CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede Roneklindt Novice
29. august 2012 - 23:11 Der er 31 kommentarer

Windows lukker af sig selv

Sidder med min fars pc.
Det er en Acer extensa 5230 med Vista.

Der sker det, at der bliver ved med at poppe et vindue op ved op start hvor der står:"windows har fundet et alvorligt problem og genstartes automatisk om et minut"

Har prøvet Malwarebytes, HiJackThis, ComboFix og AVG 2012.
Men ingen af programmerne kan nå at gøre noget før computeren genstarter.
Ikke engang en system gendannelse kan jeg nå..

Nogle som kan hjælpe!?
Avatar billede vejmand Juniormester
29. august 2012 - 23:22 #1
Kan du starte i fejlsikret tilstand? (F8 under opstart)
Avatar billede Roneklindt Novice
29. august 2012 - 23:24 #2
ja, men den kommer stadig..
Avatar billede Slettet bruger
29. august 2012 - 23:26 #3
Har du prøvet at åbne med F8-fejlsikker tilstand? Hvis ja, så kan det blive nødvendig, st tage disken ud og køre den som ekstern over USB, og så checkke den der. Du kan også boote op på en Live-CD og hente eventuelle data som skal gemmes og derefter køre Killdisk og dermed overskrive disken, så der kan startes forfra.Men hvis der ligger en Eisa partition på disken med geninstallering af Vista, må den selvfølgelig ikke overskrives.
http://how-to-erase-hard-drive.com/downloadfree.htm
Avatar billede Roneklindt Novice
29. august 2012 - 23:30 #4
Har ikke mulighed for at køre den som "ekstern"
Har prøvet fejlsikret tilstand. Men den popper stadig op..
Avatar billede Slettet bruger
29. august 2012 - 23:54 #5
Ingen mulighed for ekstern? Men du har jo en anden computer, så du mangler bare kablerne. Men, ok de skal jo betales. Det gælder så ikke hvis du har adgang til en stationær, der kan den sættes til som slave.
Avatar billede 220661 Ekspert
30. august 2012 - 08:31 #6
Og man kan ikke lukke denne ubehagelige virus ned i joblisten?
Der må være nogle processer der kører.
Avatar billede 220661 Ekspert
30. august 2012 - 08:33 #7
Er i øvrigt helt enig i #3
Du kan købe en sata ide adapter til under 150 kroner, hvor du så kan montere din disk til anden pc med usb kabel.
En dyrere løsning er en harddisk dock der koster ca 300.
Avatar billede Roneklindt Novice
30. august 2012 - 09:08 #8
Jeg prøver at pille hdd ud :)
Skal nok lige skrive når jeg har fundet en løsning
Avatar billede sullep Nybegynder
30. august 2012 - 10:40 #9
Har du denne mulighed  >

Start PCen op med "Advanced Boot Options" (Tryk F8 flere gange under opstart)
Vælg "Repair Your Computer"
Avatar billede Roneklindt Novice
30. august 2012 - 19:08 #10
Har jeg også prøvet.
Det hjælper ikke :/
Avatar billede sullep Nybegynder
31. august 2012 - 09:14 #11
Det hjælper ikke???

Hvordan skal dette forstås, kan du starte den op i "Repair Your Computer" når du taster F8 under opstart.
Avatar billede Roneklindt Novice
01. september 2012 - 18:16 #12
Løsning
Startede PCen op med "Advanced Boot Options"
og valgte "Repair Your Computer"
Også gendannede jeg til en tidligere dato. også CClean, MalwareByte og AVG.
Håber det Virker helt..
Skriv lige et svar, Hvis der nogle der mener de har fortjent point :P
Avatar billede 220661 Ekspert
01. september 2012 - 19:20 #13
Du kan jo se at sullep kom med løsningen til dig, så jeg synes da det er en mærkelig måde at spørge på????
Avatar billede Roneklindt Novice
02. september 2012 - 10:34 #14
AVG blever ved med at melde om en trojansk hest...
Avatar billede Roneklindt Novice
02. september 2012 - 10:34 #15
bliver//
Avatar billede 220661 Ekspert
02. september 2012 - 10:45 #16
Hvad hedder denne fil?
Avatar billede 220661 Ekspert
02. september 2012 - 10:46 #17
Det kan være et falsk positiv den sender.
Har haft problemer med at Malwarebytes fil mbam.gui var virus, som den jo ikke er.
Avatar billede Roneklindt Novice
02. september 2012 - 18:26 #18
Den hedder Patched_c.lyt
Avatar billede 220661 Ekspert
02. september 2012 - 18:49 #19
Kender den ikke, men har fundet dette her som du måske kan bruge:
http://guides.yoosecurity.com/best-way-to-remove-trojan-horse-patched_c-lyt-manually-and-completely/
Avatar billede 220661 Ekspert
02. september 2012 - 18:50 #20
Det ligner en form for et rootkit i følge beskrivelsen i tråden.
Avatar billede Roneklindt Novice
02. september 2012 - 19:19 #21
Hvad gør man ved "rootkit" ???
Avatar billede f-arn Guru
02. september 2012 - 21:55 #22
Det er sandsynligvis c:\Windows\Systems32\services.exe den brokker sig over.

Det plejer det at være, ved den infektion.

Det er en vigtig Windows system fil, så den skal udskiftes - ikke slettes.

Det kunne sullep ha' klaret for dig.
Avatar billede Roneklindt Novice
03. september 2012 - 12:44 #23
Kan jeg så få en forklaring på hvordan jeg så kan gøre? :P
Avatar billede sullep Nybegynder
05. september 2012 - 11:02 #24
Du kunne bare ha´ svaret ja eller nej til #9 så var der kommet en vejledning.

Download  OTL fra dette link, gem den på skrivebordet.
http://oldtimer.geekstogo.com/OTL.com

PS.: Vista/Win7 - HøjreMusseTast - "Kør som Administrator." på de programfiler hvis du har den mulighed.

Kør OTL > Kopier teksten med fed skrift ind under "Custom Scans/Fixes"
Nede til højre, sætter du fluben ved, "LOP Check" og "Purity Check", marker Scan All Users,
Klik på "Run Scan". Din computer vil nu blive scannet og efter et stykke tid vil 2 logs åbne sig, gem dem.


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
atapi.sys
services.exe
/md5stop


Der åbnes 2 notesblok vinduer  OTL.txt og Extras.Txt  kopier teksten fra dem herind.
Avatar billede Roneklindt Novice
09. september 2012 - 18:49 #25
Undskyld det sene svar..
Men det kræver jo jeg har hos de gamle :P


OTL:


OTL logfile created on: 09-09-2012 18:34:07 - Run 1
OTL by OldTimer - Version 3.2.61.3    Folder = F:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

952,13 Mb Total Physical Memory | 345,11 Mb Available Physical Memory | 36,25% Memory free
2,24 Gb Paging File | 1,08 Gb Available in Paging File | 48,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 37,60 Gb Free Space | 53,99% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 45,57 Gb Free Space | 65,44% Space Free | Partition Type: NTFS
Drive F: | 7,20 Gb Total Space | 7,12 Gb Free Space | 98,88% Space Free | Partition Type: FAT32

Computer Name: RONEKLINDT-PC | User Name: Roneklindt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-09 18:26:58 | 000,600,064 | ---- | M] (OldTimer Tools) -- F:\OTL.com
PRC - [2012-09-03 20:07:57 | 000,722,528 | ---- | M] () -- C:\Programmer\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012-09-03 20:07:32 | 000,947,808 | ---- | M] () -- C:\Programmer\AVG Secure Search\vprot.exe
PRC - [2012-07-18 18:14:18 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\RONEKL~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012-07-04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgidsagent.exe
PRC - [2012-06-13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgrsx.exe
PRC - [2012-06-13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgnsx.exe
PRC - [2012-04-05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgtray.exe
PRC - [2012-03-19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgemcx.exe
PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgwdsvc.exe
PRC - [2012-02-14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgcsrvx.exe
PRC - [2012-01-17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmer\Common Files\Java\Java Update\jucheck.exe
PRC - [2011-11-03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Programmer\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2010-11-26 15:36:32 | 001,762,688 | ---- | M] () -- C:\Programmer\Connect it\BecHelperService.exe
PRC - [2010-11-26 15:34:52 | 000,294,400 | ---- | M] () -- C:\Programmer\Connect it\LoggerServer.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-06-10 01:36:14 | 000,870,920 | ---- | M] (Dritek System Inc.) -- C:\Programmer\Launch Manager\LManager.exe
PRC - [2008-05-21 04:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008-04-30 19:02:40 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programmer\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008-03-21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Programmer\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008-01-16 11:01:30 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007-12-06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007-02-13 02:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programmer\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006-10-27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006-09-09 01:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programmer\Apoint2K\Hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2012-09-03 20:08:22 | 000,564,832 | ---- | M] () -- C:\Programmer\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012-09-03 20:07:59 | 000,132,704 | ---- | M] () -- C:\Programmer\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012-09-03 20:07:32 | 000,947,808 | ---- | M] () -- C:\Programmer\AVG Secure Search\vprot.exe
MOD - [2012-07-13 20:33:48 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012-07-13 20:33:27 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012-07-13 20:30:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012-07-13 20:06:30 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012-07-13 19:54:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012-07-13 19:54:17 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011-11-03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Programmer\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011-11-03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Programmer\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011-11-03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Programmer\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2009-04-11 08:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009-04-11 08:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008-09-12 00:28:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008-09-12 00:28:43 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008-09-12 00:28:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008-04-30 16:00:02 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2003-06-07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programmer\Launch Manager\PowerUtl.dll


========== Services (SafeList) ==========

SRV - [2012-09-05 21:24:44 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programmer\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-09-03 20:07:57 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Programmer\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012-09-03 19:15:02 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmer\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmer\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010-11-26 15:36:32 | 001,762,688 | ---- | M] () [Auto | Running] -- C:\Programmer\Connect it\BecHelperService.exe -- (BecHelperService)
SRV - [2008-03-21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programmer\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008-01-21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008-01-16 11:01:30 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007-12-06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007-08-24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007-02-13 02:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Programmer\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-04-14 10:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2006-04-14 10:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmer\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006-04-14 10:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005-10-14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmer\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012-09-03 20:08:02 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012-04-19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012-03-19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012-02-22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012-01-31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-12-23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-12-23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011-12-23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011-12-23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010-11-26 16:21:56 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010-11-26 16:21:52 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010-11-26 16:21:52 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010-11-26 16:21:52 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010-11-26 16:21:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2008-06-05 03:54:22 | 000,113,664 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008-04-15 20:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008-04-08 20:46:02 | 000,043,736 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008-04-06 04:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-03-21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008-02-01 09:14:36 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007-12-26 08:23:10 | 000,017,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TpChoice.sys -- (TpChoice)
DRV - [2006-11-29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=2&o=vb32&d=0612&m=extensa_5230
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=da
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={FED86ED8-575D-453F-9313-A27840DBA7BD}&mid=297acc72ec3547d0966bd154343c1f21-fab9e376f2db6063f21074670f3e748cbe54e38d&lang=da&ds=AVG&pr=fr&d=2012-06-19 18:52:14&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.dk/ig"
FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B379ce5f9-e061-427e-a3ab-46694dec1fff%7D&mid=297acc72ec3547d0966bd154343c1f21-fab9e376f2db6063f21074670f3e748cbe54e38d&ds=AVG&v=12.2.5.32&lang=da&pr=fr&d=2012-06-19%2018%3A52%3A14&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-07-17 15:58:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012-09-03 20:08:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-05 21:24:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-05 21:24:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-06-19 18:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roneklindt\AppData\Roaming\mozilla\Extensions
[2012-09-02 18:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roneklindt\AppData\Roaming\mozilla\Firefox\Profiles\p72hkaug.default\extensions
[2012-06-19 18:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2012-09-03 20:08:50 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
[2012-09-05 21:24:44 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-06-15 00:39:13 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-co-uk.xml
[2012-09-03 20:07:21 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-09-05 21:24:42 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-06-15 00:39:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-da.xml

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmer\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programmer\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programmer\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ePower_DMC] C:\Programmer\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [LManager] C:\Programmer\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O8 - Extra context menu item: E&ksporter til Microsoft Excel - C:\Programmer\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmer\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F279FA5-B709-435A-B245-95B2B1F69457}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programmer\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-12-26 13:59:40 | 000,000,513 | ---- | M] () - D:\Autodata CD2.lnk -- [ NTFS ]
O32 - AutoRun File - [2004-11-13 22:47:12 | 000,000,063 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{d92b55ae-c2be-11e1-8250-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d92b55ae-c2be-11e1-8250-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{d92b56ff-c2be-11e1-8250-001e101f4e71}\Shell - "" = AutoRun
O33 - MountPoints2\{d92b56ff-c2be-11e1-8250-001e101f4e71}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{ef4174bf-c2ca-11e1-a6ed-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{ef4174bf-c2ca-11e1-a6ed-001e101fe5e1}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: wuauserv -  File not found
NetSvcs: BITS -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found

========== Files/Folders - Created Within 30 Days ==========

[2012-09-03 20:08:02 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012-08-29 23:27:46 | 000,000,000 | --SD | C] -- C:\BANANEN
[2012-08-29 23:27:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-08-29 21:32:56 | 000,000,000 | ---D | C] -- C:\Users\Roneklindt\Desktop\backups
[2012-08-29 12:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012-08-21 20:49:43 | 000,000,000 | ---D | C] -- C:\Users\Roneklindt\AppData\Roaming\Malwarebytes
[2012-08-21 20:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-08-21 20:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-08-21 20:49:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-08-21 20:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-08-21 20:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2012-09-09 18:31:36 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-09-09 18:31:36 | 000,519,100 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2012-09-09 18:31:36 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-09-09 18:31:36 | 000,097,908 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2012-09-09 18:14:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-09 17:08:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-09 17:08:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-09-09 15:14:59 | 094,077,353 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012-09-09 15:09:01 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012-09-09 15:08:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-09 15:08:18 | 999,157,760 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-08 17:58:01 | 000,280,905 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012-09-03 20:08:02 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012-09-03 19:14:59 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012-09-03 19:14:59 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012-08-29 21:37:33 | 000,024,576 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012-08-21 20:49:25 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-08-21 20:35:56 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2012-09-03 18:28:17 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-02 00:27:25 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@
[2012-09-02 00:27:24 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@
[2012-09-02 00:27:24 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@
[2012-09-01 21:49:45 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@
[2012-09-01 21:49:44 | 000,090,624 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000032.@
[2012-09-01 18:22:37 | 999,157,760 | -HS- | C] () -- C:\hiberfil.sys
[2012-08-21 20:49:25 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-08-21 20:35:56 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012-07-21 00:57:59 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\L\00000004.@
[2012-07-12 14:38:29 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@
[2012-07-12 14:38:29 | 000,002,048 | -HS- | C] () -- C:\Users\Roneklindt\AppData\Local\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@
[2012-06-30 16:26:30 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012-06-27 14:24:18 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012-06-27 14:24:17 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012-06-27 14:24:16 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2012-06-27 14:22:21 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2012-06-25 22:22:47 | 000,008,704 | ---- | C] () -- C:\Users\Roneklindt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-24 15:54:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012-06-24 15:54:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012-06-20 03:19:13 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2012-06-20 03:07:49 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2012-06-20 03:07:49 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2012-06-20 03:07:49 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2012-06-20 03:07:48 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2012-06-20 03:07:48 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2012-06-19 20:54:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012-06-19 17:54:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2012-06-19 17:49:29 | 000,000,000 | ---- | C] () -- C:\Windows\setup.INI
[2012-06-19 17:41:34 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2012-06-19 17:41:34 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2012-06-19 17:41:34 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2012-06-19 17:41:34 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

========== LOP Check ==========

[2012-07-16 17:53:38 | 000,000,000 | ---D | M] -- C:\Users\Roneklindt\AppData\Roaming\AVG
[2012-06-19 18:53:42 | 000,000,000 | ---D | M] -- C:\Users\Roneklindt\AppData\Roaming\AVG2012
[2012-06-30 16:31:24 | 000,000,000 | ---D | M] -- C:\Users\Roneklindt\AppData\Roaming\Birdstep Technology
[2012-09-09 02:56:49 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: ATAPI.SYS  >
[2008-03-12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008-03-12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-01-21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008-03-12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: EXPLORER.EXE  >
[2008-10-29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008-10-30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008-10-28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008-01-21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES.EXE  >
[2008-01-21 04:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=8737764F4FD36D6808EE80578409C843 -- C:\Windows\System32\services.exe
[2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE  >
[2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008-01-21 04:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE  >
[2008-01-21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008-01-21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE  >
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008-01-21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Extras:

OTL Extras logfile created on: 09-09-2012 18:34:07 - Run 1
OTL by OldTimer - Version 3.2.61.3    Folder = F:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

952,13 Mb Total Physical Memory | 345,11 Mb Available Physical Memory | 36,25% Memory free
2,24 Gb Paging File | 1,08 Gb Available in Paging File | 48,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 37,60 Gb Free Space | 53,99% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 45,57 Gb Free Space | 65,44% Space Free | Partition Type: NTFS
Drive F: | 7,20 Gb Total Space | 7,12 Gb Free Space | 98,88% Space Free | Partition Type: FAT32

Computer Name: RONEKLINDT-PC | User Name: Roneklindt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{548AF5C1-54E3-4B74-A3E5-D5E6CB7D487C}" = O2Micro Flash Memory Card Reader Driver (x86)
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDsc2
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0406-0000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2007
"{90120000-0015-0406-0000-0000000FF1CE}_PROHYBRIDR_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0406-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2007
"{90120000-0016-0406-0000-0000000FF1CE}_PROHYBRIDR_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2007
"{90120000-0018-0406-0000-0000000FF1CE}_PROHYBRIDR_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0406-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2007
"{90120000-0019-0406-0000-0000000FF1CE}_PROHYBRIDR_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2007
"{90120000-001A-0406-0000-0000000FF1CE}_PROHYBRIDR_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0406-0000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2007
"{90120000-001B-0406-0000-0000000FF1CE}_PROHYBRIDR_{C0223E33-0993-416D-A389-3AD29D4BE333}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007
"{90120000-001F-0406-0000-0000000FF1CE}_PROHYBRIDR_{AAA2F315-90E9-40B3-8F83-4E52A5B461B2}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0406-0000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0406-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Danish) 2007
"{90120000-006E-0406-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2007
"{90120000-006E-0406-0000-0000000FF1CE}_PROHYBRIDR_{C378B07F-6A3F-44DB-B340-AADCED1A3B4C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0406-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Danish) 2007
"{90120000-00BA-0406-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Danish) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = Connect it
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B69349AE-2D41-3708-8BA4-4DC22645CA04}" = Microsoft .NET Framework 3.5 Language Pack SP1 - dan
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{CE1B03BC-3C99-4580-A2AC-A41DB9B83378}" = EasyWeather
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{E2019D64-E819-3B4F-9C85-95BE2688ABF9}" = Microsoft .NET Framework 4 Client Profile DAN Language Pack
"{e79f7651-854f-43b8-83db-539454102a6b}" = Business Contact Manager til Outlook 2007 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"Business Contact Manager" = Business Contact Manager til Outlook 2007 SP1
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Huawei Modems" = Huawei modem
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - dan" = Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DAN Language Pack" = Microsoft .NET Framework 4 Client Profile DAN sprogpakke
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 15.0 (x86 da)" = Mozilla Firefox 15.0 (x86 da)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROHYBRIDR" = 2007 Microsoft Office system

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29-08-2012 09:21:56 | Computer Name = Roneklindt-PC | Source = WinMgmt | ID = 10
Description =

Error - 29-08-2012 09:25:49 | Computer Name = Roneklindt-PC | Source = WinMgmt | ID = 10
Description =

Error - 29-08-2012 09:30:07 | Computer Name = Roneklindt-PC | Source = WinMgmt | ID = 10
Description =

Error - 29-08-2012 09:34:24 | Computer Name = Roneklindt-PC | Source = WinMgmt | ID = 10
Description =

Error - 29-08-2012 09:38:07 | Computer Name = Roneklindt-PC | Source = WinMgmt | ID = 10
Description =

Error - 29-08-2012 09:42:10 | Computer Name = Roneklindt-PC | Source = WinMgmt | ID = 10
Description =

Error - 29-08-2012 14:36:36 | Computer Name = Roneklindt-PC | Source = WinMgmt | ID = 10
Description =

Error - 29-08-2012 14:41:24 | Computer Name = Roneklindt-PC | Source = WinMgmt | ID = 10
Description =

Error - 29-08-2012 14:45:05 | Computer Name = Roneklindt-PC | Source = WinMgmt | ID = 10
Description =

Error - 29-08-2012 14:49:08 | Computer Name = Roneklindt-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11-07-2012 09:56:48 | Computer Name = Roneklindt-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11-07-2012 13:06:10 | Computer Name = Roneklindt-PC | Source = DCOM | ID = 10010
Description =

Error - 11-07-2012 13:09:06 | Computer Name = Roneklindt-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 11-07-2012 13:09:36 | Computer Name = Roneklindt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11-07-2012 13:15:45 | Computer Name = Roneklindt-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11-07-2012 13:17:22 | Computer Name = Roneklindt-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11-07-2012 13:19:11 | Computer Name = Roneklindt-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11-07-2012 13:19:22 | Computer Name = Roneklindt-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11-07-2012 13:19:55 | Computer Name = Roneklindt-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11-07-2012 14:57:56 | Computer Name = Roneklindt-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
Avatar billede sullep Nybegynder
10. september 2012 - 14:10 #26
Du har et ZeroAccess/Sirefef Rootkit.

>>

Kør OTL > Kopier teksten med fed skrift ind under "Custom Scans/Fixes" og klik på "Run Fix".


:otl
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

:files
ipconfig /flushdns /c
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000032.@
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\L\00000004.@
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}
C:\Users\Roneklindt\AppData\Local\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@
C:\Users\Roneklindt\AppData\Local\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}

:Commands
[purity]
[resethosts]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]



Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd.


>>

Hent Combofix, og gem den på skrivebordet.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Klik med højre MusseTast et tilfældig sted på skrivebordet  ->  vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende med fed skrift ind:



Killall::
Snapshot::
FCopy::
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe | C:\Windows\System32\services.exe




klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.
Deaktiver dit antivirusprogram, hvis du ikke kan klikker du bare OK når Combofix advarer, så  vil den forsætte.
Tag så fat i den nye fil (CFScript) med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Den scanning tager lang tid, ha´ tålmodighed til loggen åbner automatisk, den vil også ligge her > c:\combofix.txt
Kopier den fremkomne log herind.

Får du noget der ligner denne fejl.
Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning
Så genstart, en gang mere, det burde løse det.

>>

Opdater din "Malwarebytes" og kør en "fuld systen skan". Lad den fjerne det, hvis den finder noget.
Læg loggen herind.
Avatar billede Roneklindt Novice
16. september 2012 - 17:21 #27
Her er der så alle de logs som jeg skulle gemme .. Håber i kan finde en løsning ..


OTL:


OTL logfile created on: 16-09-2012 13:42:19 - Run 2
OTL by OldTimer - Version 3.2.61.3    Folder = C:\Users\Roneklindt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

952,13 Mb Total Physical Memory | 354,22 Mb Available Physical Memory | 37,20% Memory free
2,12 Gb Paging File | 0,93 Gb Available in Paging File | 43,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 39,80 Gb Free Space | 57,14% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 45,33 Gb Free Space | 65,10% Space Free | Partition Type: NTFS
Drive F: | 7,20 Gb Total Space | 7,12 Gb Free Space | 98,81% Space Free | Partition Type: FAT32

Computer Name: RONEKLINDT-PC | User Name: Roneklindt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-09 18:26:58 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Roneklindt\Desktop\OTL.com
PRC - [2012-09-03 20:07:57 | 000,722,528 | ---- | M] () -- C:\Programmer\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012-09-03 20:07:32 | 000,947,808 | ---- | M] () -- C:\Programmer\AVG Secure Search\vprot.exe
PRC - [2012-08-13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgidsagent.exe
PRC - [2012-07-31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgtray.exe
PRC - [2012-07-26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgrsx.exe
PRC - [2012-07-18 18:14:18 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\RONEKL~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012-06-13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgnsx.exe
PRC - [2012-03-19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgemcx.exe
PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgwdsvc.exe
PRC - [2012-02-14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgcsrvx.exe
PRC - [2011-11-03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Programmer\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2010-11-26 15:36:32 | 001,762,688 | ---- | M] () -- C:\Programmer\Connect it\BecHelperService.exe
PRC - [2010-11-26 15:34:52 | 000,294,400 | ---- | M] () -- C:\Programmer\Connect it\LoggerServer.exe
PRC - [2009-04-11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-06-10 01:36:14 | 000,870,920 | ---- | M] (Dritek System Inc.) -- C:\Programmer\Launch Manager\LManager.exe
PRC - [2008-05-21 04:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008-04-30 19:02:40 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programmer\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008-03-21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Programmer\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008-03-21 13:22:32 | 000,376,832 | ---- | M] (acer) -- C:\Programmer\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
PRC - [2008-01-16 11:01:30 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007-12-06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007-02-13 02:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programmer\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006-10-31 00:00:00 | 000,139,264 | ---- | M] (Brother Industries,ltd) -- C:\Windows\System32\bsplmf01.exe
PRC - [2006-10-27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006-09-09 01:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programmer\Apoint2K\Hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2012-09-03 20:08:22 | 000,564,832 | ---- | M] () -- C:\Programmer\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012-09-03 20:07:59 | 000,132,704 | ---- | M] () -- C:\Programmer\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012-09-03 20:07:32 | 000,947,808 | ---- | M] () -- C:\Programmer\AVG Secure Search\vprot.exe
MOD - [2012-07-13 20:33:48 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012-07-13 20:33:27 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012-07-13 20:30:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012-07-13 20:27:51 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012-07-13 20:26:25 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012-07-13 20:06:30 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012-07-13 19:54:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012-07-13 19:54:17 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011-11-03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Programmer\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011-11-03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Programmer\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011-11-03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Programmer\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2009-04-11 08:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2009-03-31 20:05:00 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008-09-12 00:28:43 | 000,569,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3006.0__739b31b1908c49e5\Framework.UIComponent.dll
MOD - [2008-09-12 00:28:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008-09-12 00:28:43 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008-09-12 00:28:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008-04-30 16:00:02 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2003-06-07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programmer\Launch Manager\PowerUtl.dll


========== Services (SafeList) ==========

SRV - [2012-09-05 21:24:44 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programmer\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-09-03 20:07:57 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Programmer\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012-09-03 19:15:02 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-08-13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmer\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmer\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010-11-26 15:36:32 | 001,762,688 | ---- | M] () [Auto | Running] -- C:\Programmer\Connect it\BecHelperService.exe -- (BecHelperService)
SRV - [2008-03-21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programmer\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008-01-21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008-01-16 11:01:30 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007-12-06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007-08-24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007-02-13 02:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Programmer\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-04-14 10:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2006-04-14 10:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmer\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006-04-14 10:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005-10-14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmer\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012-09-03 20:08:02 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012-08-24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012-07-26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012-04-19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012-01-31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-12-23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-12-23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011-12-23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011-12-23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010-11-26 16:21:56 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010-11-26 16:21:52 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010-11-26 16:21:52 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010-11-26 16:21:52 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010-11-26 16:21:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2008-06-05 03:54:22 | 000,113,664 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008-04-15 20:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008-04-08 20:46:02 | 000,043,736 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008-04-06 04:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-03-21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008-02-01 09:14:36 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007-12-26 08:23:10 | 000,017,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TpChoice.sys -- (TpChoice)
DRV - [2006-11-29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/ (...)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/ (...)
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/ (...)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1940343515-965900618-618164863-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ (...)
IE - HKU\S-1-5-21-1940343515-965900618-618164863-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1940343515-965900618-618164863-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1940343515-965900618-618164863-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/ (...)
IE - HKU\S-1-5-21-1940343515-965900618-618164863-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/ (...)
IE - HKU\S-1-5-21-1940343515-965900618-618164863-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/ (...) 18:52:14&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1940343515-965900618-618164863-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.dk/ (...)
FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32
FF - prefs.js..keyword.URL: "https://isearch.avg.com/ (...)
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-09-10 16:38:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012-09-03 20:08:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-05 21:24:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-05 21:24:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-06-19 18:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roneklindt\AppData\Roaming\mozilla\Extensions
[2012-09-02 18:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roneklindt\AppData\Roaming\mozilla\Firefox\Profiles\p72hkaug.default\extensions
[2012-06-19 18:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2012-09-03 20:08:50 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
[2012-09-05 21:24:44 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-06-15 00:39:13 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-co-uk.xml
[2012-09-03 20:07:21 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-09-05 21:24:42 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-06-15 00:39:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-da.xml

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmer\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programmer\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programmer\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-1940343515-965900618-618164863-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ePower_DMC] C:\Programmer\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [LManager] C:\Programmer\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: E&ksporter til Microsoft Excel - C:\Programmer\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmer\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F279FA5-B709-435A-B245-95B2B1F69457}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programmer\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-12-26 13:59:40 | 000,000,513 | ---- | M] () - D:\Autodata CD2.lnk -- [ NTFS ]
O32 - AutoRun File - [2004-11-13 22:47:12 | 000,000,063 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{d92b55ae-c2be-11e1-8250-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d92b55ae-c2be-11e1-8250-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{d92b56ff-c2be-11e1-8250-001e101f4e71}\Shell - "" = AutoRun
O33 - MountPoints2\{d92b56ff-c2be-11e1-8250-001e101f4e71}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{ef4174bf-c2ca-11e1-a6ed-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{ef4174bf-c2ca-11e1-a6ed-001e101fe5e1}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-09-16 13:41:33 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Roneklindt\Desktop\OTL.com
[2012-09-10 16:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012-09-03 20:08:02 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012-08-29 23:27:46 | 000,000,000 | --SD | C] -- C:\BANANEN
[2012-08-29 23:27:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-08-29 21:32:56 | 000,000,000 | ---D | C] -- C:\Users\Roneklindt\Desktop\backups
[2012-08-29 12:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012-08-24 15:43:18 | 000,301,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012-08-21 20:49:43 | 000,000,000 | ---D | C] -- C:\Users\Roneklindt\AppData\Roaming\Malwarebytes
[2012-08-21 20:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-08-21 20:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-08-21 20:49:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-08-21 20:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-08-21 20:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2012-09-16 13:45:19 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-09-16 13:45:19 | 000,519,100 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2012-09-16 13:45:19 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-09-16 13:45:19 | 000,097,908 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2012-09-16 13:34:13 | 094,961,329 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012-09-16 13:28:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-16 13:28:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-09-16 13:28:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-16 13:28:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-15 20:09:43 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012-09-15 20:08:43 | 999,157,760 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-09 18:26:58 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Roneklindt\Desktop\OTL.com
[2012-09-08 17:58:01 | 000,280,905 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012-09-03 20:08:02 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012-09-03 19:14:59 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012-09-03 19:14:59 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012-08-29 21:37:33 | 000,024,576 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012-08-24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012-08-21 20:49:25 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-08-21 20:35:56 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2012-09-03 18:28:17 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-02 00:27:25 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@
[2012-09-02 00:27:24 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@
[2012-09-02 00:27:24 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@
[2012-09-01 21:49:45 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@
[2012-09-01 21:49:44 | 000,091,136 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000032.@
[2012-09-01 18:22:37 | 999,157,760 | -HS- | C] () -- C:\hiberfil.sys
[2012-08-21 20:49:25 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-08-21 20:35:56 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012-07-21 00:57:59 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\L\00000004.@
[2012-07-12 14:38:29 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@
[2012-07-12 14:38:29 | 000,002,048 | -HS- | C] () -- C:\Users\Roneklindt\AppData\Local\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@
[2012-06-30 16:26:30 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012-06-27 14:24:18 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012-06-27 14:24:17 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012-06-27 14:24:16 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2012-06-27 14:22:21 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2012-06-25 22:22:47 | 000,008,704 | ---- | C] () -- C:\Users\Roneklindt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-24 15:54:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012-06-24 15:54:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012-06-20 03:19:13 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2012-06-20 03:07:49 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2012-06-20 03:07:49 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2012-06-20 03:07:49 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2012-06-20 03:07:48 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2012-06-20 03:07:48 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2012-06-19 20:54:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012-06-19 17:54:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2012-06-19 17:49:29 | 000,000,000 | ---- | C] () -- C:\Windows\setup.INI
[2012-06-19 17:41:34 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2012-06-19 17:41:34 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2012-06-19 17:41:34 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2012-06-19 17:41:34 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

========== Custom Scans ==========

< :otl >

< @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4 >

< @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4 >

<  >

< :files >

< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@ >
[2012-09-02 00:27:25 | 000,013,312 | ---- | M] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@ >
[2012-09-02 00:27:24 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@ >
[2012-09-02 00:27:24 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@ >
[2012-09-01 21:49:45 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000032.@ >
[2012-09-14 20:02:28 | 000,091,136 | ---- | M] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000032.@

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\L\00000004.@ >
[2012-09-15 20:09:48 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\L\00000004.@

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@ >
[2011-11-18 22:23:34 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179} >

< C:\Users\Roneklindt\AppData\Local\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@ >
[2012-07-21 23:26:07 | 000,002,048 | -HS- | M] () -- C:\Users\Roneklindt\AppData\Local\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@

< C:\Users\Roneklindt\AppData\Local\{5fe39fe5-5c5f-abd8-783c-3092b01c6179} >

<  >

< :Commands >

< [purity] >

< [resethosts] >

< [EMPTYFLASH] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


COMBOFIX:

ComboFix 12-09-15.02 - Roneklindt 16-09-2012  14:25:43.1.1 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.45.1030.18.952.268 [GMT 2:00]
Kører fra: c:\users\Roneklindt\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Roneklindt\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\L\00000004.@
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\L\201d3dde
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000032.@
D:\autorun.inf
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --> c:\windows\System32\services.exe
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-08-16 til 2012-09-16  )))))))))))))))))))))))))))))))))))
.
.
2012-09-05 19:24 . 2012-09-05 19:24    73696    ----a-w-    c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-03 18:08 . 2012-09-03 18:08    27496    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2012-08-29 21:27 . 2012-08-29 21:27    --------    d-----w-    C:\BANANEN
2012-08-29 10:57 . 2012-08-29 10:57    --------    d-----w-    c:\program files\Microsoft Security Client
2012-08-24 13:43 . 2012-08-24 13:43    301920    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2012-08-21 18:49 . 2012-08-21 18:49    --------    d-----w-    c:\users\Roneklindt\AppData\Roaming\Malwarebytes
2012-08-21 18:49 . 2012-08-21 18:49    --------    d-----w-    c:\programdata\Malwarebytes
2012-08-21 18:49 . 2012-09-02 01:19    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2012-08-21 18:49 . 2012-07-03 11:46    22344    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-08-21 18:35 . 2012-09-02 01:19    --------    d-----w-    c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 17:14 . 2012-06-19 17:05    70344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 17:14 . 2012-06-19 17:05    426184    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2012-07-26 01:21 . 2012-07-26 01:21    237408    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2012-07-13 16:30 . 2012-07-13 16:30    161792    ----a-w-    c:\windows\system32\msls31.dll
2012-07-13 16:30 . 2012-07-13 16:30    1129472    ----a-w-    c:\windows\system32\wininet.dll
2012-07-13 16:30 . 2012-07-13 16:30    86528    ----a-w-    c:\windows\system32\iesysprep.dll
2012-07-13 16:30 . 2012-07-13 16:30    76800    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2012-07-13 16:30 . 2012-07-13 16:30    74752    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2012-07-13 16:30 . 2012-07-13 16:30    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2012-07-13 16:30 . 2012-07-13 16:30    63488    ----a-w-    c:\windows\system32\tdc.ocx
2012-07-13 16:30 . 2012-07-13 16:30    367104    ----a-w-    c:\windows\system32\html.iec
2012-07-13 16:30 . 2012-07-13 16:30    74752    ----a-w-    c:\windows\system32\iesetup.dll
2012-07-13 16:30 . 2012-07-13 16:30    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2012-07-13 16:30 . 2012-07-13 16:30    23552    ----a-w-    c:\windows\system32\licmgr10.dll
2012-07-13 16:30 . 2012-07-13 16:30    152064    ----a-w-    c:\windows\system32\wextract.exe
2012-07-13 16:30 . 2012-07-13 16:30    150528    ----a-w-    c:\windows\system32\iexpress.exe
2012-07-13 16:30 . 2012-07-13 16:30    420864    ----a-w-    c:\windows\system32\vbscript.dll
2012-07-13 16:30 . 2012-07-13 16:30    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2012-07-13 16:30 . 2012-07-13 16:30    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2012-07-13 16:30 . 2012-07-13 16:30    1800192    ----a-w-    c:\windows\system32\jscript9.dll
2012-07-13 16:30 . 2012-07-13 16:30    11776    ----a-w-    c:\windows\system32\mshta.exe
2012-07-13 16:30 . 2012-07-13 16:30    101888    ----a-w-    c:\windows\system32\admparse.dll
2012-07-13 16:30 . 2012-07-13 16:30    35840    ----a-w-    c:\windows\system32\imgutil.dll
2012-07-13 16:30 . 2012-07-13 16:30    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
2012-07-13 16:28 . 2012-07-13 16:28    979456    ----a-w-    c:\windows\system32\MFH264Dec.dll
2012-07-13 16:28 . 2012-07-13 16:28    357376    ----a-w-    c:\windows\system32\MFHEAACdec.dll
2012-07-13 16:28 . 2012-07-13 16:28    302592    ----a-w-    c:\windows\system32\mfmp4src.dll
2012-07-13 16:28 . 2012-07-13 16:28    261632    ----a-w-    c:\windows\system32\mfreadwrite.dll
2012-07-13 16:28 . 2012-07-13 16:28    98816    ----a-w-    c:\windows\system32\mfps.dll
2012-07-13 16:28 . 2012-07-13 16:28    2873344    ----a-w-    c:\windows\system32\mf.dll
2012-07-13 16:28 . 2012-07-13 16:28    209920    ----a-w-    c:\windows\system32\mfplat.dll
2012-07-13 16:28 . 2012-07-13 16:28    586240    ----a-w-    c:\windows\system32\stobject.dll
2012-07-13 16:28 . 2012-07-13 16:28    135680    ----a-w-    c:\windows\system32\XpsRasterService.dll
2012-07-13 16:28 . 2012-07-13 16:28    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2012-07-13 16:28 . 2012-07-13 16:28    478720    ----a-w-    c:\windows\system32\dxgi.dll
2012-07-13 16:28 . 2012-07-13 16:28    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2012-07-13 16:28 . 2012-07-13 16:28    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2012-07-13 16:28 . 2012-07-13 16:28    638336    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2012-07-13 16:28 . 2012-07-13 16:28    37376    ----a-w-    c:\windows\system32\cdd.dll
2012-07-13 16:28 . 2012-07-13 16:28    258048    ----a-w-    c:\windows\system32\winspool.drv
2012-07-13 16:28 . 2012-07-13 16:28    667648    ----a-w-    c:\windows\system32\printfilterpipelinesvc.exe
2012-07-13 16:28 . 2012-07-13 16:28    26112    ----a-w-    c:\windows\system32\printfilterpipelineprxy.dll
2012-07-13 16:28 . 2012-07-13 16:28    847360    ----a-w-    c:\windows\system32\OpcServices.dll
2012-07-13 16:28 . 2012-07-13 16:28    1554432    ----a-w-    c:\windows\system32\xpsservices.dll
2012-07-13 16:26 . 2012-07-13 16:26    4096    ----a-w-    c:\windows\system32\drivers\da-DK\dxgkrnl.sys.mui
2012-07-13 16:26 . 2012-07-13 16:26    369664    ----a-w-    c:\windows\system32\WMPhoto.dll
2012-07-13 16:26 . 2012-07-13 16:26    252928    ----a-w-    c:\windows\system32\dxdiag.exe
2012-07-13 16:26 . 2012-07-13 16:26    195584    ----a-w-    c:\windows\system32\dxdiagn.dll
2012-07-13 16:26 . 2012-07-13 16:26    519680    ----a-w-    c:\windows\system32\d3d11.dll
2012-07-13 16:26 . 2012-07-13 16:26    974848    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2012-07-13 16:26 . 2012-07-13 16:26    321024    ----a-w-    c:\windows\system32\PhotoMetadataHandler.dll
2012-07-13 16:26 . 2012-07-13 16:26    189440    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2012-06-30 14:26 . 2012-06-30 14:26    67156    ----a-w-    c:\windows\Huawei ModemsUninstall.exe
2012-06-20 18:55 . 2012-06-20 18:56    772592    ----a-w-    c:\windows\system32\npDeployJava1.dll
2012-06-20 18:55 . 2012-06-20 18:56    687600    ----a-w-    c:\windows\system32\deployJava1.dll
2012-06-20 01:10 . 2012-06-20 01:10    6656    ----a-w-    c:\windows\system32\kbd106n.dll
2012-06-19 15:41 . 2012-06-19 15:41    319456    ----a-w-    c:\windows\DIFxAPI.dll
2012-06-19 15:41 . 2012-06-19 15:41    315392    ----a-w-    c:\windows\HideWin.exe
2012-09-05 19:24 . 2012-06-19 16:40    266720    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-03 18:07    1734240    ----a-w-    c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-03 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-09 870920]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-03 947808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-15 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03    303104    ----a-w-    c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 17:15]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/ig?hl=da
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=2&o=vb32&d=0612&m=extensa_5230
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\users\Roneklindt\AppData\Roaming\Mozilla\Firefox\Profiles\p72hkaug.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/ig
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B379ce5f9-e061-427e-a3ab-46694dec1fff%7D&mid=297acc72ec3547d0966bd154343c1f21-fab9e376f2db6063f21074670f3e748cbe54e38d&ds=AVG&v=12.2.5.32&lang=da&pr=fr&d=2012-06-19%2018%3A52%3A14&sap=ku&q=
.
- - - - TOMME GENVEJE FJERNET - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-16 14:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Connect it\BecHelperService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Connect it\LoggerServer.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG2012\avgidsagent.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Gennemført tid: 2012-09-16  14:45:35 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2012-09-16 12:45
.
Pre-Kørsel: 42.326.761.472 byte ledig
Post-Kørsel: 42.514.075.648 byte ledig
.
- - End Of File - - B50041C8547DF9BEEDAE88738808217D

MALWARE FØR SLETNING:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.16.04

Windows Vista Service Pack 2 x86 FAT32
Internet Explorer 9.0.8112.16421
Roneklindt :: RONEKLINDT-PC [administrator]

16-09-2012 14:49:18
mbam-log-2012-09-16 (15-40-14).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 288939
Tid gået: 46 minut(ter), 50 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 5
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@.vir (Rootkit.Zaccess) -> Ingen handling valgt.
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Ingen handling valgt.
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@.vir (Rootkit.0Access) -> Ingen handling valgt.
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@.vir (Trojan.Small) -> Ingen handling valgt.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Ingen handling valgt.

(færdig)



MALWARE EFTER SLETNING:



Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.16.04

Windows Vista Service Pack 2 x86 FAT32
Internet Explorer 9.0.8112.16421
Roneklindt :: RONEKLINDT-PC [administrator]

16-09-2012 14:49:18
mbam-log-2012-09-16 (14-49-18).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 288939
Tid gået: 46 minut(ter), 50 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 5
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@.vir (Rootkit.Zaccess) -> Sat i karantæne og slettet succesfuldt.
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Sat i karantæne og slettet succesfuldt.
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@.vir (Rootkit.0Access) -> Sat i karantæne og slettet succesfuldt.
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@.vir (Trojan.Small) -> Sat i karantæne og slettet succesfuldt.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Sat i karantæne og slettet succesfuldt.

(færdig)
Avatar billede sullep Nybegynder
16. september 2012 - 17:47 #28
Du har kørt OTL forkert, du skal klikke på "Run Fix" ikke på "Run Scan".


Kør OTL > Kopier teksten med fed skrift ind under "Custom Scans/Fixes" og klik på "Run Fix".


:otl
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

:files
ipconfig /flushdns /c
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000032.@
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\L\00000004.@
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@
C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}
C:\Users\Roneklindt\AppData\Local\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@
C:\Users\Roneklindt\AppData\Local\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}

:Commands
[purity]
[resethosts]
[EMPTYFLASH]
[EMPTYJAVA]
[ClearAllRestorePoints]
[Reboot]


Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd.

>>

Åbn et nyt Tekstdukoment  og kopier teksten med fed skrift ind, gem den som CFScript.txt samme sted som Combofix.


Killall::
Snapshot::


Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier den fremkomne log herind.

>>

Download Rogue Killer, gem den på skrivebordet.

http://www.sur-la-toile.com/RogueKiller/


Fjern Alle USB nøgler og Externe Harddiske før du kører programmet.
 
Start Rogue Killer, vent til den har scannet, klik så på Scan, når den har scannet så luk programmet.
Der ligger nu en logfil på skrivebordet, kopier indholdet af den herind.
Avatar billede Roneklindt Novice
16. september 2012 - 20:37 #29
Den eneste log jeg har fået er combofix


ComboFix 12-09-15.02 - Roneklindt 16-09-2012  20:19:28.2.1 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.45.1030.18.952.308 [GMT 2:00]
Kører fra: c:\users\Roneklindt\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Roneklindt\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-08-16 til 2012-09-16  )))))))))))))))))))))))))))))))))))
.
.
2012-09-16 18:27 . 2012-09-16 18:30    --------    d-----w-    c:\users\Roneklindt\AppData\Local\temp
2012-09-16 18:27 . 2012-09-16 18:27    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-09-16 18:06 . 2012-09-16 18:06    --------    d-----w-    C:\_OTL
2012-09-05 19:24 . 2012-09-05 19:24    73696    ----a-w-    c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-03 18:08 . 2012-09-03 18:08    27496    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2012-08-29 21:27 . 2012-08-29 21:27    --------    d-----w-    C:\BANANEN
2012-08-29 10:57 . 2012-08-29 10:57    --------    d-----w-    c:\program files\Microsoft Security Client
2012-08-24 13:43 . 2012-08-24 13:43    301920    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2012-08-21 18:49 . 2012-08-21 18:49    --------    d-----w-    c:\users\Roneklindt\AppData\Roaming\Malwarebytes
2012-08-21 18:49 . 2012-08-21 18:49    --------    d-----w-    c:\programdata\Malwarebytes
2012-08-21 18:49 . 2012-09-16 12:48    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2012-08-21 18:49 . 2012-09-07 15:04    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-08-21 18:35 . 2012-09-02 01:19    --------    d-----w-    c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 17:14 . 2012-06-19 17:05    70344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 17:14 . 2012-06-19 17:05    426184    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2012-07-26 01:21 . 2012-07-26 01:21    237408    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2012-07-13 16:30 . 2012-07-13 16:30    161792    ----a-w-    c:\windows\system32\msls31.dll
2012-07-13 16:30 . 2012-07-13 16:30    1129472    ----a-w-    c:\windows\system32\wininet.dll
2012-07-13 16:30 . 2012-07-13 16:30    86528    ----a-w-    c:\windows\system32\iesysprep.dll
2012-07-13 16:30 . 2012-07-13 16:30    76800    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2012-07-13 16:30 . 2012-07-13 16:30    74752    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2012-07-13 16:30 . 2012-07-13 16:30    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2012-07-13 16:30 . 2012-07-13 16:30    63488    ----a-w-    c:\windows\system32\tdc.ocx
2012-07-13 16:30 . 2012-07-13 16:30    367104    ----a-w-    c:\windows\system32\html.iec
2012-07-13 16:30 . 2012-07-13 16:30    74752    ----a-w-    c:\windows\system32\iesetup.dll
2012-07-13 16:30 . 2012-07-13 16:30    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2012-07-13 16:30 . 2012-07-13 16:30    23552    ----a-w-    c:\windows\system32\licmgr10.dll
2012-07-13 16:30 . 2012-07-13 16:30    152064    ----a-w-    c:\windows\system32\wextract.exe
2012-07-13 16:30 . 2012-07-13 16:30    150528    ----a-w-    c:\windows\system32\iexpress.exe
2012-07-13 16:30 . 2012-07-13 16:30    420864    ----a-w-    c:\windows\system32\vbscript.dll
2012-07-13 16:30 . 2012-07-13 16:30    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2012-07-13 16:30 . 2012-07-13 16:30    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2012-07-13 16:30 . 2012-07-13 16:30    1800192    ----a-w-    c:\windows\system32\jscript9.dll
2012-07-13 16:30 . 2012-07-13 16:30    11776    ----a-w-    c:\windows\system32\mshta.exe
2012-07-13 16:30 . 2012-07-13 16:30    101888    ----a-w-    c:\windows\system32\admparse.dll
2012-07-13 16:30 . 2012-07-13 16:30    35840    ----a-w-    c:\windows\system32\imgutil.dll
2012-07-13 16:30 . 2012-07-13 16:30    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
2012-07-13 16:28 . 2012-07-13 16:28    979456    ----a-w-    c:\windows\system32\MFH264Dec.dll
2012-07-13 16:28 . 2012-07-13 16:28    357376    ----a-w-    c:\windows\system32\MFHEAACdec.dll
2012-07-13 16:28 . 2012-07-13 16:28    302592    ----a-w-    c:\windows\system32\mfmp4src.dll
2012-07-13 16:28 . 2012-07-13 16:28    261632    ----a-w-    c:\windows\system32\mfreadwrite.dll
2012-07-13 16:28 . 2012-07-13 16:28    98816    ----a-w-    c:\windows\system32\mfps.dll
2012-07-13 16:28 . 2012-07-13 16:28    2873344    ----a-w-    c:\windows\system32\mf.dll
2012-07-13 16:28 . 2012-07-13 16:28    209920    ----a-w-    c:\windows\system32\mfplat.dll
2012-07-13 16:28 . 2012-07-13 16:28    586240    ----a-w-    c:\windows\system32\stobject.dll
2012-07-13 16:28 . 2012-07-13 16:28    135680    ----a-w-    c:\windows\system32\XpsRasterService.dll
2012-07-13 16:28 . 2012-07-13 16:28    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2012-07-13 16:28 . 2012-07-13 16:28    478720    ----a-w-    c:\windows\system32\dxgi.dll
2012-07-13 16:28 . 2012-07-13 16:28    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2012-07-13 16:28 . 2012-07-13 16:28    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2012-07-13 16:28 . 2012-07-13 16:28    638336    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2012-07-13 16:28 . 2012-07-13 16:28    37376    ----a-w-    c:\windows\system32\cdd.dll
2012-07-13 16:28 . 2012-07-13 16:28    258048    ----a-w-    c:\windows\system32\winspool.drv
2012-07-13 16:28 . 2012-07-13 16:28    667648    ----a-w-    c:\windows\system32\printfilterpipelinesvc.exe
2012-07-13 16:28 . 2012-07-13 16:28    26112    ----a-w-    c:\windows\system32\printfilterpipelineprxy.dll
2012-07-13 16:28 . 2012-07-13 16:28    847360    ----a-w-    c:\windows\system32\OpcServices.dll
2012-07-13 16:28 . 2012-07-13 16:28    1554432    ----a-w-    c:\windows\system32\xpsservices.dll
2012-07-13 16:26 . 2012-07-13 16:26    4096    ----a-w-    c:\windows\system32\drivers\da-DK\dxgkrnl.sys.mui
2012-07-13 16:26 . 2012-07-13 16:26    369664    ----a-w-    c:\windows\system32\WMPhoto.dll
2012-07-13 16:26 . 2012-07-13 16:26    252928    ----a-w-    c:\windows\system32\dxdiag.exe
2012-07-13 16:26 . 2012-07-13 16:26    195584    ----a-w-    c:\windows\system32\dxdiagn.dll
2012-07-13 16:26 . 2012-07-13 16:26    519680    ----a-w-    c:\windows\system32\d3d11.dll
2012-07-13 16:26 . 2012-07-13 16:26    974848    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2012-07-13 16:26 . 2012-07-13 16:26    321024    ----a-w-    c:\windows\system32\PhotoMetadataHandler.dll
2012-07-13 16:26 . 2012-07-13 16:26    189440    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2012-06-30 14:26 . 2012-06-30 14:26    67156    ----a-w-    c:\windows\Huawei ModemsUninstall.exe
2012-06-20 18:55 . 2012-06-20 18:56    772592    ----a-w-    c:\windows\system32\npDeployJava1.dll
2012-06-20 18:55 . 2012-06-20 18:56    687600    ----a-w-    c:\windows\system32\deployJava1.dll
2012-06-20 01:10 . 2012-06-20 01:10    6656    ----a-w-    c:\windows\system32\kbd106n.dll
2012-06-19 15:41 . 2012-06-19 15:41    319456    ----a-w-    c:\windows\DIFxAPI.dll
2012-06-19 15:41 . 2012-06-19 15:41    315392    ----a-w-    c:\windows\HideWin.exe
2012-09-05 19:24 . 2012-06-19 16:40    266720    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-03 18:07    1734240    ----a-w-    c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-03 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-09 870920]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-03 947808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-15 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03    303104    ----a-w-    c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 17:15]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/ig?hl=da
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=2&o=vb32&d=0612&m=extensa_5230
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\users\Roneklindt\AppData\Roaming\Mozilla\Firefox\Profiles\p72hkaug.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/ig
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B379ce5f9-e061-427e-a3ab-46694dec1fff%7D&mid=297acc72ec3547d0966bd154343c1f21-fab9e376f2db6063f21074670f3e748cbe54e38d&ds=AVG&v=12.2.5.32&lang=da&pr=fr&d=2012-06-19%2018%3A52%3A14&sap=ku&q=
.
- - - - TOMME GENVEJE FJERNET - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-16 20:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Connect it\BecHelperService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Connect it\LoggerServer.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG2012\avgidsagent.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Gennemført tid: 2012-09-16  20:34:56 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2012-09-16 18:34
ComboFix2.txt  2012-09-16 12:45
.
Pre-Kørsel: 42.353.840.128 byte ledig
Post-Kørsel: 42.125.127.680 byte ledig
.
- - End Of File - - 8E68FF089093FE11DB121546C9E812D9
Avatar billede Roneklindt Novice
16. september 2012 - 21:02 #30
ROGUKILLER :



RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Roneklindt [Admin rights]
Mode : Scan -- Date : 09/16/2012 21:00:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1      localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] c95467ed405f13e8c6fc24f1b0193774
[BSP] a513f3f10ad7ff5b30ea247d85102498 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20482048 | Size: 71317 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 166539264 | Size: 71308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
Avatar billede sullep Nybegynder
17. september 2012 - 11:41 #31
Vi rydder lige lidt op nu.


Tast <Windows> + <R> samtidig, det vil åbne kør, kopier dette ind: combofix /Uninstall
Tryk enter

Det vil fjerne Combofix og nulstille urets indstillinger.
Nulstille systemgendannelsen.
Skjule filtypenavne hvis det kræves.
Skjule System/skjulte filer hvis det kræves.

>>

Kør OTL > Klik på "CleanUp".

Det vil afinstaller  OTL og nogle af de andre programmer vi har brugt til rensning, dem den ikke fjerner må du slette manuelt.

>>

Ca. 5% af alt snavs snyder sig fint forbi din sikkerhedspakke hvis du ikke har opdateret Java, Adobe Reader og Flash. Desuden er det vigtigt at især ældre versioner af disse tre programmer er afinstalleret.

Sådan tjekker du om du har seneste version af Java:

Gå ind på siden her: http://java.com/en/download/installed.jsp og klik på "Verify Java version"
Nu undersøges om du har seneste Java. Hvis ikke så skal du downloade seneste version og installere den. Før du gør det skal du gå i Kontrolpanelet og finde "Tilføj/fjern programmer og afinstallere den gamle version. Der kan ligge flere forældede versioner så afinstaller også dem. Du bør genstarte før du installerer seneste version. Seneste version hedder i skrivende stund, den 17. september 2012: Version 7 Update 7.

>>

Afinstaller Adobe Reader 8.1.0
Installer den nye

Hent en ny Adobe Reader.
http://get.adobe.com/reader/ (Husk at fravælge Google Toolbar)

Start > Programmer > Adobe Reader. Åbn Adobe Reader. Klik på "Hjælp" i menuen allerøverst. Klik på "Kontrollér for opdateringer" Får du en info som siger: "Der er ingen tilgængelige opdateringer" så har du seneste version. Seneste version er i skrivende stund, den 17.september 2012:
10.1.4

>>

Sådan tjekker du om du har seneste version af Flash:
På denne side http://www.adobe.com/software/flash/about/  kan du tjekke hvilken version af Flash du har på din computer. Hos mig står der: You have version 11.4.402.265 installed. På samme side ser jeg at det er seneste version, så det er helt ok hos mig.

>>

Hvis den PC er en bærbar, så tilslut strømadapter inden du kører den online scanning, det tager lang tid.

Kør ESET online scanner, følg vejledningen her, kopier den logfil herind.
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=340&title=eset-online-scanner


>>

Hent og gem Farbar Service Scanner på skrivebordet.
http://download.bleepingcomputer.com/farbar/FSS.exe

Start den og sæt flueben i følgende.

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender

Klik på Scan.
Den laver en log (FSS.txt). Kopier den herind i dit næste indlæg.

>>

Hvordan kører PC´n nu?
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:46 Fil- og mappeantal stiger ved kopiering ("backup"). Hvorfor? Af hjertet i Windows
I går 15:59 Filer kan ikke åbnes. Af barth i Office & Kontorpakker
I går 14:10 Software Installation på separate disk. Af Owan i Office & Kontorpakker
I går 13:38 Software Inc. Aktiveringen Af Owan i Backup- & Antivirus
I går 12:02 vCard æøå bliver til ? Af HHA i Excel
White papers
Flere white papers »


Premium
Teaser billede
Norlys’ overtagelse af Ewiis fibernet-forretning trækker ud: Ventes først på plads til sommer
Læs mere »
Regeringen vil indføre aldersgrænse for brug af sociale medier i Danmark
Ifølge USA udgør Rusland pludselig ikke længere nogen cyber-trussel: Dubex-direktør Jacob Herbst er bekymret
Datoen sat for Region Syddanmarks kæmpe GDPR-sag i Vestre Landsret
Se alle »
Computerworld
Teaser billede
Vi prøvekører den nye Tesla Model Y: Man kan sige hvad man vil om Elon Musk, men han kan saftsuseme godt bygge biler
Læs mere »
Ny mikro-pc er mindre end en spillekonsol og byder på super-evner
Test: Nyt indendørs overvågningskamera har nogle snedige tricks gemt i softwarepakken
Fem amerikanske techgiganter styrer Danmark: Det kan få store konsekvenser
Se alle »
CIO
Teaser billede
Carsten advarede som it-sikkerhedschef om problemer og blev fyret: "Det endte med voksen-mobning af værste skuffe"
Læs mere »
Kommunale it-chefer håber, at Microsoft kommer til fornuft: "Det er helt grotesk"
Microsoft fuldender sit løfte om europæisk data-opbevaring – men der er en række undtagelser
Offentlige virksomheder hjemtager ejerskab af deres it: Her er årsagerne
Se alle »
Job & Karriere
Teaser billede
40 år gammelt dansk it-selskab fusionerer med hollandsk firma og skifter navn
Læs mere »
Her er deres månedsløn: Så meget tjener CIO'erne i de danske regioner - den bedst lønnede får mere end digitaliseringsministeren
Microsoft fyrer de dårligst performende ansatte: Disse jobtitler bliver ramt
Carsten advarede som it-sikkerhedschef om problemer og blev fyret: "Det endte med voksen-mobning af værste skuffe"
Se alle »
White paper
Teaser billede
Sikkerhed gjort enkelt: Beskyt din virksomhed direkte i browseren
Læs mere »
TIDSBEGRÆNSET KAMPAGNE: Overvejer du at udskifte eller tilføje printere i din forretning? Vi kan tilbyde én eller flere maskiner GRATIS.
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »