanDropper.Agent.PYN trojan deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$REJB04J\NulledIO.Launcher.exe a variant of MSIL/Packed.Confuser.J potentially unwanted application deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RPT4NGO\Program Files (x86)\ShopperPro\FireFox\content\overlay.js.vir JS/ShopperPro.A potentially unwanted application deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RPT4NGO\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RSEC6X6.ORG\The Sims 4 Deluxe Edition\Game\Bin\3dmgame.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined

    C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RSEC6X6.ORG\The Sims 4 Deluxe Edition\Game\Bin\rld.dll Win32/HackTool.Crack.CY potentially unsafe application deleted - quarantined

    C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined

    C:\Program Files (x86)\GMT-MAX.ORG\The Sims 4 Deluxe Edition\Game\Bin\rld.dll Win32/HackTool.Crack.CY potentially unsafe application deleted - quarantined

    C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000 Win32/Somoto.G potentially unwanted application deleted - quarantined

    C:\Users\Jonas\AppData\Roaming\Main\etPi2NqsbhAsg7zfrR1788w.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined

    C:\Users\Jonas\AppData\Roaming\NulledIO\SmartCCBot\DebugTool.exe a variant of MSIL/Packed.Confuser.N potentially unwanted application deleted - quarantined

    C:\Users\Jonas\AppData\Roaming\NulledIO\SmartCCBot\SmartBotUpdater.exe a variant of MSIL/Packed.Confuser.N potentially unwanted application deleted - quarantined

    C:\Users\Jonas\AppData\Roaming\RefBoost\App\RefBoost.exe a variant of MSIL/Packed.Confuser.J potentially unwanted application deleted - quarantined

    C:\Users\Jonas\Desktop\best ever\HWID Generator.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined

    C:\Users\Jonas\Desktop\best ever\rename_me.exe a variant of Win32/Packed.Themida potentially unwanted application deleted - quarantined

    C:\Users\Jonas\Desktop\bitmine\cudaminer-2014-02-28\x64\cudaminer.exe a variant of Win64/BitCoinMiner.AG potentially unsafe application deleted - quarantined

    C:\Users\Jonas\Desktop\bitmine\cudaminer-2014-02-28\x86\cudaminer.exe a variant of Win32/BitCoinMiner.BV potentially unsafe application deleted - quarantined

    C:\Users\Jonas\Desktop\Bullshit\Cry\AegisCrypter.exe a variant of Win32/TrojanDropper.Agent.PYN trojan cleaned by deleting - quarantined

    C:\Users\Jonas\Dropbox\spsetup124.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

    C:\Users\Jonas\Dropbox\x64\cudaminer.exe a variant of Win64/BitCoinMiner.AG potentially unsafe application deleted - quarantined

    C:\Users\Jonas\Dropbox\x86\cudaminer.exe a variant of Win32/BitCoinMiner.BV potentially unsafe application deleted - quarantined

     



    Evil infection.

    in Resolved Malware Removal Logs

    Posted

    The Rkill briefly opend as you said.

     

    The registry thing worked.

     

    Heres the MBAM scan:

     

    Malwarebytes Anti-Malware

    www.malwarebytes.org

     

    Scan Date: 21-02-2015

    Scan Time: 03:06:49

    Logfile: 

    Administrator: Yes

     

    Version: 2.00.4.1028

    Malware Database: v2015.02.20.09

    Rootkit Database: v2015.02.20.01

    License: Premium

    Malware Protection: Enabled

    Malicious Website Protection: Disabled

    Self-protection: Enabled

     

    OS: Windows 7 Service Pack 1

    CPU: x64

    File System: NTFS

    User: Jonas

     

    Scan Type: Threat Scan

    Result: Completed

    Objects Scanned: 454521

    Time Elapsed: 33 min, 28 sec

     

    Memory: Enabled

    Startup: Enabled

    Filesystem: Enabled

    Archives: Enabled

    Rootkits: Enabled

    Heuristics: Enabled

    PUP: Enabled

    PUM: Enabled

     

    Processes: 0

    (No malicious items detected)

     

    Modules: 0

    (No malicious items detected)

     

    Registry Keys: 0

    (No malicious items detected)

     

    Registry Values: 0

    (No malicious items detected)

     

    Registry Data: 0

    (No malicious items detected)

     

    Folders: 0

    (No malicious items detected)

     

    Files: 11

    Backdoor.Agent.LDRGen, C:\Users\Jonas\Desktop\builder_MultiUpload.biz.zip, Quarantined, [d9de7fa1c5c5ae88898c65bfaf53d030], 

    PUP.Optional.Bandoo, C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RSR512T.exe, Quarantined, [0fa877a9701a3ff7121a3df5e61be719], 

    Trojan.MSIL, C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$R7G1TME.rar, Quarantined, [d8df9e82a7e369cd084049025ea311ef], 

    PUP.Hacktool.Patcher, C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$R4EJFIA.rar, Quarantined, [eec9869a6129ec4a50c00006a45ce51b], 

    Trojan.Onlinegames, C:\$Recycle.Bin\S-1-5-21-2972125048-3700076288-2468679237-1000\$RV0GPG2.7z, Quarantined, [aa0d70b0e5a578be359805f2f40e8779], 

    PUP.Hacktool.Patcher, C:\Users\Jonas\Desktop\Hide\Disable PathGuard\no_ds_pg.exe, Quarantined, [ebcce33dddadf93d2fe19a6ced139d63], 

    Rootkit.Agent, C:\Users\Jonas\Desktop\Hide\HideToolz x32\HideToolz.exe, Quarantined, [4a6d27f96e1cd85e4fba88cd8481c63a], 

    Trojan.BCMiner.Bldr, C:\Users\Jonas\Desktop\yolo\Easy Silent Miner.exe, Quarantined, [4e695cc40387310567251e9905fd9c64], 

    Trojan.MSIL, C:\Users\Jonas\Desktop\yolo\Miner.exe, Quarantined, [9c1b5dc36624e94d653554642ad6718f], 

    Trojan.MSIL, C:\Users\Jonas\Desktop\yolo\Silent Miner\Mining.exe, Quarantined, [7c3b1a0679115cda0f2d3977639e9f61], 

    Backdoor.Agent.STB, C:\Users\Jonas\Desktop\yolo\Silent Miner\Silent Miner.exe, Quarantined, [199e29f76b1fd561dfbecb217b8505fb], 

     

    Physical Sectors: 0

    (No malicious items detected)

     

     

    (end)

    Evil infection.

    in Resolved Malware Removal Logs

    Posted

    Hello and Welcome!

    Well we would really like to help you further if we could but since the logs show that this computer has entries designed to steal and/or pirate software we will not be able to assist you without you removing any pirated software.

    This topic will be closed by one of the Admins or Mods due to evidence of cracked or pirated software on this system.

    Piracy Policy

    Thank you

     

    As i wrote in the topic: I dont think i have anything cracked on my computer, if I do help me get rid of it.

     

    Can you locate these folders for me? And as its hard i cant uninstall things so i have to delete the main folder?

    Evil infection.

    in Resolved Malware Removal Logs

    Posted

    Hello Malwarebytes forum,

     

    My computer is really annoying me.

    I cannot do anything on it..

    I dont think i have anything cracked on my computer, if I do help me get rid of it.

     

    Symptoms.

    1. explorer.exe crashes, when trying to relaunch thru task manager it gives me an error that i do not have enough memory. But i have 12GB ram.

    2. Bluescreen of death when virus scanning.

    3. When starting computer, I always have to run startup repair to start my computer.

    4. random freezes, no admin rights, I dont even have a recycle bin on my desktop its gone out of nowhere.

    5. Lots of problems.

    6. My keyboard writes 2 times the letters sometimes, I have plugged in another keyboard and the same problem happens. I have been changing the keyboard response, and no change at all.

     

    I cant format my PC, I cant system restore, I cant do anything :/

     

    FRST.txt

    Addition.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.