CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

torben lind Forsker

02. december 2011 - 19:00 Der er 31 kommentarer og
1 løsning

Hjælp til fjernelse af mulig virus/malware

Hej allesammen.
Min computer er blevet meget langsom,jeg tror jeg har fået noget snavs der ikke skal være der,hvis jeg kigger på hijackthis filen,er der nogle der kan hjælpe med at kigge på den.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8291

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

02-12-2011 18:52:45
mbam-log-2011-12-02 (18-52-45).txt

Skanningstype: Hurtig skanning
Objekter skannet: 174963
Tid gået: 5 minut(ter), 47 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 0

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
(Ingen skadelige objekter blev fundet)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:57:45, on 02-12-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe
C:\Users\torben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\torben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\torben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=Userinit.exe,
O1 - Hosts: 204.9.178.11 typepad.com
O1 - Hosts: 74.113.152.32 istockphoto.com
O1 - Hosts: 208.94.0.38 yfrog.com
O1 - Hosts: 123.125.50.22 126.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 213.238.60.190 xing.com
O1 - Hosts: 59.106.98.139 seesaa.net
O1 - Hosts: 184.72.253.170 hootsuite.com
O1 - Hosts: 211.151.146.16 soku.com
O1 - Hosts: 72.32.120.222 metacafe.com
O1 - Hosts: 204.11.109.133 tribalfusion.com
O1 - Hosts: 207.154.14.31 tripadvisor.com
O1 - Hosts: 216.52.240.133 ustream.tv
O1 - Hosts: 174.36.244.132 linkwithin.com
O1 - Hosts: 121.67.203.61 scan.novirusthanks.org
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 208.85.40.80 pandora.com
O1 - Hosts: 194.116.241.57 softonic.com
O1 - Hosts: 208.83.243.15 match.com
O1 - Hosts: 202.57.69.84 nwt.com
O1 - Hosts: 65.11.53.80 nttnavi.com
O1 - Hosts: 72.51.41.235 nrk.no
O1 - Hosts: 110.16.19.157 nozonedata.com
O1 - Hosts: 76.106.43.251 nachtagenten.com
O1 - Hosts: 195.82.124.124 musicmatch.com
O1 - Hosts: 70.52.56.163 moscowtimes.com
O1 - Hosts: 124.217.235.76 gsn.com
O1 - Hosts: 61.178.63.198 mgd.com
O1 - Hosts: 174.142.24.205 mediastorm.hu
O1 - Hosts: 38.113.207.59 media-servers.com
O1 - Hosts: 116.66.206.161 m5prod.com
O1 - Hosts: 74.175.65.66 lupa.com
O1 - Hosts: 207.200.66.53 liveintercom.com
O1 - Hosts: 71.96.135.20 keenspace.com
O1 - Hosts: 202.51.107.37 jetsoftware.com
O1 - Hosts: 60.251.54.208 jamba.com
O1 - Hosts: 222.161.3.133 ir.com
O1 - Hosts: 200.24.227.170 investopedia.com
O1 - Hosts: 202.149.24.216 choiceradio.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 141.76.45.18 chip.com
O1 - Hosts: 128.006.192.15 redv.net
O1 - Hosts: 194.42.17.124 cgi.com
O1 - Hosts: 199.26.254.66 centcomm.com
O1 - Hosts: 202.149.24.216 digitallook.com
O1 - Hosts: 60.251.189.134 domainfactory.com
O1 - Hosts: 222.161.3.133 dvdfocomm.nu
O1 - Hosts: 157.95.56.15 e-kolay.com
O1 - Hosts: 85.249.23.115 eurosport.com
O1 - Hosts: 189.104.149.61 f1cd.com
O1 - Hosts: 125.162.92.234 free6.com
O1 - Hosts: 80.81.159.20 cdmworldsoftware.com
O1 - Hosts: 117.102.101.219 grafika.com
O1 - Hosts: 85.249.23.115 adware-delete.com
O1 - Hosts: 69.89.22.135 hbv.com
O1 - Hosts: 92.48.201.39 protectorsuite.com
O1 - Hosts: 128.31.1.16 howstuffworks.com
O1 - Hosts: 85.249.23.117 hyena.com
O1 - Hosts: 219.139.158.59 iinfo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" /m
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8583 bytes
På forhånd tak
torben lind

Synes godt om

torben lind Forsker

02. december 2011 - 19:01 #1

Jeg glemte lige at det er win7 jeg kører med.

Synes godt om

f-arn Guru

02. december 2011 - 19:11 #2

Hej :)

Vi er forlængst kommet ind i 2007, så jeg synes du skal lukke det "spørgsmål" *G*

------

Download OTL af OldTimer og gem den på dit skrivebord.

Start OTL

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Øverst sætter du flueben i "Scan All Users"

I nederste højre hjørne af det øverste panel, sæt fluben ved "LOP Check" og "Purity Check".

Luk alle åbne vinduer og klik på "Run Scan" øverst til venstre og lad programmet køre. Scanningen kan tage 5-10 minutter.

Det vil give to logfiler på skrivebordet, OTL.txt og Extras.txt.

Så kopier følgende ind i dit indlæg (i rækkefølge):

indholdet af OTL.txt
indholdet af Extras.txt

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

Synes godt om

torben lind Forsker

02. december 2011 - 19:46 #3

Hej f-arn.
Her er de reporter jeg skulle lave,håber de siger dig noget,for mig er det sort læsning.
Hvad mener du for øvrigt med at vi er kommet ind 2007 har jeg nogle spørgsmål åbne,der skulle være lukket.
hilsen
torben lind

OTL logfile created on: 12/2/2011 7:30:44 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\torben\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Denmark | Language: DAN | Date Format: dd-MM-yyyy

1.50 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 62.66% Memory free
3.00 Gb Paging File | 2.16 Gb Available in Paging File | 72.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 78.05 Gb Free Space | 52.37% Space Free | Partition Type: NTFS

Computer Name: TORBEN-PC | User Name: torben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/02 19:29:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\torben\Downloads\OTL.exe
PRC - [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/11/10 19:24:46 | 000,413,528 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe
PRC - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/09/23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/09/07 11:32:36 | 027,473,760 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe
PRC - [2011/08/25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/25 16:25:42 | 000,660,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/28 20:34:52 | 000,032,336 | ---- | M] (Sanford, L.P.) -- C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/05 15:01:46 | 001,466,368 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2000/01/01 01:00:00 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE

========== Modules (No Company Name) ==========

MOD - [2011/11/10 22:43:26 | 000,138,072 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madExcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madBasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madDisAsm_.bpl
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

========== Win32 Services (SafeList) ==========

SRV - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/09/23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/10 09:13:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/25 16:25:42 | 000,660,768 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/01/28 20:34:52 | 000,032,336 | ---- | M] (Sanford, L.P.) [Auto | Running] -- C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe -- (DymoPnpService)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/12/02 18:46:14 | 000,012,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2011/12/02 18:41:55 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1380DC51-5FC3-4CAD-85F6-082AB8AEB0D3}\MpKsl5afff74d.sys -- (MpKsl5afff74d)
DRV - [2011/07/13 12:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\NBVol.sys -- (NBVol)
DRV - [2011/07/13 12:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\NBVolUp.sys -- (NBVolUp)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/26 18:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/14 00:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/07/13 23:13:46 | 000,242,176 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTICH3.SYS -- (VSTHWICH)
DRV - [2009/05/05 16:15:58 | 001,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008/12/01 21:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/22 06:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/11/17 09:17:00 | 000,293,120 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/11/17 09:17:00 | 000,280,192 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2000/01/01 01:00:00 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1446736127-2839589416-246201070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-1446736127-2839589416-246201070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1446736127-2839589416-246201070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1446736127-2839589416-246201070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1446736127-2839589416-246201070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKU\S-1-5-21-1446736127-2839589416-246201070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 48 47 2C 2D A0 86 CC 01 [binary data]
IE - HKU\S-1-5-21-1446736127-2839589416-246201070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://dk.msn.com/
IE - HKU\S-1-5-21-1446736127-2839589416-246201070-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\torben\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\torben\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101434&mntrId=c0fd7c6c0000000000000010c65a1688
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\torben\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\torben\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\torben\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: DYMO Label Framework (Enabled) = C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Users\torben\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/27 06:30:04 | 000,002,591 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 204.9.178.11 typepad.com
O1 - Hosts: 74.113.152.32 istockphoto.com
O1 - Hosts: 208.94.0.38 yfrog.com
O1 - Hosts: 123.125.50.22 126.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 213.238.60.190 xing.com
O1 - Hosts: 59.106.98.139 seesaa.net
O1 - Hosts: 184.72.253.170 hootsuite.com
O1 - Hosts: 211.151.146.16 soku.com
O1 - Hosts: 72.32.120.222 metacafe.com
O1 - Hosts: 204.11.109.133 tribalfusion.com
O1 - Hosts: 207.154.14.31 tripadvisor.com
O1 - Hosts: 216.52.240.133 ustream.tv
O1 - Hosts: 174.36.244.132 linkwithin.com
O1 - Hosts: 121.67.203.61 scan.novirusthanks.org
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.232.220 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 208.85.40.80 pandora.com
O1 - Hosts: 194.116.241.57 softonic.com
O1 - Hosts: 208.83.243.15 match.com
O1 - Hosts: 202.57.69.84 nwt.com
O1 - Hosts: 65.11.53.80 nttnavi.com
O1 - Hosts: 72.51.41.235 nrk.no
O1 - Hosts: 110.16.19.157 nozonedata.com
O1 - Hosts: 37 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1446736127-2839589416-246201070-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1446736127-2839589416-246201070-1001..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-1446736127-2839589416-246201070-1001..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe (IObit)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1446736127-2839589416-246201070-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1446736127-2839589416-246201070-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1446736127-2839589416-246201070-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send billede til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send siden til &Bluetooth-enhed... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Sammenkædede OneNote-noter - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DC714A5-3A41-4C8E-A501-FD6F03D456A7}: DhcpNameServer = 62.179.1.63 62.179.1.62
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (Userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/02 18:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/02 18:31:23 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/02 11:13:18 | 000,000,000 | ---D | C] -- C:\Users\torben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/12/02 11:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/01 09:28:25 | 000,000,000 | ---D | C] -- C:\Users\torben\Documents\NeroVideo
[2011/11/29 11:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2011/11/27 14:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\ProKAward
[2011/11/27 09:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2011/11/26 19:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\FK_Monitor
[2011/11/24 05:58:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/11/24 05:19:13 | 000,000,000 | ---D | C] -- C:\torbenlind
[2011/11/18 19:16:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/11/18 19:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/11/18 19:16:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/11/18 19:16:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/11/18 19:16:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/11/16 09:55:00 | 000,000,000 | ---D | C] -- C:\Users\torben\Documents\Nero
[2011/11/16 08:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnderCoverXP
[2011/11/15 07:57:31 | 000,000,000 | ---D | C] -- C:\Users\torben\AppData\Local\Broadcom
[2011/11/15 07:57:31 | 000,000,000 | ---D | C] -- C:\Users\torben\Documents\Bluetooth udvekslingsmappe
[2011/11/15 07:50:19 | 000,020,008 | ---- | C] (Broadcom Corporation.) -- C:\Windows\System32\btwcoins.dll
[2011/11/15 07:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/11/15 07:42:35 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2011/11/15 07:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/11/15 07:40:49 | 000,000,000 | ---D | C] -- C:\Intel
[2011/11/15 07:37:35 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2011/11/15 07:37:34 | 019,036,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\ALSNDMGR.CPL
[2011/11/15 07:37:34 | 010,975,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTLCPL.EXE
[2011/11/15 07:37:33 | 004,172,832 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVAC.SYS
[2011/11/15 07:37:33 | 000,604,704 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
[2011/11/15 07:37:32 | 002,510,368 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2011/11/15 07:37:32 | 000,965,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2011/11/15 07:37:32 | 000,141,856 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCfg.dll
[2011/11/15 07:37:30 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\alcupd.exe
[2011/11/15 07:37:30 | 000,223,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\alcrmv.exe
[2011/11/15 07:37:03 | 000,524,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2011/11/15 07:37:03 | 000,319,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2011/11/15 07:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/11/15 07:31:00 | 003,862,528 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\bcmihvsrv.dll
[2011/11/15 07:31:00 | 003,551,232 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\bcmihvui.dll
[2011/11/15 07:31:00 | 000,091,376 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\bcmwlcoi.dll
[2011/11/15 07:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/11/15 07:30:20 | 000,000,000 | ---D | C] -- C:\Users\torben\AppData\Roaming\InstallShield
[2011/11/15 07:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/11/15 07:27:12 | 000,013,864 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNICVer.dll
[2011/11/15 07:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2011/11/15 07:12:15 | 000,000,000 | ---D | C] -- C:\Users\torben\AppData\Local\SlimWare Utilities Inc
[2011/11/15 07:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2011/11/15 07:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\SlimDrivers
[2011/11/15 07:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/11/13 07:16:30 | 000,000,000 | ---D | C] -- C:\Users\torben\Desktop\Lolitta katalog
[2011/11/09 06:43:57 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/05 10:42:55 | 000,000,000 | ---D | C] -- C:\Users\torben\AppData\Local\VS Revo Group
[2011/11/05 10:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2011/11/05 10:42:46 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2011/11/05 10:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/07/15 17:17:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\torben\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/12/02 18:49:03 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/02 18:49:03 | 000,020,704 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/02 18:49:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1446736127-2839589416-246201070-1001UA.job
[2011/12/02 18:46:40 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2011/12/02 18:46:14 | 000,012,984 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011/12/02 18:45:59 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/02 18:45:59 | 000,472,442 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2011/12/02 18:45:59 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/02 18:45:59 | 000,080,938 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2011/12/02 18:41:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/02 18:41:29 | 1206,820,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/02 18:31:30 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/02 11:13:18 | 000,002,969 | ---- | M] () -- C:\Users\torben\Desktop\HiJackThis.lnk
[2011/12/02 06:49:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1446736127-2839589416-246201070-1001Core.job
[2011/11/29 11:56:24 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2011/11/29 11:32:29 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\Quick Care.lnk
[2011/11/29 11:32:28 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2011/11/28 21:24:53 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/26 11:14:39 | 000,012,037 | ---- | M] () -- C:\Users\torben\Documents\Lolitta - logotyp 2.pdf
[2011/11/26 11:14:24 | 000,012,035 | ---- | M] () -- C:\Users\torben\Documents\Lolitta - logotyp 1.pdf
[2011/11/26 11:14:02 | 000,012,037 | ---- | M] () -- C:\Users\torben\Documents\Lolitta - logotyp 3.pdf
[2011/11/24 16:07:16 | 000,532,992 | ---- | M] () -- C:\Users\torben\Documents\Visitkort Monika.pub
[2011/11/19 05:51:18 | 000,002,403 | ---- | M] () -- C:\Users\torben\Desktop\Google Chrome.lnk
[2011/11/15 07:37:04 | 000,319,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2011/11/15 07:32:34 | 000,997,940 | ---- | M] () -- C:\Windows\System32\oem14.inf
[2011/11/15 07:30:16 | 000,006,656 | ---- | M] () -- C:\Windows\System32\bcmwlrc.dll
[2011/11/15 07:30:14 | 003,551,232 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\bcmihvui.dll
[2011/11/15 07:30:14 | 000,091,376 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\bcmwlcoi.dll
[2011/11/15 07:30:13 | 003,862,528 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\bcmihvsrv.dll
[2011/11/15 07:12:06 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2011/11/14 12:24:51 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/14 07:26:32 | 000,000,062 | ---- | M] () -- C:\Windows\System32\4E37A837910D.ini
[2011/11/10 15:30:54 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/11/10 15:30:54 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2011/11/09 11:07:42 | 003,762,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/12/02 18:31:30 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/02 11:13:18 | 000,002,969 | ---- | C] () -- C:\Users\torben\Desktop\HiJackThis.lnk
[2011/11/29 11:56:26 | 000,025,944 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/11/29 11:56:26 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/11/29 11:56:24 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2011/11/29 11:40:18 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011/11/29 11:32:28 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2011/11/26 11:14:39 | 000,012,037 | ---- | C] () -- C:\Users\torben\Documents\Lolitta - logotyp 2.pdf
[2011/11/26 11:14:24 | 000,012,035 | ---- | C] () -- C:\Users\torben\Documents\Lolitta - logotyp 1.pdf
[2011/11/26 11:14:02 | 000,012,037 | ---- | C] () -- C:\Users\torben\Documents\Lolitta - logotyp 3.pdf
[2011/11/24 14:20:20 | 000,532,992 | ---- | C] () -- C:\Users\torben\Documents\Visitkort Monika.pub
[2011/11/24 05:32:34 | 000,075,257 | ---- | C] () -- C:\Users\torben\Documents\pudeka1.jpg
[2011/11/24 05:32:34 | 000,065,426 | ---- | C] () -- C:\Users\torben\Documents\pudelka4.jpg
[2011/11/24 05:32:03 | 000,103,210 | ---- | C] () -- C:\Users\torben\Documents\pud2.jpg
[2011/11/24 05:32:03 | 000,092,234 | ---- | C] () -- C:\Users\torben\Documents\pud3.jpg
[2011/11/24 05:29:44 | 000,185,565 | ---- | C] () -- C:\Users\torben\Documents\DSC01551.jpg
[2011/11/24 05:29:44 | 000,131,422 | ---- | C] () -- C:\Users\torben\Documents\DSC01561.jpg
[2011/11/24 05:29:44 | 000,105,472 | ---- | C] () -- C:\Users\torben\Documents\brevhoved.pub
[2011/11/24 05:29:44 | 000,092,160 | ---- | C] () -- C:\Users\torben\Documents\brevhoved1.msg
[2011/11/24 05:29:44 | 000,045,501 | ---- | C] () -- C:\Users\torben\Documents\bookmarks_09_09_11.html
[2011/11/15 07:37:34 | 000,141,016 | ---- | C] () -- C:\Windows\System32\ALSNDMGR.WAV
[2011/11/15 07:37:33 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2011/11/15 07:32:59 | 000,997,940 | ---- | C] () -- C:\Windows\System32\oem14.inf
[2011/11/15 07:31:00 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011/11/15 07:12:32 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2011/11/15 07:12:25 | 000,012,984 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011/11/15 07:12:06 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2011/10/17 12:18:53 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/10/16 11:25:25 | 000,001,456 | ---- | C] () -- C:\Users\torben\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/09/29 17:30:00 | 000,000,062 | ---- | C] () -- C:\Windows\System32\4E37A837910D.ini
[2011/09/16 07:06:31 | 000,004,096 | -H-- | C] () -- C:\Users\torben\AppData\Local\keyfile3.drm
[2011/08/16 17:29:23 | 000,000,034 | ---- | C] () -- C:\Windows\PBUpdate.ini
[2011/07/17 17:43:51 | 000,004,608 | ---- | C] () -- C:\Users\torben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/15 18:44:16 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/07/15 17:17:12 | 000,087,608 | ---- | C] () -- C:\Users\torben\AppData\Roaming\inst.exe
[2011/07/15 17:17:12 | 000,007,887 | ---- | C] () -- C:\Users\torben\AppData\Roaming\pcouffin.cat
[2011/07/15 17:17:12 | 000,001,144 | ---- | C] () -- C:\Users\torben\AppData\Roaming\pcouffin.inf
[2011/07/15 16:32:17 | 000,001,057 | ---- | C] () -- C:\Users\torben\AppData\Roaming\vso_ts_preview.xml
[2011/06/25 17:04:29 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2011/06/13 12:07:51 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/05/13 08:23:42 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/05/13 08:23:42 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/05/11 10:14:12 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/11 10:11:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/10 20:17:52 | 000,019,198 | ---- | C] () -- C:\Program Files\PERMANENTLY ACTIVATE OFFICE 2010 PROFESSIONAL PLUS.zip
[2011/05/10 20:17:45 | 014,529,354 | ---- | C] () -- C:\Program Files\PDFXVwer.zip
[2011/05/10 09:27:11 | 000,472,442 | ---- | C] () -- C:\Windows\System32\perfh006.dat
[2011/05/10 09:27:11 | 000,306,636 | ---- | C] () -- C:\Windows\System32\perfi006.dat
[2011/05/10 09:27:11 | 000,080,938 | ---- | C] () -- C:\Windows\System32\perfc006.dat
[2011/05/10 09:27:11 | 000,039,236 | ---- | C] () -- C:\Windows\System32\perfd006.dat
[2011/05/10 09:06:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/13 23:28:59 | 000,159,744 | ---- | C] () -- C:\Windows\System32\msrbcnopd.dll
[2010/02/12 17:43:34 | 000,009,847 | ---- | C] () -- C:\Windows\System32\mswbnnope.dll
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 003,762,944 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,618,108 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,107,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/12/01 19:46:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/12/01 19:08:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/10/30 13:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/03/09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2011/11/06 16:38:22 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/02 18:46:40 | 000,000,388 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

OTL Extras logfile created on: 12/2/2011 7:30:44 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\torben\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Denmark | Language: DAN | Date Format: dd-MM-yyyy

1.50 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 62.66% Memory free
3.00 Gb Paging File | 2.16 Gb Available in Paging File | 72.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 78.05 Gb Free Space | 52.37% Space Free | Partition Type: NTFS

Computer Name: TORBEN-PC | User Name: torben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Bluetooth by hp
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{67CDD5A0-C572-4D2C-A354-6492B51F4138}" = SlimDrivers
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0406-0000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2010
"{90140000-0015-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0406-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2010
"{90140000-0016-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0017-0406-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Danish) 2010
"{90140000-0017-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{7ED77DEC-F3CD-44D5-8B8A-508741757B1E}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2010
"{90140000-0018-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0406-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2010
"{90140000-0019-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2010
"{90140000-001A-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0406-0000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2010
"{90140000-001B-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2010
"{90140000-001F-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{59BCA417-5095-450B-931A-AE6194728386}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.da-dk_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041D-0000-0000000FF1CE}_Office14.OMUI.da-dk_{D00E944F-5ECB-42FF-B58E-8FDCF2219DE8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0406-0000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2010
"{90140000-002C-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{EC231F64-29AF-4FBD-85B8-EAFFFAE8B7A5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0406-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Danish) 2010
"{90140000-0044-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0406-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2010
"{90140000-006E-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{63CDEDB9-50F5-4C35-9219-72C4F31A61FE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0406-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Danish) 2010
"{90140000-00A1-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0406-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Danish) 2010
"{90140000-00BA-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0100-0406-0000-0000000FF1CE}" = Microsoft Office O MUI (Danish) 2010
"{90140000-0100-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{3C9024A8-26A9-4769-B3EE-C1489421B8E5}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0101-0406-0000-0000000FF1CE}" = Microsoft Office X MUI (Danish) 2010
"{90140000-0101-0406-0000-0000000FF1CE}_Office14.OMUI.da-dk_{1ED268C2-9EA5-462D-A303-1EB550953ACB}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{AC76BA86-7AD7-1030-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Dansk
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B7E01095-8BAA-456E-8AED-504C3CCADBA0}" = Nero 11
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE577C4B-2D30-37FD-903F-344BC3353B60}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DAN
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C82C515A-CAE3-44B3-B5CC-81C5E4A92E8F}" = Nero Prerequisite Installer 1.0
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Conexant PCI Audio" = Conexant AC-97 Audio
"DYMO Label v.8" = DYMO Label v.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.OMUI.da-dk" = Microsoft Office Language Pack 2010 - Danish/dansk
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"Smart Defrag 2_is1" = Smart Defrag 2
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trusted Software Assistant_is1" = File Type Assistant
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DAN" = Visual Studio Tools til Office System 3.0 Runtime-sprogpakke - DAN
"WinRAR archiver" = WinRAR arkivering
"XnView_is1" = XnView 1.98.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1446736127-2839589416-246201070-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/23/2011 1:37:30 AM | Computer Name = torben-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 9/23/2011 1:37:30 AM | Computer Name = torben-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 9/23/2011 1:37:30 AM | Computer Name = torben-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 9/23/2011 1:37:30 AM | Computer Name = torben-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 9/23/2011 1:37:34 AM | Computer Name = torben-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 9/23/2011 1:37:34 AM | Computer Name = torben-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 9/23/2011 1:37:34 AM | Computer Name = torben-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 9/23/2011 1:37:34 AM | Computer Name = torben-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 9/23/2011 1:45:19 AM | Computer Name = torben-PC | Source = VSS | ID = 8194
Description =

Error - 9/23/2011 11:11:23 AM | Computer Name = torben-PC | Source = SideBySide | ID = 16842824
Description = Aktiveringskontekstgenereringen mislykkedes for "c:\program files\microsoft
security client\MSESysprep.dll". Der er en fejl i manifestet eller politikfilen
"c:\program files\microsoft security client\MSESysprep.dll" i linje 10. Elementet
imaging vises som et underordnet element for element urn:schemas-microsoft-com:asm.v1^assembly,
som ikke understøttes i denne version af Windows.

[ Hewlett-Packard Events ]
Error - 10/10/2011 9:37:24 AM | Computer Name = torben-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1534 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 10/17/2011 10:34:46 AM | Computer Name = torben-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1534 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 10/24/2011 1:42:05 PM | Computer Name = torben-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1534 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 10/31/2011 10:49:28 AM | Computer Name = torben-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1534 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 11/7/2011 1:00:15 PM | Computer Name = torben-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1534 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 11/9/2011 6:04:45 AM | Computer Name = torben-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1534 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 11/14/2011 12:42:39 PM | Computer Name = torben-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1534 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 11/21/2011 10:16:58 AM | Computer Name = torben-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Forma

Synes godt om

torben lind Forsker

02. december 2011 - 19:50 #4

her er resten af den sidste report.

06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1534 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

[ System Events ]
Error - 12/2/2011 1:46:31 PM | Computer Name = torben-PC | Source = Service Control Manager | ID = 7023
Description = Tjenesten Peer Name Resolution Protocol blev afbrudt med følgende
fejl: %%-2140993535

Error - 12/2/2011 1:46:41 PM | Computer Name = torben-PC | Source = PNRPSvc | ID = 102
Description =

Error - 12/2/2011 1:46:41 PM | Computer Name = torben-PC | Source = PNRPSvc | ID = 102
Description =

Error - 12/2/2011 1:46:41 PM | Computer Name = torben-PC | Source = PNRPSvc | ID = 102
Description =

Error - 12/2/2011 1:46:41 PM | Computer Name = torben-PC | Source = Service Control Manager | ID = 7001
Description = Tjenesten Peer Networking Grouping afhænger af tjenesten Peer Name
Resolution Protocol, der ikke kunne starte pga. følgende fejl: %%-2140993535

Error - 12/2/2011 1:46:41 PM | Computer Name = torben-PC | Source = Service Control Manager | ID = 7023
Description = Tjenesten Peer Name Resolution Protocol blev afbrudt med følgende
fejl: %%-2140993535

Error - 12/2/2011 1:46:41 PM | Computer Name = torben-PC | Source = Service Control Manager | ID = 7001
Description = Tjenesten Peer Networking Grouping afhænger af tjenesten Peer Name
Resolution Protocol, der ikke kunne starte pga. følgende fejl: %%-2140993535

Error - 12/2/2011 1:46:41 PM | Computer Name = torben-PC | Source = Service Control Manager | ID = 7023
Description = Tjenesten Peer Name Resolution Protocol blev afbrudt med følgende
fejl: %%-2140993535

Error - 12/2/2011 1:46:41 PM | Computer Name = torben-PC | Source = Service Control Manager | ID = 7001
Description = Tjenesten Peer Networking Grouping afhænger af tjenesten Peer Name
Resolution Protocol, der ikke kunne starte pga. følgende fejl: %%-2140993535

Error - 12/2/2011 1:46:41 PM | Computer Name = torben-PC | Source = Service Control Manager | ID = 7023
Description = Tjenesten Peer Name Resolution Protocol blev afbrudt med følgende
fejl: %%-2140993535

< End of report >

Synes godt om

f-arn Guru

02. december 2011 - 21:07 #5

Hvad mener du for øvrigt med at vi er kommet ind 2007 har jeg nogle spørgsmål åbne,der skulle være lukket.

http://www.eksperten.dk/spm/753006
Der var en grund til at jeg satte spørgsmål i anførselstegn *G*

Jeg kikker på loggen.

Synes godt om

f-arn Guru

04. december 2011 - 13:49 #6

Beklager - jeg havde ikke tid igår.

Er det dig der har sat dette ind? (62.179.1.63 og 62.179.1.62)

Er det med vilje du bruger Babylon i Chrome?

Synes godt om

torben lind Forsker

04. december 2011 - 15:40 #7

Hej f-arn.
Nej jeg har ikke sat noget ind.
Nej jeg bruger ikke babylon med vilje.
torben lind

Synes godt om

f-arn Guru

04. december 2011 - 16:55 #8

Grunden til mit spørgsmål ang. (62.179.1.63 og 62.179.1.62), er at det tilsyneladende er Polsk.

Du skriver den er langsom. Skete det pludselig?

Den IObit Advanced SystemCare - er det en du har købt?

Synes godt om

torben lind Forsker

04. december 2011 - 17:14 #9

Hej f-arn.
Det skal nok passe det du skriver ang. polsk,da jeg opholder mig og lever i Polen,så det lyder rigtig,men det er ikke noget jeg så vidt ved,har installeret.Hvad er det,måske kan jeg bedre svare hvis du kan uddybe hvad det 2 adresser er.?
Min Advanced systemcare 4 er købt og opdateret til Advanced systemcare 5.
Ang. langsomlighed på PC'en ja så skete det i Torsdags og når jeg skriver langsom er det blandt andet når jeg f.eks skal åbne bt.dk så kan den stå og køre i 2-3 minutter oppe i øverste højre hjørne på fanebladet bt.dk,førhen tog det højst 10-15 sek.
hilsen torben lind

Synes godt om

f-arn Guru

04. december 2011 - 18:50 #10

Ang. langsomlighed på PC'en ja så skete det i Torsdags og når jeg skriver langsom er det blandt andet når jeg f.eks skal åbne bt.dk så kan den stå og køre i 2-3 minutter oppe i øverste højre hjørne på fanebladet bt.dk,førhen tog det højst 10-15 sek.

Gælder det alle Browsere?

Det polske jeg nævner - kommer nok fra opsætning ifm din internet udbyder. (det er IP adresser)

Der er ikke rigtigt tegn på Malware, men jeg vil gerne ha' du scanner for Rootkits.

------

Hent Defogger og gem programmet på dit Skrivebord:

http://www.jpshortstuff.247fixes.com/Defogger.exe

Dobbeltklik på Defogger.exe - et vindue vil åbne sig - klik på "Disable" og klik "Yes" for at fortsætte. Nu vil programmet deaktivere dit CD-emulations program og afslutte med "Finished!" - klik "OK".

Defogger vil nu genstarte din computer - klik OK.

------

Hent Rootkit Unhooker og gem den på skrivebordet.

http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE

Start den. Klik på report, klik så på scan.
Lad fluebenet stå i Drivers og Stealth. Fjern de andre.
Klik OK
( Hvis den kommer med denne advarsel "Rootkit Unhooker has detected a parasite inside itself!" ignorer den)
Når den er færdig, klik File -> Save Report
Gem den på Skrivebordet og kopier den herind.

Husk at deaktivere dine sikkerheds programmer.

Synes godt om

torben lind Forsker

04. december 2011 - 19:37 #11

Hej f-arn.
Ja det gælder for alle browsere.
Her er den report jeg skulle lave.
Jeg skal lige sige at da jeg kørteDefogger bad programmet ikke selv om at maskinen skulle genstartes,så efter 3-4 minutter genstartede jeg selv comp.
Da jeg kan se at du ved en hel masse om malware/virus har jeg lige et spørgsmål.I hijacksthise reporten hvad er alle de linier 01--hosts dem syntes jeg ikke at have sidste gang jeg lavede en report med hijacks thise??
torben lind

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8DC0D000 C:\Windows\system32\DRIVERS\atikmdag.sys 6193152 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82A10000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x82A10000 PnpManager 4268032 bytes
0x82A10000 RAW 4268032 bytes
0x82A10000 WMIxWDM 4268032 bytes
0x93402000 C:\Windows\system32\DRIVERS\bcmwl6.sys 2519040 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x82470000 Win32k 2424832 bytes
0x82470000 C:\Windows\System32\win32k.sys 2424832 bytes (Microsoft Corporation, Win32-flerbrugerdriver)
0x87A1C000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP-driver)
0x87646000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT-filsystemdriver)
0x8F020000 C:\Windows\system32\DRIVERS\smserial.sys 1097728 bytes (Motorola Inc., Motorola SM56 Modem WDM Driver)
0x8D130000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8788D000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20-driver)
0x8730F000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x96E26000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x96090000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP-protokolstak)
0x8722F000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x87437000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Driver på kerneniveau for Framework Runtime)
0xA2608000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x8D073000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x87819000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x87D42000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x96F45000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x96EF5000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x82720000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x8D452000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0-portdriver)
0x87578000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Udvidelsesdriver til diskenhedsstyring)
0x874B6000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI-driver til NT)
0x936B8000 C:\Windows\system32\drivers\camcaud.sys 294912 bytes (Conexant Systems Inc., Conexant WDM AC97 Audio Driver)
0x96027000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi-miniportdriver)
0x93673000 C:\Windows\system32\drivers\camchal.sys 282624 bytes (Conexant Systems Inc., Conexant AmcHal Driver)
0x8D503000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x872CD000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8D012000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Driver til bufferlagringsundersystem for omdirigeret drev)
0x87BA0000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Driver til tjenesten Volume Snapshot)
0x87944000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x96163000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8D40E000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82E22000 ACPI_HAL 225280 bytes
0x82E22000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x87601000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filsystem Filterstyring)
0x93748000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x877B3000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x87D9C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x87B66000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x93700000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x87400000 C:\Windows\system32\DRIVERS\pcmcia.sys 188416 bytes (Microsoft Corporation, Driver til PCMCIA-bus)
0x8F15E000 C:\Windows\system32\DRIVERS\SynTP.sys 188416 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8D4AC000 C:\Windows\system32\drivers\1394ohci.sys 184320 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x879A7000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x87775000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8750F000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI-optælling)
0x873BA000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x87C7F000 C:\Windows\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x87C09000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x87982000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x87200000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x96140000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9377C000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x96EC7000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8D0FD000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Driver til Microsoft-tunnelgrænseflade)
0x87CC0000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x87C60000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x87DD5000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS-pakkeplanlægning)
0x82700000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D5C4000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Filterdriver til LUA-filvirtualisering)
0x9619E000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8D5DF000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x96115000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x9372F000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8D4D9000 C:\Windows\system32\drivers\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x8D0D7000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8F139000 C:\Windows\system32\drivers\i8042prt.sys 98304 bytes (Microsoft Corporation, Driver til i8042-port)
0x8F1C7000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8F000000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9379E000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x937B5000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x87D1F000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8D56D000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x875D8000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Styring af tilslutningspunkter)
0x8D58F000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x877A0000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9607D000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x877E5000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x875EE000 00000183 73728 bytes
0x8F1B5000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8D11E000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9612E000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x875EE000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x879D4000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8D552000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x87635000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x937DA000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x87544000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x872B4000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Driver for platformsspecifik hardwarefejl)
0x8D4F2000 C:\Windows\system32\DRIVERS\Rtnicxp.sys 69632 bytes (Realtek Semiconductor Corporation , Realtek 10/100 NDIS 5.1 Driver )
0x873E4000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x879E5000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x8D1E7000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x87A00000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x9606D000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, I/O-driver til NDIS i brugertilstand)
0x87568000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x96FA1000 C:\Windows\system32\DRIVERS\NisDrvWFP.sys 61440 bytes (Microsoft Corporation, Microsoft Network Inspection System Driver)
0x8D49D000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8D0EF000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x87800000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x87D11000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x875CA000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x87876000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x937CC000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x874A8000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8F1A8000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x937EB000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8F151000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Klassedriver til tastatur)
0x8F12C000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Enhedsdriver til modem)
0x8F18E000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Klassedriver til mus)
0x87BEE000 C:\Windows\system32\DRIVERS\NBVol.sys 53248 bytes (Nero AG, Nero Backup Volume Filter Driver for the Disk Stack)
0x96EE8000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x87CE1000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8D067000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x8D5A2000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, Filterdriver til HID-tastatur)
0x87D36000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x87CB4000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8755D000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x8D547000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8D584000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8D5B9000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x8D5AE000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, Filterdriver til HID-mus)
0x87D06000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8F1DF000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8D447000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x87539000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Rodoptæller for virtuelt drev)
0x8D563000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x96F97000 C:\Windows\system32\DRIVERS\MpNWMon.sys 40960 bytes (Microsoft Corporation, Network monitor driver)
0x8D05D000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8D053000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8F1EA000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x96FB6000 C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys 40960 bytes (IObit.com, Registry Filter)
0x96EBD000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x93669000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Driver til virtual WiFi-bus)
0x87223000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8742E000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xA2672000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8F1F6000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x87884000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x826D0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x87B97000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x8F19F000 C:\Windows\system32\drivers\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x874FE000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x872C5000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x87555000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x87A10000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BB5000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x87507000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x87CEE000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x87CF6000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x87CFE000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x87BDF000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x87CAD000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8F018000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x875C3000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x87CA6000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x87BE7000 C:\Windows\System32\Drivers\SmartDefragDriver.sys 28672 bytes
0x87DCE000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x96FB0000 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKsla2271420.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0x8F19B000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x87BFB000 C:\Windows\system32\DRIVERS\NBVolUp.sys 8192 bytes (Nero AG, Nero Backup Volume Upper Filter Driver for the Disk Stack)
0x8F1F4000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F18C000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

Synes godt om

f-arn Guru

04. december 2011 - 20:35 #12

Jeg kan desværre ikke gøre noget ved Babylon/Chrome i dette Forum.

Forum software redigerer for meget i logs.

Ang 01--host i HijackThis, fjernes de nu.

------

Start OTL

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Kopier nedenstånde med fed skrift ind i feltet "Custom Scans/Fixes"

:OTL
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[emptytemp]
[Reboot]

Luk alle andre åbne vinduer og klik på "Run Fix"

Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd.

Ellers ligger den her: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log

PS Deaktiver dine Sikkerheds programmer, mens "Fixet" kører.

------

Deaktiver dit antivirus-program, kør en online scanning med ESET Online Scanner:
http://www.eset.com/home/products/online-scanner/

Du skal acceptere betingelserne for brug, og klik på Start.
Efter ActiveX Control er indlæst, vil det tage et par minutter for scanneren at blive klar.
Dernæst skal du sætte flueben i følgende felter: (kun dem)

Scan archives

under advanced settings
Scan for potentialy unwanted applications
Scan for potentially unsafe applications
Enable anti-stealth technology

Klik på Start. Denne scanning kan tage et stykke tid, så vær tålmodig.
En log vil åbne, når scanningen er færdig.

(hvis ikke, skal du gå til C:\Programmer\EsetOnlineScanner\ og åbne filen Log.txt).

Kopier den herind i næste svar.

Synes godt om

torben lind Forsker

05. december 2011 - 07:56 #13

Hej f-arn.
Her er første report,jeg går igang med den anden nu.
torben lind

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\TEMP:8927A071 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.
C:\Users\torben\Desktop\cmd.bat deleted successfully.
C:\Users\torben\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: torben
->Flash cache emptied: 42908 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: torben
->Temp folder emptied: 14056 bytes
->Temporary Internet Files folder emptied: 114139 bytes
->Java cache emptied: 15515 bytes
->Google Chrome cache emptied: 41477648 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75416 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12052011_074807

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Synes godt om

torben lind Forsker

05. december 2011 - 10:56 #14

Hej f-arn.
Her er den næste report.
Torben lind

C:\Program Files\Microsoft Office 2010 Professional+ 32bit (CRACKED)\MS-Office-2010.iso a variant of Win32/TrojanDropper.Agent.PGY trojan
C:\Program Files\ProKAward\kl.exe a variant of Win32/KeyLogger.AwardKeylogger.A application
C:\ProgramData\ukprfree\ulklfemon.dll Win32/KeyLogger.UltimateKeylogger.AB application
C:\Users\All Users\ukprfree\ulklfemon.dll Win32/KeyLogger.UltimateKeylogger.AB application
C:\Users\torben\AppData\Roaming\eType\et-etype-ztb.exe a variant of Win32/Toolbar.Zugo application
C:\Windows\standard\lpr123.exe Win32/PSW.Stealer.I trojan

Synes godt om

f-arn Guru

05. december 2011 - 11:31 #15

Hent og gem CKScanner på dit skrivebord.
Det skal være på dit skrivebord.
Start CKScanner og klik på "Search for files".
Når markøren forsvinder, skal du gemme resultatet til en fil.
Kopier CKFiles.txt herind i dit næste indlæg.

------

Hent og gem ComboFix på dit skrivebord. <- Vigtigt

Kør så ComboFix og følg anvisningerne.

Da ComboFix kan konflikte med dine sikkerhedsprogrammer, er det vigtigt at du deaktiverer dem.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her: C:\ComboFix.txt

Synes godt om

torben lind Forsker

05. december 2011 - 11:57 #16

Hej f-arn.
Første report,jeg går igang med næste.
Allerede nu kan der mærkes store forbedringer på comp.
torben lind

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\microsoft office 2010 professional+ 32bit (cracked)\ms-office-2010.iso
scanner sequence 3.AP.11.TLNAJW
----- EOF -----

Synes godt om

torben lind Forsker

05. december 2011 - 12:23 #17

Hej f-arn.
Næste report og jeg håber sidste.
torben lind

ComboFix 11-12-04.04 - torben 05-12-2011 12:07:44.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.45.1033.18.1535.814 [GMT 1:00]
Kører fra: c:\users\torben\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Dannede nyt systemgendannelsespunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{67cdd5a0-c572-4d2c-a354-6492b51f4138}\setup.msi
c:\users\torben\AppData\Roaming\inst.exe
c:\users\torben\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\CTF
c:\windows\system32\CTF\Links\OtherProducts.html
c:\windows\system32\oem14.inf
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2011-11-05 til 2011-12-05 )))))))))))))))))))))))))))))))))))
.
.
2011-12-05 09:58 . 2011-12-05 09:58 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FC0BB6D-BCCC-459B-9E5E-745F6650E1D2}\MpKsled8c0870.sys
2011-12-05 09:58 . 2011-12-05 09:58 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FC0BB6D-BCCC-459B-9E5E-745F6650E1D2}\offreg.dll
2011-12-05 06:48 . 2011-12-05 06:48 -------- d-----w- C:\_OTL
2011-12-05 06:04 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FC0BB6D-BCCC-459B-9E5E-745F6650E1D2}\mpengine.dll
2011-12-03 18:39 . 2011-12-05 10:57 -------- d--h--w- c:\programdata\kprologs
2011-12-02 17:31 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-02 10:13 . 2011-12-02 10:13 388096 ----a-r- c:\users\torben\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-02 10:13 . 2011-12-02 10:13 -------- d-----w- c:\program files\Trend Micro
2011-11-29 10:56 . 2011-08-19 15:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-11-29 10:56 . 2010-11-26 17:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-11-29 10:40 . 2011-10-19 21:15 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-27 13:47 . 2011-12-04 18:22 -------- d--h--w- c:\program files\ProKAward
2011-11-26 18:13 . 2011-11-28 10:34 -------- d-----w- c:\program files\FK_Monitor
2011-11-24 04:19 . 2011-11-24 04:20 -------- d-----w- C:\torbenlind
2011-11-18 18:16 . 2011-11-18 18:16 -------- d-----w- c:\windows\Sun
2011-11-18 18:16 . 2011-11-18 18:16 -------- d-----w- c:\program files\Common Files\Java
2011-11-15 06:57 . 2011-11-15 06:57 -------- d-----w- c:\users\torben\AppData\Local\Broadcom
2011-11-15 06:50 . 2000-01-01 00:00 20008 ----a-w- c:\windows\system32\btwcoins.dll
2011-11-15 06:50 . 2000-01-01 00:00 18728 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2011-11-15 06:50 . 2000-01-01 00:00 93224 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2011-11-15 06:50 . 2000-01-01 00:00 33832 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2011-11-15 06:50 . 2000-01-01 00:00 302120 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2011-11-15 06:50 . 2000-01-01 00:00 114728 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2011-11-15 06:47 . 2011-11-15 06:47 -------- d-----w- c:\program files\WIDCOMM
2011-11-15 06:42 . 2011-11-15 06:42 -------- d-----w- c:\program files\Intel
2011-11-15 06:42 . 2000-01-01 00:00 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-11-15 06:40 . 2011-11-15 06:40 -------- d-----w- C:\Intel
2011-11-15 06:36 . 2006-02-07 14:39 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-11-15 06:36 . 2006-02-07 14:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-11-15 06:36 . 2006-02-07 14:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-11-15 06:36 . 2006-02-07 14:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-11-15 06:36 . 2006-02-07 14:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-11-15 06:36 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-11-15 06:36 . 2011-11-15 06:36 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-11-15 06:36 . 2011-11-15 06:36 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-11-15 06:33 . 2011-11-15 06:33 -------- d-----w- c:\program files\Cisco
2011-11-15 06:31 . 2011-11-15 06:30 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-11-15 06:31 . 2011-11-15 06:30 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-11-15 06:31 . 2011-11-15 06:30 3551232 ----a-w- c:\windows\system32\bcmihvui.dll
2011-11-15 06:31 . 2011-11-15 06:30 2506232 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2011-11-15 06:31 . 2011-11-15 06:30 3862528 ----a-w- c:\windows\system32\bcmihvsrv.dll
2011-11-15 06:30 . 2011-11-15 06:30 -------- d-----w- c:\program files\Broadcom
2011-11-15 06:30 . 2011-11-15 06:30 -------- d-----w- c:\users\torben\AppData\Roaming\InstallShield
2011-11-15 06:27 . 2011-11-15 06:27 -------- d-----w- c:\program files\Realtek
2011-11-15 06:27 . 2000-01-01 00:00 13864 ----a-w- c:\windows\system32\RTNICVer.dll
2011-11-15 06:24 . 2011-11-15 06:24 -------- d-----w- c:\program files\Motorola
2011-11-15 06:12 . 2011-12-05 09:59 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-11-15 06:12 . 2011-11-15 06:12 -------- d-----w- c:\users\torben\AppData\Local\SlimWare Utilities Inc
2011-11-15 06:12 . 2011-11-28 10:34 -------- d-----w- c:\program files\SlimDrivers
2011-11-09 05:43 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 05:43 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 05:43 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-05-11 08:46 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-14 11:24 . 2011-09-11 14:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-22 09:18 . 2011-07-15 16:17 47360 ----a-w- c:\users\torben\AppData\Roaming\pcouffin.sys
2011-10-11 11:38 . 2011-10-11 11:39 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696ADCBA-78EB-4721-AA17-0F5FF78773B2}\gapaengine.dll
2011-10-03 04:06 . 2011-07-24 19:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-01 02:42 . 2011-10-14 04:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-25 22:20 71568 --sh--w- c:\windows\lksi.exe
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" [2011-11-10 413528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"SoundMan"="SOUNDMAN.EXE" [2000-01-01 604704]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-10-08 4441944]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2009-10-28 55808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 15:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLSService]
2009-10-28 23:56 55808 ----a-w- c:\program files\DYMO\DYMO Label Software\DLSService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-08 05:27 136176 ----atw- c:\users\torben\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 16:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 13:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 00:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"lpr"=c:\windows\standard\lpr123.exe
.
R1 ijzlabar;ijzlabar;c:\windows\system32\drivers\ijzlabar.sys [x]
R1 MpKsl0242a354;MpKsl0242a354;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FAC212F-1A58-40E2-94F5-A68F41CB8708}\MpKsl0242a354.sys [x]
R1 MpKsl027e74f3;MpKsl027e74f3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{284274A3-07E8-46B8-8101-A2A133B7911C}\MpKsl027e74f3.sys [x]
R1 MpKsl032bbd27;MpKsl032bbd27;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A145FBD-E519-4D49-998E-97E949955667}\MpKsl032bbd27.sys [x]
R1 MpKsl096a4947;MpKsl096a4947;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA013843-F26F-4117-835B-9324D43CF01B}\MpKsl096a4947.sys [x]
R1 MpKsl09739209;MpKsl09739209;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E92DEE33-B2EA-4E49-A0C6-5853A4E7D173}\MpKsl09739209.sys [x]
R1 MpKsl0ebf9086;MpKsl0ebf9086;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93773991-B86D-4A0F-94FF-D7D8E0066675}\MpKsl0ebf9086.sys [x]
R1 MpKsl17cc768e;MpKsl17cc768e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{059970C3-2495-4381-93B9-949574EF8C66}\MpKsl17cc768e.sys [x]
R1 MpKsl23ef35de;MpKsl23ef35de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{059970C3-2495-4381-93B9-949574EF8C66}\MpKsl23ef35de.sys [x]
R1 MpKsl247b21ce;MpKsl247b21ce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F8EDF34-1DE8-43F8-AF23-44D8180C4A20}\MpKsl247b21ce.sys [x]
R1 MpKsl25693da3;MpKsl25693da3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{310088FA-C830-4271-A4F0-D86D255F1663}\MpKsl25693da3.sys [x]
R1 MpKsl277a7f14;MpKsl277a7f14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B15C5041-F096-4191-93AB-041F3C59A2EC}\MpKsl277a7f14.sys [x]
R1 MpKsl35547e98;MpKsl35547e98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKsl35547e98.sys [x]
R1 MpKsl3555527b;MpKsl3555527b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2856377-36F5-411E-BD8C-856A98A48015}\MpKsl3555527b.sys [x]
R1 MpKsl43ffb88e;MpKsl43ffb88e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKsl43ffb88e.sys [x]
R1 MpKsl46885a6c;MpKsl46885a6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C0DB981-00E9-45E8-91D6-1C4665B0A1BE}\MpKsl46885a6c.sys [x]
R1 MpKsl476f5da8;MpKsl476f5da8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{128194C5-0951-4405-88A4-FE2771B38BDE}\MpKsl476f5da8.sys [x]
R1 MpKsl50d6e712;MpKsl50d6e712;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DE0563B-47D6-4AA1-955B-B7F8BFAA792B}\MpKsl50d6e712.sys [x]
R1 MpKsl5382552a;MpKsl5382552a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKsl5382552a.sys [x]
R1 MpKsl5767fa50;MpKsl5767fa50;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{261096D2-9E9F-432A-8FB2-829791C39589}\MpKsl5767fa50.sys [x]
R1 MpKsl5a621666;MpKsl5a621666;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C291AE7-0770-43EF-9119-4C5252783989}\MpKsl5a621666.sys [x]
R1 MpKsl5a6ac74a;MpKsl5a6ac74a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48410B72-59D1-4CE0-8431-4474CC32099C}\MpKsl5a6ac74a.sys [x]
R1 MpKsl5afff74d;MpKsl5afff74d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1380DC51-5FC3-4CAD-85F6-082AB8AEB0D3}\MpKsl5afff74d.sys [x]
R1 MpKsl66554534;MpKsl66554534;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90BDC0A2-6E28-49FB-A4C7-950D9A7775C9}\MpKsl66554534.sys [x]
R1 MpKsl6695878d;MpKsl6695878d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F8EDF34-1DE8-43F8-AF23-44D8180C4A20}\MpKsl6695878d.sys [x]
R1 MpKsl6e2e71b4;MpKsl6e2e71b4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D4A7D74-6916-4AB7-B712-EEED295C702D}\MpKsl6e2e71b4.sys [x]
R1 MpKsl725436b7;MpKsl725436b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF0EFD5A-7ED3-4DC7-B560-24B6A5170349}\MpKsl725436b7.sys [x]
R1 MpKsl75c24655;MpKsl75c24655;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8156FE8-1FD7-4FD9-95A0-DA6A0F25B043}\MpKsl75c24655.sys [x]
R1 MpKsl7623f743;MpKsl7623f743;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKsl7623f743.sys [x]
R1 MpKsl7e1e133b;MpKsl7e1e133b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F220CB6-531C-4D5C-9974-311F2E01F3EE}\MpKsl7e1e133b.sys [x]
R1 MpKsl8103683f;MpKsl8103683f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98766B2B-9A8F-4168-BE9A-E5FF3AD8CE2E}\MpKsl8103683f.sys [x]
R1 MpKsl917e9a44;MpKsl917e9a44;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5FA1FB9-880B-4E13-8CED-395E090AF4E4}\MpKsl917e9a44.sys [x]
R1 MpKsl95ddbb5d;MpKsl95ddbb5d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D4A7D74-6916-4AB7-B712-EEED295C702D}\MpKsl95ddbb5d.sys [x]
R1 MpKsl96ec84da;MpKsl96ec84da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9761E762-394D-4109-9691-266E11E2BEA3}\MpKsl96ec84da.sys [x]
R1 MpKslabb7754d;MpKslabb7754d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{059970C3-2495-4381-93B9-949574EF8C66}\MpKslabb7754d.sys [x]
R1 MpKslad05f27a;MpKslad05f27a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33D6DA83-A030-49F4-95C4-15C5F34A4933}\MpKslad05f27a.sys [x]
R1 MpKslae7c810e;MpKslae7c810e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EF523D2-43EA-46A8-B9E2-2BAC7D31F4FC}\MpKslae7c810e.sys [x]
R1 MpKslaf37e80e;MpKslaf37e80e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67FA28CB-EA93-44E1-A5C0-62546CB24942}\MpKslaf37e80e.sys [x]
R1 MpKslb1d7c0a7;MpKslb1d7c0a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60D73E92-E1BA-49CC-9097-11B37C686B5B}\MpKslb1d7c0a7.sys [x]
R1 MpKslb5825b09;MpKslb5825b09;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B3CC341-06F1-46F6-B116-B2AB5CA8DF7D}\MpKslb5825b09.sys [x]
R1 MpKslc1be4f72;MpKslc1be4f72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1380DC51-5FC3-4CAD-85F6-082AB8AEB0D3}\MpKslc1be4f72.sys [x]
R1 MpKslc2181725;MpKslc2181725;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98766B2B-9A8F-4168-BE9A-E5FF3AD8CE2E}\MpKslc2181725.sys [x]
R1 MpKslcd45f00a;MpKslcd45f00a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{497F9BDA-93CD-4137-AE10-E5DDE2667829}\MpKslcd45f00a.sys [x]
R1 MpKslcda6feca;MpKslcda6feca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{418BE573-D02D-455F-A85C-C8785B7602A1}\MpKslcda6feca.sys [x]
R1 MpKsld196730c;MpKsld196730c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E25AA12-2B9F-4DE8-B25B-EE912E0C34FD}\MpKsld196730c.sys [x]
R1 MpKsld8ef0d14;MpKsld8ef0d14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48410B72-59D1-4CE0-8431-4474CC32099C}\MpKsld8ef0d14.sys [x]
R1 MpKsldd4b9faa;MpKsldd4b9faa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07AAD1B8-DB9B-4E78-81FD-3DE0FDFD36F4}\MpKsldd4b9faa.sys [x]
R1 MpKsle2ee6c72;MpKsle2ee6c72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B15C5041-F096-4191-93AB-041F3C59A2EC}\MpKsle2ee6c72.sys [x]
R1 MpKslf3ed8f2d;MpKslf3ed8f2d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKslf3ed8f2d.sys [x]
R1 MpKslf5c1f1aa;MpKslf5c1f1aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA013843-F26F-4117-835B-9324D43CF01B}\MpKslf5c1f1aa.sys [x]
R1 MpKslf70dc66a;MpKslf70dc66a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93773991-B86D-4A0F-94FF-D7D8E0066675}\MpKslf70dc66a.sys [x]
R1 MpKslf8e5ac60;MpKslf8e5ac60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEBDF308-1959-4571-8E37-101C770CC00A}\MpKslf8e5ac60.sys [x]
R1 MpKslfa789059;MpKslfa789059;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AE6C4DF-2210-4D78-A501-DDA68FEEC2EF}\MpKslfa789059.sys [x]
R1 MpKslfcaeab31;MpKslfcaeab31;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EF69D8D-284A-4F94-B357-713941631D15}\MpKslfcaeab31.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SKLProService;Run software as Windows service;c:\program files\ProKAward\aklservice.exe [2011-10-28 90112]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
R3 BTWAMPFL;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys [2000-01-01 302120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 33832]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-07-16 47360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-12-05 12984]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2011-10-08 18768]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 56496]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 12464]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]
S2 DymoPnpService;DYMO PnP Service;c:\program files\DYMO\DYMO Label Software\DymoPnpService.exe [2011-08-10 32336]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-09-20 30600]
.
.
--- Andre Services/Drivers i Hukommelsen ---
.
*NewlyCreated* - MPKSLED8C0870
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1446736127-2839589416-246201070-1001Core.job
- c:\users\torben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 05:27]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1446736127-2839589416-246201070-1001UA.job
- c:\users\torben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 05:27]
.
2011-12-05 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2011-09-07 10:32]
.
.
------- Yderligere scanning -------
.
IE: Send billede til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 62.179.1.63 62.179.1.62
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2011-12-05 12:19:24
ComboFix-quarantined-files.txt 2011-12-05 11:19
.
Pre-Kørsel: 113.105.240.064 byte ledig
Post-Kørsel: 112.881.967.104 byte ledig
.
- - End Of File - - 3E39620338B2E2B4E7076E05913642D1

Synes godt om

f-arn Guru

05. december 2011 - 13:08 #18

Næste report og jeg håber sidste

Det bl'r det nu ikke, hvis du vil ha' renset PCen.
Jeg bli'r også nødt til at spørge - den Keylogger jeg kan se, har du selv installeret den?

PS. Du bør deaktivere IOBITs realtids beskyttelse.

Synes godt om

torben lind Forsker

05. december 2011 - 13:21 #19

Hej f-arn.
Ja jeg har selv installeret den og ønsker den fjernet igen men har problemer med at finde ud af hvordan jeg gør det.
Jeg ønsker selvfølgelig at få renset min pc så meget som muligt,så jeg er klar til flere test.
Jeg ser om jeg kan finde ud af at deaktiverer IOBITs realtids beskyttelse.
torben lind

Synes godt om

f-arn Guru

05. december 2011 - 13:45 #20

Ja jeg har selv installeret den og ønsker den fjernet igen

OK - der skal nok bruges ComboFix, men lad os prøve dette først.

Hent og gem MiniToolBox af Farbar.

Start den og sæt flueben i følgende.

List content of Hosts
List Installed Programs

Klik så på GO. Den laver Result.txt, som du gerne må kopiere herind.

Synes godt om

torben lind Forsker

05. december 2011 - 14:02 #21

Hej f-arn.
Denne report,hvis det er for at finde keylogger tror jeg at jeg fandt ud af at få den slettet,men her den.
torben lind

MiniToolBox by Farbar
Ran by torben (administrator) on 05-12-2011 at 13:59:57
Windows 7 Ultimate Service Pack 1 (X86)

***************************************************************************
========================= Hosts content: =================================

127.0.0.1 localhost

=========================== Installed Programs ============================

Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader X (10.1.1) - Dansk (Version: 10.1.1)
Advanced SystemCare 5 (Version: 5.0.0)
Bluetooth by hp (Version: 6.3.0.8200)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.30.21.0)
CCleaner (Version: 3.13)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Conexant AC-97 Audio
DYMO Label v.8 (Version: 8.3.1.1332)
File Type Assistant
Hewlett-Packard ACLM.NET v1.1.1.0 (Version: 1.00.0000)
High-Definition Video Playback (Version: 11.1.10400.2.65)
HiJackThis (Version: 1.0.0)
HP Support Assistant (Version: 6.0.5.4)
ImagXpress (Version: 7.0.74.0)
IObit Malware Fighter (Version: 1.0)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 29 (Version: 6.0.290)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Language Pack 2010 - Danish/dansk (Version: 14.0.6029.1000)
Microsoft Office O MUI (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Swedish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office SharePoint Designer MUI (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office X MUI (Danish) 2010 (Version: 14.0.6029.1000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Motorola SM56 Data Fax Modem (Version: 6.12.25.05)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 11 (Version: 11.0.10700)
Nero 11 Disc Menus Basic (Version: 11.0.11200.12.0)
Nero 11 Effects Basic (Version: 11.0.11200.12.0)
Nero 11 Image Samples (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0)
Nero 11 PiP Effects Basic (Version: 11.0.11300.12.0)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp 11 (Version: 6.0.16000.13.100)
Nero BackItUp 11 Help (CHM) (Version: 11.0.10200)
Nero Backup Drivers (Version: 1.0.10000.1.0)
Nero Burning ROM 11 (Version: 11.0.12200.23.100)
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300)
Nero ControlCenter 11 (Version: 11.0.12300.0.23)
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300)
Nero Core Components 11 (Version: 11.0.15000.1.12)
Nero CoverDesigner 11 (Version: 6.0.10800.11.100)
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10300)
Nero Express 11 (Version: 11.0.11700.23.100)
Nero Express 11 Help (CHM) (Version: 11.0.10300)
Nero Kwik Media (Version: 1.10.19300.93.100)
Nero Kwik Media Help (CHM) (Version: 11.0.10200)
Nero Prerequisite Installer 1.0 (Version: 11.0.10800)
Nero Recode 11 (Version: 5.0.13300.32.100)
Nero Recode 11 Help (CHM) (Version: 11.0.10300)
Nero RescueAgent 11 (Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400)
Nero SoundTrax 11 (Version: 5.0.10400.4.100)
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10400)
Nero Update (Version: 11.0.10623.22.0)
Nero Video 11 (Version: 8.0.14000.21.100)
Nero Video 11 Help (CHM) (Version: 11.0.10300)
Nero WaveEditor 11 (Version: 6.0.10800.5.100)
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10400)
nero.prerequisites.msi (Version: 11.0.20008)
neroxml (Version: 1.0.0)
PDF Settings CS5 (Version: 10.0)
Picasa 3 (Version: 3.8)
Protected Folder
Realtek AC'97 Audio (Version: 5.37)
Realtek Ethernet Controller All-In-One Windows Driver (Version: 1.12.0011)
SIW version 2010.07.14 (Version: 2010.07.14)
SlimDrivers (Version: 2.2.14752)
Smart Defrag 2 (Version: 2.2)
Synaptics Pointing Device Driver (Version: 10.0.13.2)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729)
Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DAN (Version: 9.0.21022)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1)
Visual Studio Tools til Office System 3.0 Runtime-sprogpakke - DAN
Vuze (Version: 4.7)
welcome (Version: 11.0.21500.0.4)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR arkivering
XnView 1.98.2 (Version: 1.98.2)

**** End of log ****

Synes godt om

f-arn Guru

05. december 2011 - 18:21 #22

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
File::
c:\windows\system32\drivers\ijzlabar.sys
C:\Program Files\Microsoft Office 2010 Professional+ 32bit (CRACKED)\MS-Office-2010.iso
C:\Windows\standard\lpr123.exe
Folder::
C:\Program Files\ProKAward\
C:\ProgramData\ukprfree\
C:\Users\All Users\ukprfree\
C:\Users\torben\AppData\Roaming\eType\
Dirlook::
C:\Windows\standard\
Driver::
ijzlabar

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Synes godt om

torben lind Forsker

05. december 2011 - 19:10 #23

Hej f-arn.
Så er der lidt mere arbejde til dig,for mig er det stadigvæk fuldstændig sort "tale" der kommer ud af det.
torben lind

ComboFix 11-12-04.04 - torben 05-12-2011 18:30:16.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.45.1033.18.1535.978 [GMT 1:00]
Kører fra: c:\users\torben\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\torben\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Microsoft Office 2010 Professional+ 32bit (CRACKED)\MS-Office-2010.iso"
"c:\windows\standard\lpr123.exe"
"c:\windows\system32\drivers\ijzlabar.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Microsoft Office 2010 Professional+ 32bit (CRACKED)\MS-Office-2010.iso
c:\programdata\ukprfree
c:\programdata\ukprfree\ulklfemon.dll
c:\users\All Users\ukprfree\ulklfemon.dll
c:\users\torben\AppData\Roaming\eType
c:\users\torben\AppData\Roaming\eType\AdNotFound.htm
c:\users\torben\AppData\Roaming\eType\all.zip
c:\users\torben\AppData\Roaming\eType\BigAd.htm
c:\users\torben\AppData\Roaming\eType\BigAd2.htm
c:\users\torben\AppData\Roaming\eType\BinariesVersions.xml
c:\users\torben\AppData\Roaming\eType\BinaryFiles_297.zip
c:\users\torben\AppData\Roaming\eType\ClientSettings.bin
c:\users\torben\AppData\Roaming\eType\CN.txt
c:\users\torben\AppData\Roaming\eType\DefaultPrograms.ini
c:\users\torben\AppData\Roaming\eType\dicEnUs_TsTs.Lang
c:\users\torben\AppData\Roaming\eType\dicEnUs_TsTs.Lang_7.zip
c:\users\torben\AppData\Roaming\eType\DicEnUs_TsTs.Lang_8.zip
c:\users\torben\AppData\Roaming\eType\dicInfo.txt
c:\users\torben\AppData\Roaming\eType\Dictionaries.xml
c:\users\torben\AppData\Roaming\eType\DictionaryServiceProxy.dll
c:\users\torben\AppData\Roaming\eType\dymEnUs_TsTs.lang
c:\users\torben\AppData\Roaming\eType\DymEnUs_TsTs.Lang_1.zip
c:\users\torben\AppData\Roaming\eType\EmptyFacebook.jpg
c:\users\torben\AppData\Roaming\eType\EmptyFacebookL.jpg
c:\users\torben\AppData\Roaming\eType\et-etype-ztb.exe
c:\users\torben\AppData\Roaming\eType\eType.exe
c:\users\torben\AppData\Roaming\eType\eTypeExt.dll
c:\users\torben\AppData\Roaming\eType\eTypeUninstall.exe
c:\users\torben\AppData\Roaming\eType\eTypeUpdate.exe
c:\users\torben\AppData\Roaming\eType\eTypeUpdate.exe_44.zip
c:\users\torben\AppData\Roaming\eType\ExcludeLogEvents.bin
c:\users\torben\AppData\Roaming\eType\friendsInstalled.dat
c:\users\torben\AppData\Roaming\eType\friendsNew.dat
c:\users\torben\AppData\Roaming\eType\GoldUpdater.zip
c:\users\torben\AppData\Roaming\eType\icon_all_shadow.ico
c:\users\torben\AppData\Roaming\eType\Installed.txt
c:\users\torben\AppData\Roaming\eType\Loading.htm
c:\users\torben\AppData\Roaming\eType\Loading_icon_circles_blue.gif
c:\users\torben\AppData\Roaming\eType\lzma.exe
c:\users\torben\AppData\Roaming\eType\lzma.zip
c:\users\torben\AppData\Roaming\eType\MyZip.dll
c:\users\torben\AppData\Roaming\eType\news_box_facebook.jpg
c:\users\torben\AppData\Roaming\eType\news_box_internet_connection.jpg
c:\users\torben\AppData\Roaming\eType\NotificationMessages.xml
c:\users\torben\AppData\Roaming\eType\NumOfActivations.txt
c:\users\torben\AppData\Roaming\eType\Programs.ini
c:\users\torben\AppData\Roaming\eType\PromotionApps.dat
c:\users\torben\AppData\Roaming\eType\PromotionID.txt
c:\users\torben\AppData\Roaming\eType\Resp.txt
c:\users\torben\AppData\Roaming\eType\Scoreboard.dat
c:\users\torben\AppData\Roaming\eType\Settings.xml
c:\users\torben\AppData\Roaming\eType\SmallAd.htm
c:\users\torben\AppData\Roaming\eType\StatisticsServiceProxy.dll
c:\users\torben\AppData\Roaming\eType\tasks.dat
c:\users\torben\AppData\Roaming\eType\TimeRangeCache.dat
c:\users\torben\AppData\Roaming\eType\u.bin
c:\users\torben\AppData\Roaming\eType\UpdaterVersions.xml
c:\users\torben\AppData\Roaming\eType\Url.xml
c:\users\torben\AppData\Roaming\eType\UserDictionaries.xml
c:\users\torben\AppData\Roaming\eType\wDat.bin
c:\users\torben\AppData\Roaming\eType\WelCome.bin
c:\users\torben\AppData\Roaming\eType\WordNotFound.htm
c:\windows\standard\lpr123.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ijzlabar
-------\Service_SKLProService
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2011-11-05 til 2011-12-05 )))))))))))))))))))))))))))))))))))
.
.
2011-12-05 17:47 . 2011-12-05 17:51 -------- d-----w- c:\users\torben\AppData\Local\temp
2011-12-05 17:47 . 2011-12-05 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-05 12:45 . 2011-12-05 12:45 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DD28876-403D-4F66-92ED-C3476A3972B6}\MpKslde7b574c.sys
2011-12-05 12:45 . 2011-12-05 17:49 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DD28876-403D-4F66-92ED-C3476A3972B6}\offreg.dll
2011-12-05 12:22 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DD28876-403D-4F66-92ED-C3476A3972B6}\mpengine.dll
2011-12-05 06:48 . 2011-12-05 06:48 -------- d-----w- C:\_OTL
2011-12-03 18:39 . 2011-12-05 12:47 -------- d--h--w- c:\programdata\kprologs
2011-12-02 17:31 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-02 10:13 . 2011-12-02 10:13 388096 ----a-r- c:\users\torben\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-02 10:13 . 2011-12-02 10:13 -------- d-----w- c:\program files\Trend Micro
2011-11-29 10:56 . 2011-08-19 15:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-11-29 10:56 . 2010-11-26 17:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-11-29 10:40 . 2011-10-19 21:15 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-26 18:13 . 2011-11-28 10:34 -------- d-----w- c:\program files\FK_Monitor
2011-11-24 04:19 . 2011-11-24 04:20 -------- d-----w- C:\torbenlind
2011-11-18 18:16 . 2011-11-18 18:16 -------- d-----w- c:\windows\Sun
2011-11-18 18:16 . 2011-11-18 18:16 -------- d-----w- c:\program files\Common Files\Java
2011-11-15 06:57 . 2011-11-15 06:57 -------- d-----w- c:\users\torben\AppData\Local\Broadcom
2011-11-15 06:50 . 2000-01-01 00:00 20008 ----a-w- c:\windows\system32\btwcoins.dll
2011-11-15 06:50 . 2000-01-01 00:00 18728 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2011-11-15 06:50 . 2000-01-01 00:00 93224 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2011-11-15 06:50 . 2000-01-01 00:00 33832 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2011-11-15 06:50 . 2000-01-01 00:00 302120 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2011-11-15 06:50 . 2000-01-01 00:00 114728 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2011-11-15 06:47 . 2011-11-15 06:47 -------- d-----w- c:\program files\WIDCOMM
2011-11-15 06:42 . 2011-11-15 06:42 -------- d-----w- c:\program files\Intel
2011-11-15 06:42 . 2000-01-01 00:00 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-11-15 06:40 . 2011-11-15 06:40 -------- d-----w- C:\Intel
2011-11-15 06:36 . 2006-02-07 14:39 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-11-15 06:36 . 2006-02-07 14:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-11-15 06:36 . 2006-02-07 14:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-11-15 06:36 . 2006-02-07 14:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-11-15 06:36 . 2006-02-07 14:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-11-15 06:36 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-11-15 06:36 . 2011-11-15 06:36 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-11-15 06:36 . 2011-11-15 06:36 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-11-15 06:33 . 2011-11-15 06:33 -------- d-----w- c:\program files\Cisco
2011-11-15 06:31 . 2011-11-15 06:30 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-11-15 06:31 . 2011-11-15 06:30 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-11-15 06:31 . 2011-11-15 06:30 3551232 ----a-w- c:\windows\system32\bcmihvui.dll
2011-11-15 06:31 . 2011-11-15 06:30 2506232 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2011-11-15 06:31 . 2011-11-15 06:30 3862528 ----a-w- c:\windows\system32\bcmihvsrv.dll
2011-11-15 06:30 . 2011-11-15 06:30 -------- d-----w- c:\program files\Broadcom
2011-11-15 06:30 . 2011-11-15 06:30 -------- d-----w- c:\users\torben\AppData\Roaming\InstallShield
2011-11-15 06:27 . 2011-11-15 06:27 -------- d-----w- c:\program files\Realtek
2011-11-15 06:27 . 2000-01-01 00:00 13864 ----a-w- c:\windows\system32\RTNICVer.dll
2011-11-15 06:24 . 2011-11-15 06:24 -------- d-----w- c:\program files\Motorola
2011-11-15 06:12 . 2011-12-05 17:50 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-11-15 06:12 . 2011-11-15 06:12 -------- d-----w- c:\users\torben\AppData\Local\SlimWare Utilities Inc
2011-11-15 06:12 . 2011-11-28 10:34 -------- d-----w- c:\program files\SlimDrivers
2011-11-09 05:43 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 05:43 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 05:43 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-05-11 08:46 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-14 11:24 . 2011-09-11 14:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-22 09:18 . 2011-07-15 16:17 47360 ----a-w- c:\users\torben\AppData\Roaming\pcouffin.sys
2011-10-11 11:38 . 2011-10-11 11:39 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696ADCBA-78EB-4721-AA17-0F5FF78773B2}\gapaengine.dll
2011-10-03 04:06 . 2011-07-24 19:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-01 02:42 . 2011-10-14 04:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-25 22:20 71568 --sh--w- c:\windows\lksi.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\standard ----
.
2011-06-12 04:50 . 2011-06-12 04:51 83 ----a-w- c:\windows\standard\spd123.ini
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" [2011-11-10 413528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"SoundMan"="SOUNDMAN.EXE" [2000-01-01 604704]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-10-08 4441944]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2009-10-28 55808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 15:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLSService]
2009-10-28 23:56 55808 ----a-w- c:\program files\DYMO\DYMO Label Software\DLSService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-08 05:27 136176 ----atw- c:\users\torben\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 16:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 13:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 00:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"lpr"=c:\windows\standard\lpr123.exe
.
R1 MpKsl0242a354;MpKsl0242a354;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FAC212F-1A58-40E2-94F5-A68F41CB8708}\MpKsl0242a354.sys [x]
R1 MpKsl027e74f3;MpKsl027e74f3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{284274A3-07E8-46B8-8101-A2A133B7911C}\MpKsl027e74f3.sys [x]
R1 MpKsl032bbd27;MpKsl032bbd27;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A145FBD-E519-4D49-998E-97E949955667}\MpKsl032bbd27.sys [x]
R1 MpKsl096a4947;MpKsl096a4947;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA013843-F26F-4117-835B-9324D43CF01B}\MpKsl096a4947.sys [x]
R1 MpKsl09739209;MpKsl09739209;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E92DEE33-B2EA-4E49-A0C6-5853A4E7D173}\MpKsl09739209.sys [x]
R1 MpKsl0ebf9086;MpKsl0ebf9086;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93773991-B86D-4A0F-94FF-D7D8E0066675}\MpKsl0ebf9086.sys [x]
R1 MpKsl17cc768e;MpKsl17cc768e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{059970C3-2495-4381-93B9-949574EF8C66}\MpKsl17cc768e.sys [x]
R1 MpKsl23ef35de;MpKsl23ef35de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{059970C3-2495-4381-93B9-949574EF8C66}\MpKsl23ef35de.sys [x]
R1 MpKsl247b21ce;MpKsl247b21ce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F8EDF34-1DE8-43F8-AF23-44D8180C4A20}\MpKsl247b21ce.sys [x]
R1 MpKsl25693da3;MpKsl25693da3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{310088FA-C830-4271-A4F0-D86D255F1663}\MpKsl25693da3.sys [x]
R1 MpKsl277a7f14;MpKsl277a7f14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B15C5041-F096-4191-93AB-041F3C59A2EC}\MpKsl277a7f14.sys [x]
R1 MpKsl35547e98;MpKsl35547e98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKsl35547e98.sys [x]
R1 MpKsl3555527b;MpKsl3555527b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2856377-36F5-411E-BD8C-856A98A48015}\MpKsl3555527b.sys [x]
R1 MpKsl43ffb88e;MpKsl43ffb88e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKsl43ffb88e.sys [x]
R1 MpKsl46885a6c;MpKsl46885a6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C0DB981-00E9-45E8-91D6-1C4665B0A1BE}\MpKsl46885a6c.sys [x]
R1 MpKsl476f5da8;MpKsl476f5da8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{128194C5-0951-4405-88A4-FE2771B38BDE}\MpKsl476f5da8.sys [x]
R1 MpKsl50d6e712;MpKsl50d6e712;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DE0563B-47D6-4AA1-955B-B7F8BFAA792B}\MpKsl50d6e712.sys [x]
R1 MpKsl5382552a;MpKsl5382552a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKsl5382552a.sys [x]
R1 MpKsl5767fa50;MpKsl5767fa50;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{261096D2-9E9F-432A-8FB2-829791C39589}\MpKsl5767fa50.sys [x]
R1 MpKsl5a621666;MpKsl5a621666;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C291AE7-0770-43EF-9119-4C5252783989}\MpKsl5a621666.sys [x]
R1 MpKsl5a6ac74a;MpKsl5a6ac74a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48410B72-59D1-4CE0-8431-4474CC32099C}\MpKsl5a6ac74a.sys [x]
R1 MpKsl5afff74d;MpKsl5afff74d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1380DC51-5FC3-4CAD-85F6-082AB8AEB0D3}\MpKsl5afff74d.sys [x]
R1 MpKsl66554534;MpKsl66554534;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90BDC0A2-6E28-49FB-A4C7-950D9A7775C9}\MpKsl66554534.sys [x]
R1 MpKsl6695878d;MpKsl6695878d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F8EDF34-1DE8-43F8-AF23-44D8180C4A20}\MpKsl6695878d.sys [x]
R1 MpKsl6e2e71b4;MpKsl6e2e71b4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D4A7D74-6916-4AB7-B712-EEED295C702D}\MpKsl6e2e71b4.sys [x]
R1 MpKsl725436b7;MpKsl725436b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF0EFD5A-7ED3-4DC7-B560-24B6A5170349}\MpKsl725436b7.sys [x]
R1 MpKsl75c24655;MpKsl75c24655;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8156FE8-1FD7-4FD9-95A0-DA6A0F25B043}\MpKsl75c24655.sys [x]
R1 MpKsl7623f743;MpKsl7623f743;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKsl7623f743.sys [x]
R1 MpKsl7e1e133b;MpKsl7e1e133b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F220CB6-531C-4D5C-9974-311F2E01F3EE}\MpKsl7e1e133b.sys [x]
R1 MpKsl8103683f;MpKsl8103683f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98766B2B-9A8F-4168-BE9A-E5FF3AD8CE2E}\MpKsl8103683f.sys [x]
R1 MpKsl917e9a44;MpKsl917e9a44;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5FA1FB9-880B-4E13-8CED-395E090AF4E4}\MpKsl917e9a44.sys [x]
R1 MpKsl95ddbb5d;MpKsl95ddbb5d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D4A7D74-6916-4AB7-B712-EEED295C702D}\MpKsl95ddbb5d.sys [x]
R1 MpKsl96ec84da;MpKsl96ec84da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9761E762-394D-4109-9691-266E11E2BEA3}\MpKsl96ec84da.sys [x]
R1 MpKslabb7754d;MpKslabb7754d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{059970C3-2495-4381-93B9-949574EF8C66}\MpKslabb7754d.sys [x]
R1 MpKslad05f27a;MpKslad05f27a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33D6DA83-A030-49F4-95C4-15C5F34A4933}\MpKslad05f27a.sys [x]
R1 MpKslae7c810e;MpKslae7c810e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EF523D2-43EA-46A8-B9E2-2BAC7D31F4FC}\MpKslae7c810e.sys [x]
R1 MpKslaf37e80e;MpKslaf37e80e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67FA28CB-EA93-44E1-A5C0-62546CB24942}\MpKslaf37e80e.sys [x]
R1 MpKslb1d7c0a7;MpKslb1d7c0a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60D73E92-E1BA-49CC-9097-11B37C686B5B}\MpKslb1d7c0a7.sys [x]
R1 MpKslb5825b09;MpKslb5825b09;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B3CC341-06F1-46F6-B116-B2AB5CA8DF7D}\MpKslb5825b09.sys [x]
R1 MpKslc1be4f72;MpKslc1be4f72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1380DC51-5FC3-4CAD-85F6-082AB8AEB0D3}\MpKslc1be4f72.sys [x]
R1 MpKslc2181725;MpKslc2181725;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98766B2B-9A8F-4168-BE9A-E5FF3AD8CE2E}\MpKslc2181725.sys [x]
R1 MpKslcd45f00a;MpKslcd45f00a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{497F9BDA-93CD-4137-AE10-E5DDE2667829}\MpKslcd45f00a.sys [x]
R1 MpKslcda6feca;MpKslcda6feca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{418BE573-D02D-455F-A85C-C8785B7602A1}\MpKslcda6feca.sys [x]
R1 MpKsld196730c;MpKsld196730c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E25AA12-2B9F-4DE8-B25B-EE912E0C34FD}\MpKsld196730c.sys [x]
R1 MpKsld8ef0d14;MpKsld8ef0d14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48410B72-59D1-4CE0-8431-4474CC32099C}\MpKsld8ef0d14.sys [x]
R1 MpKsldd4b9faa;MpKsldd4b9faa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07AAD1B8-DB9B-4E78-81FD-3DE0FDFD36F4}\MpKsldd4b9faa.sys [x]
R1 MpKsle2ee6c72;MpKsle2ee6c72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B15C5041-F096-4191-93AB-041F3C59A2EC}\MpKsle2ee6c72.sys [x]
R1 MpKslf3ed8f2d;MpKslf3ed8f2d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKslf3ed8f2d.sys [x]
R1 MpKslf5c1f1aa;MpKslf5c1f1aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA013843-F26F-4117-835B-9324D43CF01B}\MpKslf5c1f1aa.sys [x]
R1 MpKslf70dc66a;MpKslf70dc66a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93773991-B86D-4A0F-94FF-D7D8E0066675}\MpKslf70dc66a.sys [x]
R1 MpKslf8e5ac60;MpKslf8e5ac60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEBDF308-1959-4571-8E37-101C770CC00A}\MpKslf8e5ac60.sys [x]
R1 MpKslfa789059;MpKslfa789059;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AE6C4DF-2210-4D78-A501-DDA68FEEC2EF}\MpKslfa789059.sys [x]
R1 MpKslfcaeab31;MpKslfcaeab31;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EF69D8D-284A-4F94-B357-713941631D15}\MpKslfcaeab31.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
R3 BTWAMPFL;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys [2000-01-01 302120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 33832]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-07-16 47360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-09-20 30600]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-12-05 12984]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2011-10-08 18768]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 56496]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 12464]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S1 MpKslde7b574c;MpKslde7b574c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DD28876-403D-4F66-92ED-C3476A3972B6}\MpKslde7b574c.sys [2011-12-05 29904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]
S2 DymoPnpService;DYMO PnP Service;c:\program files\DYMO\DYMO Label Software\DymoPnpService.exe [2011-08-10 32336]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832]
.
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1446736127-2839589416-246201070-1001Core.job
- c:\users\torben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 05:27]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1446736127-2839589416-246201070-1001UA.job
- c:\users\torben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 05:27]
.
2011-12-05 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2011-09-07 10:32]
.
.
------- Yderligere scanning -------
.
IE: Send billede til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 62.179.1.63 62.179.1.62
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs startet under kørende Processer ---------------------
.
- - - - - - - > 'Explorer.exe'(2376)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Gennemført tid: 2011-12-05 19:01:41 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2011-12-05 18:01
ComboFix2.txt 2011-12-05 11:19
.
Pre-Kørsel: 112.531.111.936 byte ledig
Post-Kørsel: 112.117.862.400 byte ledig
.
- - End Of File - - 4B4E86E714D6FAC4D3921F448083E66A

Synes godt om

f-arn Guru

06. december 2011 - 07:59 #24

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
Folder::
c:\windows\standard\
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"lpr"=-

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Hvordan kører PCen nu?

Synes godt om

torben lind Forsker

06. december 2011 - 09:35 #25

Hej f-arn.
Her er report.
Maskinen kører som en drøm,det er lang tid siden den har kørt så godt.
torben lind

ComboFix 11-12-04.04 - torben 06-12-2011 9:04.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.45.1033.18.1535.886 [GMT 1:00]
Kører fra: c:\users\torben\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\torben\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\standard
c:\windows\standard\spd123.ini
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2011-11-06 til 2011-12-06 )))))))))))))))))))))))))))))))))))
.
.
2011-12-06 08:17 . 2011-12-06 08:20 -------- d-----w- c:\users\torben\AppData\Local\temp
2011-12-06 08:17 . 2011-12-06 08:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-06 05:20 . 2011-12-06 05:20 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6ED3D689-E85D-4BE4-B0AA-B90E4CCAB411}\MpKsl2cbb60b9.sys
2011-12-06 05:20 . 2011-12-06 08:19 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6ED3D689-E85D-4BE4-B0AA-B90E4CCAB411}\offreg.dll
2011-12-05 18:58 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6ED3D689-E85D-4BE4-B0AA-B90E4CCAB411}\mpengine.dll
2011-12-05 06:48 . 2011-12-05 06:48 -------- d-----w- C:\_OTL
2011-12-03 18:39 . 2011-12-05 12:47 -------- d--h--w- c:\programdata\kprologs
2011-12-02 17:31 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-02 10:13 . 2011-12-02 10:13 388096 ----a-r- c:\users\torben\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-02 10:13 . 2011-12-02 10:13 -------- d-----w- c:\program files\Trend Micro
2011-11-29 10:56 . 2011-08-19 15:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-11-29 10:56 . 2010-11-26 17:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-11-29 10:40 . 2011-10-19 21:15 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-26 18:13 . 2011-11-28 10:34 -------- d-----w- c:\program files\FK_Monitor
2011-11-24 04:19 . 2011-11-24 04:20 -------- d-----w- C:\torbenlind
2011-11-18 18:16 . 2011-11-18 18:16 -------- d-----w- c:\windows\Sun
2011-11-18 18:16 . 2011-11-18 18:16 -------- d-----w- c:\program files\Common Files\Java
2011-11-15 06:57 . 2011-11-15 06:57 -------- d-----w- c:\users\torben\AppData\Local\Broadcom
2011-11-15 06:50 . 2000-01-01 00:00 20008 ----a-w- c:\windows\system32\btwcoins.dll
2011-11-15 06:50 . 2000-01-01 00:00 18728 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2011-11-15 06:50 . 2000-01-01 00:00 93224 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2011-11-15 06:50 . 2000-01-01 00:00 33832 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2011-11-15 06:50 . 2000-01-01 00:00 302120 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2011-11-15 06:50 . 2000-01-01 00:00 114728 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2011-11-15 06:47 . 2011-11-15 06:47 -------- d-----w- c:\program files\WIDCOMM
2011-11-15 06:42 . 2011-11-15 06:42 -------- d-----w- c:\program files\Intel
2011-11-15 06:42 . 2000-01-01 00:00 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-11-15 06:40 . 2011-11-15 06:40 -------- d-----w- C:\Intel
2011-11-15 06:36 . 2006-02-07 14:39 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-11-15 06:36 . 2006-02-07 14:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-11-15 06:36 . 2006-02-07 14:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-11-15 06:36 . 2006-02-07 14:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-11-15 06:36 . 2006-02-07 14:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-11-15 06:36 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-11-15 06:36 . 2011-11-15 06:36 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-11-15 06:36 . 2011-11-15 06:36 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-11-15 06:33 . 2011-11-15 06:33 -------- d-----w- c:\program files\Cisco
2011-11-15 06:31 . 2011-11-15 06:30 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-11-15 06:31 . 2011-11-15 06:30 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-11-15 06:31 . 2011-11-15 06:30 3551232 ----a-w- c:\windows\system32\bcmihvui.dll
2011-11-15 06:31 . 2011-11-15 06:30 2506232 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS
2011-11-15 06:31 . 2011-11-15 06:30 3862528 ----a-w- c:\windows\system32\bcmihvsrv.dll
2011-11-15 06:30 . 2011-11-15 06:30 -------- d-----w- c:\program files\Broadcom
2011-11-15 06:30 . 2011-11-15 06:30 -------- d-----w- c:\users\torben\AppData\Roaming\InstallShield
2011-11-15 06:27 . 2011-11-15 06:27 -------- d-----w- c:\program files\Realtek
2011-11-15 06:27 . 2000-01-01 00:00 13864 ----a-w- c:\windows\system32\RTNICVer.dll
2011-11-15 06:24 . 2011-11-15 06:24 -------- d-----w- c:\program files\Motorola
2011-11-15 06:12 . 2011-12-06 08:19 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-11-15 06:12 . 2011-11-15 06:12 -------- d-----w- c:\users\torben\AppData\Local\SlimWare Utilities Inc
2011-11-15 06:12 . 2011-11-28 10:34 -------- d-----w- c:\program files\SlimDrivers
2011-11-09 05:43 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 05:43 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 05:43 . 2011-09-29 03:37 2341888 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 10:47 . 2011-05-11 08:46 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-14 11:24 . 2011-09-11 14:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-22 09:18 . 2011-07-15 16:17 47360 ----a-w- c:\users\torben\AppData\Roaming\pcouffin.sys
2011-10-11 11:38 . 2011-10-11 11:39 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{696ADCBA-78EB-4721-AA17-0F5FF78773B2}\gapaengine.dll
2011-10-03 04:06 . 2011-07-24 19:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-01 02:42 . 2011-10-14 04:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-25 22:20 71568 --sh--w- c:\windows\lksi.exe
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" [2011-11-10 413528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"SoundMan"="SOUNDMAN.EXE" [2000-01-01 604704]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-10-08 4441944]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2009-10-28 55808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 15:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLSService]
2009-10-28 23:56 55808 ----a-w- c:\program files\DYMO\DYMO Label Software\DLSService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-08 05:27 136176 ----atw- c:\users\torben\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 16:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 13:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 00:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
R1 MpKsl0242a354;MpKsl0242a354;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9FAC212F-1A58-40E2-94F5-A68F41CB8708}\MpKsl0242a354.sys [x]
R1 MpKsl027e74f3;MpKsl027e74f3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{284274A3-07E8-46B8-8101-A2A133B7911C}\MpKsl027e74f3.sys [x]
R1 MpKsl032bbd27;MpKsl032bbd27;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A145FBD-E519-4D49-998E-97E949955667}\MpKsl032bbd27.sys [x]
R1 MpKsl096a4947;MpKsl096a4947;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA013843-F26F-4117-835B-9324D43CF01B}\MpKsl096a4947.sys [x]
R1 MpKsl09739209;MpKsl09739209;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E92DEE33-B2EA-4E49-A0C6-5853A4E7D173}\MpKsl09739209.sys [x]
R1 MpKsl0ebf9086;MpKsl0ebf9086;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93773991-B86D-4A0F-94FF-D7D8E0066675}\MpKsl0ebf9086.sys [x]
R1 MpKsl17cc768e;MpKsl17cc768e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{059970C3-2495-4381-93B9-949574EF8C66}\MpKsl17cc768e.sys [x]
R1 MpKsl23ef35de;MpKsl23ef35de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{059970C3-2495-4381-93B9-949574EF8C66}\MpKsl23ef35de.sys [x]
R1 MpKsl247b21ce;MpKsl247b21ce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F8EDF34-1DE8-43F8-AF23-44D8180C4A20}\MpKsl247b21ce.sys [x]
R1 MpKsl25693da3;MpKsl25693da3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{310088FA-C830-4271-A4F0-D86D255F1663}\MpKsl25693da3.sys [x]
R1 MpKsl277a7f14;MpKsl277a7f14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B15C5041-F096-4191-93AB-041F3C59A2EC}\MpKsl277a7f14.sys [x]
R1 MpKsl35547e98;MpKsl35547e98;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKsl35547e98.sys [x]
R1 MpKsl3555527b;MpKsl3555527b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2856377-36F5-411E-BD8C-856A98A48015}\MpKsl3555527b.sys [x]
R1 MpKsl43ffb88e;MpKsl43ffb88e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKsl43ffb88e.sys [x]
R1 MpKsl46885a6c;MpKsl46885a6c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C0DB981-00E9-45E8-91D6-1C4665B0A1BE}\MpKsl46885a6c.sys [x]
R1 MpKsl476f5da8;MpKsl476f5da8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{128194C5-0951-4405-88A4-FE2771B38BDE}\MpKsl476f5da8.sys [x]
R1 MpKsl50d6e712;MpKsl50d6e712;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DE0563B-47D6-4AA1-955B-B7F8BFAA792B}\MpKsl50d6e712.sys [x]
R1 MpKsl5382552a;MpKsl5382552a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKsl5382552a.sys [x]
R1 MpKsl5767fa50;MpKsl5767fa50;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{261096D2-9E9F-432A-8FB2-829791C39589}\MpKsl5767fa50.sys [x]
R1 MpKsl5a621666;MpKsl5a621666;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C291AE7-0770-43EF-9119-4C5252783989}\MpKsl5a621666.sys [x]
R1 MpKsl5a6ac74a;MpKsl5a6ac74a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48410B72-59D1-4CE0-8431-4474CC32099C}\MpKsl5a6ac74a.sys [x]
R1 MpKsl5afff74d;MpKsl5afff74d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1380DC51-5FC3-4CAD-85F6-082AB8AEB0D3}\MpKsl5afff74d.sys [x]
R1 MpKsl66554534;MpKsl66554534;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90BDC0A2-6E28-49FB-A4C7-950D9A7775C9}\MpKsl66554534.sys [x]
R1 MpKsl6695878d;MpKsl6695878d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F8EDF34-1DE8-43F8-AF23-44D8180C4A20}\MpKsl6695878d.sys [x]
R1 MpKsl6e2e71b4;MpKsl6e2e71b4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D4A7D74-6916-4AB7-B712-EEED295C702D}\MpKsl6e2e71b4.sys [x]
R1 MpKsl725436b7;MpKsl725436b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF0EFD5A-7ED3-4DC7-B560-24B6A5170349}\MpKsl725436b7.sys [x]
R1 MpKsl75c24655;MpKsl75c24655;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8156FE8-1FD7-4FD9-95A0-DA6A0F25B043}\MpKsl75c24655.sys [x]
R1 MpKsl7623f743;MpKsl7623f743;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKsl7623f743.sys [x]
R1 MpKsl7e1e133b;MpKsl7e1e133b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F220CB6-531C-4D5C-9974-311F2E01F3EE}\MpKsl7e1e133b.sys [x]
R1 MpKsl8103683f;MpKsl8103683f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98766B2B-9A8F-4168-BE9A-E5FF3AD8CE2E}\MpKsl8103683f.sys [x]
R1 MpKsl917e9a44;MpKsl917e9a44;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5FA1FB9-880B-4E13-8CED-395E090AF4E4}\MpKsl917e9a44.sys [x]
R1 MpKsl95ddbb5d;MpKsl95ddbb5d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1D4A7D74-6916-4AB7-B712-EEED295C702D}\MpKsl95ddbb5d.sys [x]
R1 MpKsl96ec84da;MpKsl96ec84da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9761E762-394D-4109-9691-266E11E2BEA3}\MpKsl96ec84da.sys [x]
R1 MpKslabb7754d;MpKslabb7754d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{059970C3-2495-4381-93B9-949574EF8C66}\MpKslabb7754d.sys [x]
R1 MpKslad05f27a;MpKslad05f27a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33D6DA83-A030-49F4-95C4-15C5F34A4933}\MpKslad05f27a.sys [x]
R1 MpKslae7c810e;MpKslae7c810e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EF523D2-43EA-46A8-B9E2-2BAC7D31F4FC}\MpKslae7c810e.sys [x]
R1 MpKslaf37e80e;MpKslaf37e80e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{67FA28CB-EA93-44E1-A5C0-62546CB24942}\MpKslaf37e80e.sys [x]
R1 MpKslb1d7c0a7;MpKslb1d7c0a7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60D73E92-E1BA-49CC-9097-11B37C686B5B}\MpKslb1d7c0a7.sys [x]
R1 MpKslb5825b09;MpKslb5825b09;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B3CC341-06F1-46F6-B116-B2AB5CA8DF7D}\MpKslb5825b09.sys [x]
R1 MpKslc1be4f72;MpKslc1be4f72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1380DC51-5FC3-4CAD-85F6-082AB8AEB0D3}\MpKslc1be4f72.sys [x]
R1 MpKslc2181725;MpKslc2181725;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98766B2B-9A8F-4168-BE9A-E5FF3AD8CE2E}\MpKslc2181725.sys [x]
R1 MpKslcd45f00a;MpKslcd45f00a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{497F9BDA-93CD-4137-AE10-E5DDE2667829}\MpKslcd45f00a.sys [x]
R1 MpKslcda6feca;MpKslcda6feca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{418BE573-D02D-455F-A85C-C8785B7602A1}\MpKslcda6feca.sys [x]
R1 MpKsld196730c;MpKsld196730c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5E25AA12-2B9F-4DE8-B25B-EE912E0C34FD}\MpKsld196730c.sys [x]
R1 MpKsld8ef0d14;MpKsld8ef0d14;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48410B72-59D1-4CE0-8431-4474CC32099C}\MpKsld8ef0d14.sys [x]
R1 MpKsldd4b9faa;MpKsldd4b9faa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07AAD1B8-DB9B-4E78-81FD-3DE0FDFD36F4}\MpKsldd4b9faa.sys [x]
R1 MpKsle2ee6c72;MpKsle2ee6c72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B15C5041-F096-4191-93AB-041F3C59A2EC}\MpKsle2ee6c72.sys [x]
R1 MpKslf3ed8f2d;MpKslf3ed8f2d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56605566-06F4-4254-AD88-744AA05361CC}\MpKslf3ed8f2d.sys [x]
R1 MpKslf5c1f1aa;MpKslf5c1f1aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA013843-F26F-4117-835B-9324D43CF01B}\MpKslf5c1f1aa.sys [x]
R1 MpKslf70dc66a;MpKslf70dc66a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93773991-B86D-4A0F-94FF-D7D8E0066675}\MpKslf70dc66a.sys [x]
R1 MpKslf8e5ac60;MpKslf8e5ac60;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EEBDF308-1959-4571-8E37-101C770CC00A}\MpKslf8e5ac60.sys [x]
R1 MpKslfa789059;MpKslfa789059;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0AE6C4DF-2210-4D78-A501-DDA68FEEC2EF}\MpKslfa789059.sys [x]
R1 MpKslfcaeab31;MpKslfcaeab31;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EF69D8D-284A-4F94-B357-713941631D15}\MpKslfcaeab31.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
R3 BTWAMPFL;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys [2000-01-01 302120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 33832]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-07-16 47360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-09-20 30600]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-12-06 12984]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2011-10-08 18768]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 56496]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 12464]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
S1 MpKsl2cbb60b9;MpKsl2cbb60b9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6ED3D689-E85D-4BE4-B0AA-B90E4CCAB411}\MpKsl2cbb60b9.sys [2011-12-06 29904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]
S2 DymoPnpService;DYMO PnP Service;c:\program files\DYMO\DYMO Label Software\DymoPnpService.exe [2011-08-10 32336]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-09-23 641832]
.
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1446736127-2839589416-246201070-1001Core.job
- c:\users\torben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 05:27]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1446736127-2839589416-246201070-1001UA.job
- c:\users\torben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 05:27]
.
2011-12-06 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files\SlimDrivers\SlimDrivers.exe [2011-09-07 10:32]
.
.
------- Yderligere scanning -------
.
IE: Send billede til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 62.179.1.63 62.179.1.62
.
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs startet under kørende Processer ---------------------
.
- - - - - - - > 'Explorer.exe'(780)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\taskhost.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Gennemført tid: 2011-12-06 09:31:08 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2011-12-06 08:30
ComboFix2.txt 2011-12-05 18:01
ComboFix3.txt 2011-12-05 11:19
.
Pre-Kørsel: 112.230.912.000 byte ledig
Post-Kørsel: 112.033.513.472 byte ledig
.
- - End Of File - - BFE8AE1B78118A95CC123A5DB5FDCE88

Synes godt om

f-arn Guru

06. december 2011 - 15:43 #26

Hent og installer ERUNT: http://www.derfisch.de/lars/erunt-setup.exe

Start den og lad den lave en Backup af Registreringsdatabasen.

------

Start OTL

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Kopier nedenstånde med fed skrift ind i feltet "Custom Scans/Fixes"

:Services
MpKsl0242a354
MpKsl027e74f3
MpKsl032bbd27
MpKsl096a4947
MpKsl09739209
MpKsl0ebf9086
MpKsl17cc768e
MpKsl23ef35de
MpKsl247b21ce
MpKsl25693da3
MpKsl277a7f14
MpKsl35547e98
MpKsl3555527b
MpKsl43ffb88e
MpKsl46885a6c
MpKsl476f5da8
MpKsl50d6e712
MpKsl5382552a
MpKsl5767fa50
MpKsl5a621666
MpKsl5a6ac74a
MpKsl5afff74d
MpKsl66554534
MpKsl6695878d
MpKsl6e2e71b4
MpKsl725436b7
MpKsl75c24655
MpKsl7623f743
MpKsl7e1e133b
MpKsl8103683f
MpKsl917e9a44
MpKsl95ddbb5d
MpKsl96ec84da
MpKslabb7754d
MpKslad05f27a
MpKslae7c810e
MpKslaf37e80e
MpKslb1d7c0a7
MpKslb5825b09
MpKslc1be4f72
MpKslc2181725
MpKslcd45f00a
MpKslcda6feca
MpKsld196730c
MpKsld8ef0d14
MpKsldd4b9faa
MpKsle2ee6c72
MpKslf3ed8f2d
MpKslf5c1f1aa
MpKslf70dc66a
MpKslf8e5ac60

:Commands
[CREATERESTOREPOINT]
[Reboot]

Luk alle andre åbne vinduer og klik på "Run Fix"

Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd.

Ellers ligger den her: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log

PS Deaktiver dine Sikkerheds programmer, mens "Fixet" kører.

Synes godt om

torben lind Forsker

06. december 2011 - 18:58 #27

Hej f-arn.
Jeg var lige ude af huset,men her report som du bedte om.
torben lind

========== SERVICES/DRIVERS ==========
Service MpKsl0242a354 stopped successfully!
Service MpKsl0242a354 deleted successfully!
Service MpKsl027e74f3 stopped successfully!
Service MpKsl027e74f3 deleted successfully!
Service MpKsl032bbd27 stopped successfully!
Service MpKsl032bbd27 deleted successfully!
Service MpKsl096a4947 stopped successfully!
Service MpKsl096a4947 deleted successfully!
Service MpKsl09739209 stopped successfully!
Service MpKsl09739209 deleted successfully!
Service MpKsl0ebf9086 stopped successfully!
Service MpKsl0ebf9086 deleted successfully!
Service MpKsl17cc768e stopped successfully!
Service MpKsl17cc768e deleted successfully!
Service MpKsl23ef35de stopped successfully!
Service MpKsl23ef35de deleted successfully!
Service MpKsl247b21ce stopped successfully!
Service MpKsl247b21ce deleted successfully!
Service MpKsl25693da3 stopped successfully!
Service MpKsl25693da3 deleted successfully!
Service MpKsl277a7f14 stopped successfully!
Service MpKsl277a7f14 deleted successfully!
Service MpKsl35547e98 stopped successfully!
Service MpKsl35547e98 deleted successfully!
Service MpKsl3555527b stopped successfully!
Service MpKsl3555527b deleted successfully!
Service MpKsl43ffb88e stopped successfully!
Service MpKsl43ffb88e deleted successfully!
Service MpKsl46885a6c stopped successfully!
Service MpKsl46885a6c deleted successfully!
Service MpKsl476f5da8 stopped successfully!
Service MpKsl476f5da8 deleted successfully!
Service MpKsl50d6e712 stopped successfully!
Service MpKsl50d6e712 deleted successfully!
Service MpKsl5382552a stopped successfully!
Service MpKsl5382552a deleted successfully!
Service MpKsl5767fa50 stopped successfully!
Service MpKsl5767fa50 deleted successfully!
Service MpKsl5a621666 stopped successfully!
Service MpKsl5a621666 deleted successfully!
Service MpKsl5a6ac74a stopped successfully!
Service MpKsl5a6ac74a deleted successfully!
Service MpKsl5afff74d stopped successfully!
Service MpKsl5afff74d deleted successfully!
Service MpKsl66554534 stopped successfully!
Service MpKsl66554534 deleted successfully!
Service MpKsl6695878d stopped successfully!
Service MpKsl6695878d deleted successfully!
Service MpKsl6e2e71b4 stopped successfully!
Service MpKsl6e2e71b4 deleted successfully!
Service MpKsl725436b7 stopped successfully!
Service MpKsl725436b7 deleted successfully!
Service MpKsl75c24655 stopped successfully!
Service MpKsl75c24655 deleted successfully!
Service MpKsl7623f743 stopped successfully!
Service MpKsl7623f743 deleted successfully!
Service MpKsl7e1e133b stopped successfully!
Service MpKsl7e1e133b deleted successfully!
Service MpKsl8103683f stopped successfully!
Service MpKsl8103683f deleted successfully!
Service MpKsl917e9a44 stopped successfully!
Service MpKsl917e9a44 deleted successfully!
Service MpKsl95ddbb5d stopped successfully!
Service MpKsl95ddbb5d deleted successfully!
Service MpKsl96ec84da stopped successfully!
Service MpKsl96ec84da deleted successfully!
Service MpKslabb7754d stopped successfully!
Service MpKslabb7754d deleted successfully!
Service MpKslad05f27a stopped successfully!
Service MpKslad05f27a deleted successfully!
Service MpKslae7c810e stopped successfully!
Service MpKslae7c810e deleted successfully!
Service MpKslaf37e80e stopped successfully!
Service MpKslaf37e80e deleted successfully!
Service MpKslb1d7c0a7 stopped successfully!
Service MpKslb1d7c0a7 deleted successfully!
Service MpKslb5825b09 stopped successfully!
Service MpKslb5825b09 deleted successfully!
Service MpKslc1be4f72 stopped successfully!
Service MpKslc1be4f72 deleted successfully!
Service MpKslc2181725 stopped successfully!
Service MpKslc2181725 deleted successfully!
Service MpKslcd45f00a stopped successfully!
Service MpKslcd45f00a deleted successfully!
Service MpKslcda6feca stopped successfully!
Service MpKslcda6feca deleted successfully!
Service MpKsld196730c stopped successfully!
Service MpKsld196730c deleted successfully!
Service MpKsld8ef0d14 stopped successfully!
Service MpKsld8ef0d14 deleted successfully!
Service MpKsldd4b9faa stopped successfully!
Service MpKsldd4b9faa deleted successfully!
Service MpKsle2ee6c72 stopped successfully!
Service MpKsle2ee6c72 deleted successfully!
Service MpKslf3ed8f2d stopped successfully!
Service MpKslf3ed8f2d deleted successfully!
Service MpKslf5c1f1aa stopped successfully!
Service MpKslf5c1f1aa deleted successfully!
Service MpKslf70dc66a stopped successfully!
Service MpKslf70dc66a deleted successfully!
Service MpKslf8e5ac60 stopped successfully!
Service MpKslf8e5ac60 deleted successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.31.0 log created on 12062011_185305

Synes godt om

f-arn Guru

06. december 2011 - 21:13 #28

Fint :-)
Hvordan kører PCen nu? Jeg tror ikke der er mere,så hvis PCen kører ordentligt, vil jeg "rydde op" i mit næste indlæg *S*

Synes godt om

torben lind Forsker

06. december 2011 - 21:22 #29

Hej f-arn.
Den kører som en drøm,det er lang tid siden den har kørt så godt.
Så hvis jeg forstår dig rigtig mangler vi en oprydning,jeg er klar når du har tid(jeg tager den først imorgen tidlig hvis du har sendt noget inden da)
torben lind

Synes godt om

f-arn Guru

06. december 2011 - 21:33 #30

Tast <Windows> + <R> samtidig og kopier dette ind: combofix /uninstall
Tryk enter
Det vil fjerne Combofix og nulstille urets indstillinger.
Nulstille systemgendannelsen.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves.

------

Start OTL og klik på CleanUp

Det vil fjerne OTL, og andre værktøjer vi har brugt.

Synes godt om

torben lind Forsker

07. december 2011 - 06:25 #31

Hej f-arn.
Jeg vil sige mange mange tak for hjælpen,nu kører maskinen igen super,det var noget af en omgang,endnu engang tak for hjælpen og her følger dine velfortjente point.
Hilsen torben lind.

Synes godt om

f-arn Guru

07. december 2011 - 08:40 #32

Velbekomme - og tak for point *S*

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53
Total AV Af Malm i Virus	10	16/01/202516:48	17/01/202520:47
pop up black friday Af Malm i Virus	12	22/11/202420:49	03/12/202411:04

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS