Avatar billede Coldize Nybegynder
16. september 2012 - 12:37 Der er 23 kommentarer og
1 løsning

En lille trojaner på computeren

Hej

Jeg er løbet ind i det at jeg skal fjerne en trojaner som AVG har fundet.
Den skulle dog ha' slettet noget, men jeg vil gerne være helt sikker på at der ikke er mere af den tilbage.

Jeg kan ikke få lov til at gå i søgemaskiner, som f.eks. Google, jeg mistænker "Trojaneren" for at ha' noget med det at gøre.

Jeg har hentet HiJackThis og har lavet en log fil som jeg håber der er en af jer der vil være søde at kigge på.

På forhånd tak.

Hilsen Belinda

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:39, on 16-09-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\AVG\AVG8\avgscanx.exe
C:\Programmer\AVG\AVG8\avgcsrvx.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\AVG\AVG8\avgscanx.exe
C:\Programmer\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\HJC\Dokumenter\Hentede filer\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelAgent] C:\WINDOWS\Temp\temp68.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uudvo5uwwckc] C:\DOCUME~1\HJC\LOKALE~1\Temp\5.tmp
O4 - HKCU\..\Run: [Antivirus Protection] "C:\Documents and Settings\HJC\Application Data\Antivirus Protection\AntivirusProtection2012.exe" /STARTUP
O4 - HKCU\..\Run: [Antivirus Protection 2012 SM] C:\Documents and Settings\HJC\Application Data\Antivirus Protection\securitymanager.exe
O4 - HKCU\..\Run: [Antivirus Protection 2012 SH] C:\Documents and Settings\HJC\Application Data\Antivirus Protection\securityhelper.exe
O4 - HKLM\..\Policies\Explorer\Run: [1157] C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mskaezzhv.pif
O4 - HKCU\..\Policies\Explorer\Run: [Microsoft Windows] C:\Documents and Settings\HJC\Application Data\091588.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190359451943
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} - https://lra.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} (Dataloen.ctlVirtuelDesktop) - http://activex.dataloen.dk/controls/Dataloen3333.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: b04d0485382 - C:\WINDOWS\system32\__c00525F1.dat (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Programmer\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmer\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe

--
End of file - 7271 bytes
Avatar billede f-arn Guru
16. september 2012 - 13:01 #1
Hvad hed trojaneren ?

------

Hvorfor p..... kører dustadig med Internet Explorer 7 og AVG 8 ???
Avatar billede f-arn Guru
16. september 2012 - 13:04 #2
dustadig=du stadig *S*

Og PCen er bestemt ikke "ren" !!
Avatar billede Coldize Nybegynder
16. september 2012 - 13:09 #3
Jeg forsøgte igår at sætte Windows update igang med at opdatere men måtte slet ikke gøre noget som helst. Kunne ikke engang gå i Windows funktioner.
Fandt dog ud af idag at jeg skulle sætte EXE til program og ikke aplikation som den pludselig stod til. (Underligt)
Jeg har nu forsøgt at gå i Windows Update og den spørger om jeg vil "installere Windows Update". Øh er det ikke allerede installeret.

------

Jeg skrev lige et par af de navne som jeg bed mærke i at AVG fandt.

    Trojan horse generic28.camr

    Trojan horse generic29.mvw

    Trojan horse dropper generic26.alvw

Håber dette forklarer nok.
Avatar billede Coldize Nybegynder
16. september 2012 - 13:10 #4
Okay. Hvad er der da stadig på den.
Jeg prøver lige at installere ccleaner.
Den plejer at kunne tage meget.
Avatar billede f-arn Guru
16. september 2012 - 13:13 #5
Hent "Malwarebytes' Anti-Malware" her

eller her

Installer og start programmet, klik på fanen opdater, klik Tjek for opdatering, lav "Hurtig skan" under fanebladet "skanner"
Bagefter klik på "vis resultater", tryk på "Fjern det valgte" og send loggen herind sammen med logs fra DDS som du finder her

Du kan også bruge denne DDS.

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af begge  herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet.

NB Når du opdaterer Malwarebytes, så klik på Tjek for opdatering til den skriver at der ikke er flere opdateringer.
Avatar billede 220661 Ekspert
16. september 2012 - 13:42 #6
Jeg er enig med f-arn i at den slet ikke er ren.
Kigger lige med for at lære om DDS og hijackThis
De elementer jeg bemærker er:

O4 - HKCU\..\Run: [Antivirus Protection] "C:\Documents and Settings\HJC\Application Data\Antivirus Protection\AntivirusProtection2012.exe" /STARTUP
O4 - HKCU\..\Run: [Antivirus Protection 2012 SM] C:\Documents and Settings\HJC\Application Data\Antivirus Protection\securitymanager.exe
O4 - HKCU\..\Run: [Antivirus Protection 2012 SH] C:\Documents and Settings\HJC\Application Data\Antivirus Protection\securityhelper.exe
O4 - HKLM\..\Run: [IntelAgent] C:\WINDOWS\Temp\temp68.exe
og denne her sætter jeg også et spørgsmålstegn ved?
O4 - HKCU\..\Run: [uudvo5uwwckc] C:\DOCUME~1\HJC\LOKALE~1\Temp\5.tmp

Med hensyn til AVG så bør du opdatere til den nyeste udgave:
http://www.alt-til-windows.dk/?Artikler/AnmeldelseAfAVGAnti-VirusFree2013/1186
Samt at opdatere din browser til IE8.
Det kan du gøre enten her:
http://www.microsoft.com/da-dk/download/details.aspx?id=43
eller under windows update. Vil mene den ligger under brugerdefinerede opdateringer.
Avatar billede 220661 Ekspert
16. september 2012 - 14:02 #7
#3 Der skal installeres en fil fra Microsoft der hedder Windows Upate  for at tilgå Microsoft update, så det skal du sige ja til.
Du må mangle rigtig mange opdateringer.
Avatar billede Coldize Nybegynder
16. september 2012 - 14:08 #8
Hermed loggen fra Malware.

Med hensyn til DDS kunne jeg ikke få lov til at scanne den færdigt. Computeren frøs ved ml. 2 og 3 min scanning.
Har forsøgt tre gange og med begge dine links.

Malwarebytes Anti-Malware (Prøveversion) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.16.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
HJC :: BJERGLY [administrator]

Beskyttelse: Slået til

16-09-2012 13:26:29
mbam-log-2012-09-16 (13-26-29).txt

Skanningstype: Hurtig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 213330
Tid gået: 12 minut(ter), 15 sekund(er)

Hukommelses Processorer Inficeret: 2
C:\WINDOWS\Temp\temp68.exe (Trojan.FakeAlert) -> 2472 -> Bliver slettet ved genstart.
C:\Documents and Settings\HJC\Application Data\Antivirus Protection\securityhelper.exe (Trojan.FakeAlert) -> 2828 -> Bliver slettet ved genstart.

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 3
HKCR\sp (TrojanProxy.Agent) -> Sat i karantæne og slettet succesfuldt.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Sat i karantæne og slettet succesfuldt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Sat i karantæne og slettet succesfuldt.

Registreringsdatabaseværdier Inficeret: 6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IntelAgent (Trojan.FakeAlert) -> Data: C:\WINDOWS\Temp\temp68.exe -> Sat i karantæne og slettet succesfuldt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Antivirus Protection 2012 SH (Trojan.FakeAlert) -> Data: C:\Documents and Settings\HJC\Application Data\Antivirus Protection\securityhelper.exe -> Sat i karantæne og slettet succesfuldt.
HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\rbb.exe" -a "%1" %* -> Sat i karantæne og slettet succesfuldt.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\{c473eeac-8377-1d7f-e234-fef60c4d9044}\n. -> Sat i karantæne og slettet succesfuldt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Microsoft Windows (Trojan.Agent.MSGen) -> Data: C:\Documents and Settings\HJC\Application Data\091588.exe -> Sat i karantæne og slettet succesfuldt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|1157 (Trojan.Agent) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mskaezzhv.pif -> Bliver slettet ved genstart.

Registreringsdatabasedata Objekter Inficeret: 5
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Dårlig: (\\.\globalroot\systemroot\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\n.) God: (wbemess.dll) -> Sat i karantæne og erstattet succesfuldt.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Dårlig: ("C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\rbb.exe" -a "C:\Programmer\Internet Explorer\iexplore.exe") God: (iexplore.exe) -> Sat i karantæne og erstattet succesfuldt.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Dårlig: (1) God: (0) -> Sat i karantæne og erstattet succesfuldt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Dårlig: (1) God: (0) -> Sat i karantæne og erstattet succesfuldt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Dårlig: (1) God: (0) -> Sat i karantæne og erstattet succesfuldt.

Inficerede Mapper: 1
C:\Documents and Settings\HJC\Menuen Start\Programmer\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Sat i karantæne og slettet succesfuldt.

Inficerede Filer: 23
C:\WINDOWS\Temp\temp68.exe (Trojan.FakeAlert) -> Bliver slettet ved genstart.
C:\Documents and Settings\HJC\Application Data\Antivirus Protection\securityhelper.exe (Trojan.FakeAlert) -> Bliver slettet ved genstart.
C:\Documents and Settings\All Users\Application Data\38C4.tmp (Rogue.InternetSecurity) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\All Users\Application Data\64E4.tmp (Rogue.InternetSecurity) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\2.tmp (Rogue.InternetSecurity) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\2A.tmp (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\3738625.exe (Trojan.Agent) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\3755187.exe (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\4.tmp (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\5.tmp (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\91694593.exe (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\jar_cache3432750702085744128.tmp (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\~!#35.tmp (Trojan.Lameshield) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\~!#36.tmp (Trojan.Lameshield) -> Sat i karantæne og slettet succesfuldt.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\n (Trojan.Sirefef) -> Bliver slettet ved genstart.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\L\00000008.@ (Trojan.BitMiner) -> Sat i karantæne og slettet succesfuldt.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\U\00000004.@ (Rootkit.Zaccess) -> Sat i karantæne og slettet succesfuldt.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Sat i karantæne og slettet succesfuldt.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\U\000000cb.@ (Rootkit.0Access) -> Sat i karantæne og slettet succesfuldt.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\U\80000000.@ (Trojan.Small) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\ms0cfg32.exe (Exploit.Drop.GS) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Skrivebord\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Menuen Start\Programmer\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Sat i karantæne og slettet succesfuldt.

(færdig)
Avatar billede Coldize Nybegynder
16. september 2012 - 14:09 #9
Jeg får Windows update igang med det samme.
Avatar billede f-arn Guru
16. september 2012 - 14:16 #10
Du skal ikke køre Windows update nu !!!

Jeg vil gerne se de logs fra DDS !!!
Avatar billede f-arn Guru
16. september 2012 - 14:35 #11
Hvis du ikke kan få DDS til at virke, så gør dette i stedet.

------

Download OTL af OldTimer og gem den på dit skrivebord.

Start OTL

Øverst sætter du flueben i "Scan All Users"

I boksen "Custom Scans/Fixes" kopierer du det fremhævede ind.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemroot%\*. /mp /s
HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 /s
HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32 /s
DRIVES
CREATERESTOREPOINT



Luk alle åbne vinduer og klik på "Quick Scan"  og lad programmet køre.

Det vil give to logfiler på skrivebordet, OTL.txt og Extras.txt.

Så kopier følgende ind i dit næste indlæg (i rækkefølge):

Indholdet af OTL.txt
Indholdet af Extras.txt
Avatar billede Coldize Nybegynder
16. september 2012 - 15:14 #12
Så langt om længe fik jeg nogle logs.:

OTL logfile created on: 16-09-2012 15:01:56 - Run 1
OTL by OldTimer - Version 3.2.61.5    Folder = C:\Documents and Settings\HJC\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,60% Memory free
1,85 Gb Paging File | 1,60 Gb Available in Paging File | 86,12% Paging File free
Paging file location(s):  [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 37,23 Gb Total Space | 21,57 Gb Free Space | 57,94% Space Free | Partition Type: NTFS

Computer Name: BJERGLY | User Name: HJC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-16 15:00:34 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HJC\Skrivebord\OTL.exe
PRC - [2012-09-07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programmer\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-09-07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008-04-14 18:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-09-10 15:32:48 | 000,053,248 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\SYSTEM32\BrmfBAgS.exe
PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\MDM.EXE
PRC - [2002-05-08 11:51:52 | 000,212,992 | ---- | M] (Intel Corporation) -- C:\Programmer\intel\ASF Agent\ASFAgent.exe
PRC - [2001-08-17 22:36:00 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\SYSTEM32\BrmfRsmg.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2012-09-07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmer\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-09-04 18:41:54 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-04-21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programmer\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2008-11-04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005-04-04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-09-10 15:32:48 | 000,053,248 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\BrmfBAgS.exe -- (brmfbags)
SRV - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\MDM.EXE -- (MDM)
SRV - [2002-05-08 11:51:52 | 000,212,992 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmer\intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2002-05-03 13:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\xphwtgbu.sys -- (ouso)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2012-03-28 12:42:34 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2009-06-30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys -- (pavboot)
DRV - [2008-04-14 17:38:19 | 000,028,416 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\grserial.sys -- (GCR410P)
DRV - [2008-04-13 20:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mf.sys -- (mf)
DRV - [2007-01-23 16:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - [2007-01-23 16:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV - [2007-01-23 16:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV - [2007-01-23 16:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042mou.Sys -- (L8042mou)
DRV - [2007-01-23 16:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007-01-23 16:44:00 | 000,010,640 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LBeepKE.sys -- (LBeepKE)
DRV - [2002-11-08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002-08-30 16:59:38 | 000,089,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e1000nt5.sys -- (E1000)
DRV - [2002-05-07 18:06:36 | 000,023,744 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\platalrt.sys -- (PlatAlrt)
DRV - [2002-05-07 18:05:56 | 000,039,680 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Netalrt.sys -- (NetAlrt)
DRV - [2002-05-03 13:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2001-10-04 16:32:30 | 000,039,680 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrParwdm.sys -- (BrParWdm)
DRV - [2001-08-17 23:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPT3XX.SYS -- (hpt3xx)
DRV - [2001-08-17 22:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [2001-08-17 22:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001-08-17 21:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrParImg.sys -- (brparimg)
DRV - [2001-08-17 21:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
IE - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA_en
IE - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Programmer\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2012-06-05 16:45:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins

[2012-06-05 16:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HJC\Application Data\Mozilla\Extensions
[2012-06-05 16:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2012-04-21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programmer\mozilla firefox\components\browsercomps.dll
[2012-04-21 03:46:21 | 000,001,525 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\amazon-co-uk.xml
[2012-04-21 03:46:21 | 000,002,252 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\bing.xml
[2012-04-21 03:46:22 | 000,001,178 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\wikipedia-da.xml

O1 HOSTS File: ([2012-07-31 08:05:56 | 000,000,761 | RHS- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347797335281 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190359451943 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} https://lra.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} http://activex.dataloen.dk/controls/Dataloen3333.CAB (Dataloen.ctlVirtuelDesktop)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exe (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.242.40.3 212.242.40.51 212.242.40.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B53F314-55CD-4F70-BA7F-F9D6E24BA319}: DhcpNameServer = 212.242.40.3 212.242.40.51 212.242.40.3
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\b04d0485382: DllName - (C:\WINDOWS\system32\__c00525F1.dat) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELLWP.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001-10-25 13:48:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: BITS -  File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012-09-16 15:00:37 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HJC\Skrivebord\OTL.exe
[2012-09-16 14:18:05 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012-09-16 14:17:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\HJC\Skrivebord\dds.scr
[2012-09-16 14:11:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012-09-16 14:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\Avg2013
[2012-09-16 14:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\MFAData
[2012-09-16 13:39:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HJC\Menuen Start\Programmer\Administration
[2012-09-16 13:39:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HJC\Skabeloner
[2012-09-16 13:39:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HJC\SendTo
[2012-09-16 13:39:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HJC\Printere
[2012-09-16 13:39:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\HJC\Skrivebord\dds.com
[2012-09-15 10:38:38 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2012-09-15 10:38:06 | 000,000,000 | ---D | C] -- C:\Programmer\Panda Security
[2012-09-03 17:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012-09-03 17:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-09-16 15:00:34 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HJC\Skrivebord\OTL.exe
[2012-09-16 14:58:45 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012-09-16 14:58:41 | 000,002,591 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2012-09-16 14:58:28 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\Uwckoyzrxv.job
[2012-09-16 14:58:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012-09-16 14:58:24 | 2145,443,840 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-16 13:20:57 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012-09-16 12:55:17 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\HJC\Skrivebord\Microsoft Office Outlook 2007.lnk
[2012-09-16 12:53:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-09-16 11:28:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-09-15 11:46:32 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\HJC\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2012-09-14 15:34:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-09-16 13:14:34 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012-09-04 18:46:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-09-04 18:41:57 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-06-25 13:02:58 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\L\00000004.@
[2012-06-25 13:02:57 | 000,091,136 | ---- | C] () -- C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\U\80000032.@
[2012-06-05 16:44:32 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-2SIR8.exe
[2012-04-21 07:25:05 | 000,381,952 | ---- | C] () -- C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\wlbls.exe
[2012-03-16 18:18:51 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-34UBI.exe
[2011-12-20 07:51:16 | 000,015,464 | -HS- | C] () -- C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\265i704r2qu2y215ulc4yp7rn6671x8860vytu36r87
[2011-12-20 07:51:16 | 000,015,464 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\265i704r2qu2y215ulc4yp7rn6671x8860vytu36r87
[2011-02-07 12:26:06 | 000,114,688 | RHS- | C] () -- C:\WINDOWS\System32\msexch40T.dll
[2003-01-28 18:44:28 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2001-10-09 09:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\@
[2001-10-09 09:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\{c473eeac-8377-1d7f-e234-fef60c4d9044}\@

========== LOP Check ==========

[2012-05-27 18:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\529C5357000020F100036D35D151FC4E
[2012-09-16 12:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6F63A58B0000E6CD0261CC5F7B07D287
[2012-03-01 13:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\86fed6
[2012-09-16 14:11:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2006-05-01 12:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey
[2012-09-16 14:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009-04-18 18:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011-02-19 08:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2012-09-16 13:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HJC\Application Data\Antivirus Protection
[2012-05-11 12:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HJC\Application Data\fifa
[2012-07-03 10:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HJC\Application Data\hellomoto
[2012-09-16 14:58:28 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\Tasks\Uwckoyzrxv.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE  >
[2008-04-14 18:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D -- C:\WINDOWS\explorer.exe
[2008-04-14 18:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007-06-13 15:22:35 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=91E15A22E62A11014DB521FB589B6093 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007-06-13 15:10:54 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=9D7A9E7F4A89AA43D108C4E4C153B561 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004-08-27 02:53:49 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=DA77B9561CC9AC54584C86CAB36EBF25 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES.EXE  >
[2009-02-09 11:53:36 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=113BF3D1FDE0813E955381C137BA8F33 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009-02-09 13:25:40 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=32F091E3425759B126760F44B5E931C9 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009-02-09 13:25:40 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=32F091E3425759B126760F44B5E931C9 -- C:\WINDOWS\SYSTEM32\DLLCACHE\services.exe
[2009-02-09 13:25:40 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=32F091E3425759B126760F44B5E931C9 -- C:\WINDOWS\SYSTEM32\services.exe
[2004-08-27 02:53:53 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=55BBE54A196B1A9F99EC2E01F4AC1215 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
[2009-02-09 12:11:38 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=7B637DCA529042B0C506AE3C71660D16 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2008-04-14 18:06:01 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=AB2B6ABF3FCDA803FF0E2251F9A5274E -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008-04-14 18:06:01 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=AB2B6ABF3FCDA803FF0E2251F9A5274E -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009-02-09 13:18:41 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=F8BCC407FCB4CDBF17163FAE3C820D80 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

< MD5 for: SVCHOST.EXE  >
[2004-08-27 02:53:54 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=46FE2ED518FDFBFD289F014A3078575C -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2012-09-07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programmer\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008-04-14 18:06:03 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=555F8F4CB284FE94059DCACF6074F9EC -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008-04-14 18:06:03 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=555F8F4CB284FE94059DCACF6074F9EC -- C:\WINDOWS\SYSTEM32\svchost.exe

< MD5 for: USERINIT.EXE  >
[2004-08-27 02:53:54 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=3A03D6433E4E5FD3430DD3431FC6AC54 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008-04-14 18:06:05 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008-04-14 18:06:05 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772 -- C:\WINDOWS\SYSTEM32\userinit.exe

< MD5 for: WINLOGON.EXE  >
[2012-09-07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programmer\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004-08-27 02:53:54 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=713AD65B9FF9CEE0A43181B442D846EB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-14 18:06:06 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 18:06:06 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B -- C:\WINDOWS\SYSTEM32\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemroot%\*. /mp /s >

< HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 /s >
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009-02-09 12:53:27 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

< HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32 /s >
"" = %SystemRoot%\system32\SHELL32.dll -- [2011-01-21 16:44:12 | 008,474,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: HITACHI_DK23EB-40
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0,00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 37,00GB
Starting Offset: 32901120
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >


---

OTL Extras logfile created on: 16-09-2012 15:01:56 - Run 1
OTL by OldTimer - Version 3.2.61.5    Folder = C:\Documents and Settings\HJC\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,60% Memory free
1,85 Gb Paging File | 1,60 Gb Available in Paging File | 86,12% Paging File free
Paging file location(s):  [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 37,23 Gb Total Space | 21,57 Gb Free Space | 57,94% Space Free | Partition Type: NTFS

Computer Name: BJERGLY | User Name: HJC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1723214923-1974565712-2106517767-1012\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Programmer\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\svc]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97C6-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4C701994-43D2-4B7B-A548-C6E6C224D9A9}" = Intel® PRO Network Adapters WMI Provider (2.0)
"{6797B492-3814-4129-AD07-C727D23FB5BF}" = Intel® Pro Alerting Agent, Version 3.0.0
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple-programunderstøttelse
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0010-0406-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Danish) 12
"{90120000-0015-0406-0000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2007
"{90120000-0015-0406-0000-0000000FF1CE}_PROHYBRIDR_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0406-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2007
"{90120000-0016-0406-0000-0000000FF1CE}_PROHYBRIDR_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2007
"{90120000-0018-0406-0000-0000000FF1CE}_PROHYBRIDR_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0406-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2007
"{90120000-0019-0406-0000-0000000FF1CE}_PROHYBRIDR_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2007
"{90120000-001A-0406-0000-0000000FF1CE}_PROHYBRIDR_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0406-0000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2007
"{90120000-001B-0406-0000-0000000FF1CE}_PROHYBRIDR_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007
"{90120000-001F-0406-0000-0000000FF1CE}_PROHYBRIDR_{25E093C2-374E-44A9-9BCE-3881BD442F3F}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0406-0000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2007
"{90120000-006E-0406-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2007
"{90120000-006E-0406-0000-0000000FF1CE}_PROHYBRIDR_{50865937-2EBB-4BBF-8861-BF5972C95D4B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1030-7B44-A81300000003}" = Adobe Reader 8.1.3 - Dansk
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD202930-5F70-4B35-B875-1E28604F328D}" = Logitech Communications Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Press Interactive Training" = Microsoft Interactive Training
"Mozilla Firefox 12.0 (x86 da)" = Mozilla Firefox 12.0 (x86 da)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1723214923-1974565712-2106517767-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smart Fortress 2012" = Smart Fortress 2012

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14-10-2010 21:28:40 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 14-10-2010 22:28:39 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 14-10-2010 23:28:37 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 15-10-2010 00:28:38 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 15-10-2010 01:28:37 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 15-10-2010 02:28:40 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 15-10-2010 03:25:14 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 15-10-2010 04:25:14 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 24-10-2010 11:22:26 | Computer Name = BJERGLY | Source = Application Hang | ID = 1002
Description = Stoppet program OUTLOOK.EXE, version 12.0.6539.5000, stoppet modul
hungapp, version 0.0.0.0, stoppet adresse 0x00000000.

Error - 03-11-2010 07:18:44 | Computer Name = BJERGLY | Source = Application Hang | ID = 1002
Description = Stoppet program iexplore.exe, version 7.0.6000.17091, stoppet modul
hungapp, version 0.0.0.0, stoppet adresse 0x00000000.

[ System Events ]
Error - 15-09-2012 04:28:29 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 05:19:09 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 07:19:53 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 07:47:27 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 07:47:27 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7026
Description = Følgende boot-start- eller system-start-driver kunne ikke indlæses:
  agp440

Error - 16-09-2012 07:56:57 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 08:05:45 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 08:21:28 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 08:40:31 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 08:59:50 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060


< End of report >
Avatar billede Roneklindt Novice
16. september 2012 - 15:56 #13
Her er der så alle de logs som jeg skulle gemme .. Håber i kan finde en løsning ..


OTL:


OTL logfile created on: 16-09-2012 13:42:19 - Run 2
OTL by OldTimer - Version 3.2.61.3    Folder = C:\Users\Roneklindt\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

952,13 Mb Total Physical Memory | 354,22 Mb Available Physical Memory | 37,20% Memory free
2,12 Gb Paging File | 0,93 Gb Available in Paging File | 43,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 39,80 Gb Free Space | 57,14% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 45,33 Gb Free Space | 65,10% Space Free | Partition Type: NTFS
Drive F: | 7,20 Gb Total Space | 7,12 Gb Free Space | 98,81% Space Free | Partition Type: FAT32

Computer Name: RONEKLINDT-PC | User Name: Roneklindt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-09 18:26:58 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Roneklindt\Desktop\OTL.com
PRC - [2012-09-03 20:07:57 | 000,722,528 | ---- | M] () -- C:\Programmer\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012-09-03 20:07:32 | 000,947,808 | ---- | M] () -- C:\Programmer\AVG Secure Search\vprot.exe
PRC - [2012-08-13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgidsagent.exe
PRC - [2012-07-31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgtray.exe
PRC - [2012-07-26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgrsx.exe
PRC - [2012-07-18 18:14:18 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\RONEKL~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012-06-13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgnsx.exe
PRC - [2012-03-19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgemcx.exe
PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgwdsvc.exe
PRC - [2012-02-14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmer\AVG\AVG2012\avgcsrvx.exe
PRC - [2011-11-03 17:20:58 | 000,803,144 | ---- | M] (AVG) -- C:\Programmer\AVG\AVG PC Tuneup\BoostSpeed.exe
PRC - [2010-11-26 15:36:32 | 001,762,688 | ---- | M] () -- C:\Programmer\Connect it\BecHelperService.exe
PRC - [2010-11-26 15:34:52 | 000,294,400 | ---- | M] () -- C:\Programmer\Connect it\LoggerServer.exe
PRC - [2009-04-11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-06-10 01:36:14 | 000,870,920 | ---- | M] (Dritek System Inc.) -- C:\Programmer\Launch Manager\LManager.exe
PRC - [2008-05-21 04:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008-04-30 19:02:40 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programmer\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008-03-21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Programmer\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008-03-21 13:22:32 | 000,376,832 | ---- | M] (acer) -- C:\Programmer\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
PRC - [2008-01-16 11:01:30 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007-12-06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007-02-13 02:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Programmer\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2006-10-31 00:00:00 | 000,139,264 | ---- | M] (Brother Industries,ltd) -- C:\Windows\System32\bsplmf01.exe
PRC - [2006-10-27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006-09-09 01:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programmer\Apoint2K\Hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2012-09-03 20:08:22 | 000,564,832 | ---- | M] () -- C:\Programmer\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012-09-03 20:07:59 | 000,132,704 | ---- | M] () -- C:\Programmer\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012-09-03 20:07:32 | 000,947,808 | ---- | M] () -- C:\Programmer\AVG Secure Search\vprot.exe
MOD - [2012-07-13 20:33:48 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012-07-13 20:33:27 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012-07-13 20:30:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012-07-13 20:27:51 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012-07-13 20:26:25 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012-07-13 20:06:30 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012-07-13 19:54:39 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012-07-13 19:54:17 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011-11-03 17:21:06 | 000,350,024 | ---- | M] () -- C:\Programmer\AVG\AVG PC Tuneup\madExcept_.bpl
MOD - [2011-11-03 17:21:06 | 000,184,136 | ---- | M] () -- C:\Programmer\AVG\AVG PC Tuneup\madBasic_.bpl
MOD - [2011-11-03 17:21:06 | 000,050,504 | ---- | M] () -- C:\Programmer\AVG\AVG PC Tuneup\madDisAsm_.bpl
MOD - [2009-04-11 08:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2009-03-31 20:05:00 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008-09-12 00:28:43 | 000,569,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3006.0__739b31b1908c49e5\Framework.UIComponent.dll
MOD - [2008-09-12 00:28:43 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll
MOD - [2008-09-12 00:28:43 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2008-09-12 00:28:43 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2008-04-30 16:00:02 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll
MOD - [2003-06-07 23:30:08 | 000,057,344 | ---- | M] () -- C:\Programmer\Launch Manager\PowerUtl.dll


========== Services (SafeList) ==========

SRV - [2012-09-05 21:24:44 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programmer\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-09-03 20:07:57 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Programmer\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012-09-03 19:15:02 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-08-13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmer\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmer\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010-11-26 15:36:32 | 001,762,688 | ---- | M] () [Auto | Running] -- C:\Programmer\Connect it\BecHelperService.exe -- (BecHelperService)
SRV - [2008-03-21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programmer\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008-01-21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008-01-16 11:01:30 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007-12-06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007-08-24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007-02-13 02:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Programmer\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2006-10-27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-04-14 10:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2006-04-14 10:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmer\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006-04-14 10:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005-10-14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmer\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012-09-03 20:08:02 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012-08-24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012-07-26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012-04-19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012-01-31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-12-23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-12-23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011-12-23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011-12-23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010-11-26 16:21:56 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010-11-26 16:21:52 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010-11-26 16:21:52 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010-11-26 16:21:52 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010-11-26 16:21:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2008-06-05 03:54:22 | 000,113,664 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008-04-15 20:13:14 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008-04-08 20:46:02 | 000,043,736 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008-04-06 04:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-03-21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008-02-01 09:14:36 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007-12-26 08:23:10 | 000,017,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TpChoice.sys -- (TpChoice)
DRV - [2006-11-29 02:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=2&o=vb32&d=0612&m=extensa_5230
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1940343515-965900618-618164863-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=da
IE - HKU\S-1-5-21-1940343515-965900618-618164863-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1940343515-965900618-618164863-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1940343515-965900618-618164863-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1940343515-965900618-618164863-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-1940343515-965900618-618164863-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={FED86ED8-575D-453F-9313-A27840DBA7BD}&mid=297acc72ec3547d0966bd154343c1f21-fab9e376f2db6063f21074670f3e748cbe54e38d&lang=da&ds=AVG&pr=fr&d=2012-06-19 18:52:14&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1940343515-965900618-618164863-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.dk/ig"
FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B379ce5f9-e061-427e-a3ab-46694dec1fff%7D&mid=297acc72ec3547d0966bd154343c1f21-fab9e376f2db6063f21074670f3e748cbe54e38d&ds=AVG&v=12.2.5.32&lang=da&pr=fr&d=2012-06-19%2018%3A52%3A14&sap=ku&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-09-10 16:38:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012-09-03 20:08:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-05 21:24:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-05 21:24:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-06-19 18:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roneklindt\AppData\Roaming\mozilla\Extensions
[2012-09-02 18:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roneklindt\AppData\Roaming\mozilla\Firefox\Profiles\p72hkaug.default\extensions
[2012-06-19 18:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2012-09-03 20:08:50 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
[2012-09-05 21:24:44 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-06-15 00:39:13 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-co-uk.xml
[2012-09-03 20:07:21 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-09-05 21:24:42 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-06-15 00:39:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-da.xml

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmer\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programmer\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programmer\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-1940343515-965900618-618164863-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ePower_DMC] C:\Programmer\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [LManager] C:\Programmer\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: E&ksporter til Microsoft Excel - C:\Programmer\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmer\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F279FA5-B709-435A-B245-95B2B1F69457}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programmer\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-12-26 13:59:40 | 000,000,513 | ---- | M] () - D:\Autodata CD2.lnk -- [ NTFS ]
O32 - AutoRun File - [2004-11-13 22:47:12 | 000,000,063 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{d92b55ae-c2be-11e1-8250-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d92b55ae-c2be-11e1-8250-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{d92b56ff-c2be-11e1-8250-001e101f4e71}\Shell - "" = AutoRun
O33 - MountPoints2\{d92b56ff-c2be-11e1-8250-001e101f4e71}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{ef4174bf-c2ca-11e1-a6ed-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{ef4174bf-c2ca-11e1-a6ed-001e101fe5e1}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-09-16 13:41:33 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Roneklindt\Desktop\OTL.com
[2012-09-10 16:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012-09-03 20:08:02 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012-08-29 23:27:46 | 000,000,000 | --SD | C] -- C:\BANANEN
[2012-08-29 23:27:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-08-29 21:32:56 | 000,000,000 | ---D | C] -- C:\Users\Roneklindt\Desktop\backups
[2012-08-29 12:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012-08-24 15:43:18 | 000,301,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012-08-21 20:49:43 | 000,000,000 | ---D | C] -- C:\Users\Roneklindt\AppData\Roaming\Malwarebytes
[2012-08-21 20:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-08-21 20:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-08-21 20:49:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-08-21 20:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-08-21 20:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2012-09-16 13:45:19 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-09-16 13:45:19 | 000,519,100 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2012-09-16 13:45:19 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-09-16 13:45:19 | 000,097,908 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2012-09-16 13:34:13 | 094,961,329 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012-09-16 13:28:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-16 13:28:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-09-16 13:28:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-16 13:28:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-15 20:09:43 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012-09-15 20:08:43 | 999,157,760 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-09 18:26:58 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Roneklindt\Desktop\OTL.com
[2012-09-08 17:58:01 | 000,280,905 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012-09-03 20:08:02 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012-09-03 19:14:59 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012-09-03 19:14:59 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012-08-29 21:37:33 | 000,024,576 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012-08-24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012-08-21 20:49:25 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-08-21 20:35:56 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2012-09-03 18:28:17 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-02 00:27:25 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@
[2012-09-02 00:27:24 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@
[2012-09-02 00:27:24 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@
[2012-09-01 21:49:45 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@
[2012-09-01 21:49:44 | 000,091,136 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000032.@
[2012-09-01 18:22:37 | 999,157,760 | -HS- | C] () -- C:\hiberfil.sys
[2012-08-21 20:49:25 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-08-21 20:35:56 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012-07-21 00:57:59 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\L\00000004.@
[2012-07-12 14:38:29 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@
[2012-07-12 14:38:29 | 000,002,048 | -HS- | C] () -- C:\Users\Roneklindt\AppData\Local\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@
[2012-06-30 16:26:30 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012-06-27 14:24:18 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012-06-27 14:24:17 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012-06-27 14:24:16 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2012-06-27 14:22:21 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2012-06-25 22:22:47 | 000,008,704 | ---- | C] () -- C:\Users\Roneklindt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-24 15:54:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012-06-24 15:54:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012-06-20 03:19:13 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2012-06-20 03:07:49 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2012-06-20 03:07:49 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2012-06-20 03:07:49 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2012-06-20 03:07:48 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2012-06-20 03:07:48 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2012-06-19 20:54:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012-06-19 17:54:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2012-06-19 17:49:29 | 000,000,000 | ---- | C] () -- C:\Windows\setup.INI
[2012-06-19 17:41:34 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2012-06-19 17:41:34 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2012-06-19 17:41:34 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2012-06-19 17:41:34 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

========== Custom Scans ==========

< :otl >

< @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4 >

< @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4 >

<  >

< :files >

< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@ >
[2012-09-02 00:27:25 | 000,013,312 | ---- | M] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@ >
[2012-09-02 00:27:24 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@ >
[2012-09-02 00:27:24 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@ >
[2012-09-01 21:49:45 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000032.@ >
[2012-09-14 20:02:28 | 000,091,136 | ---- | M] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000032.@

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\L\00000004.@ >
[2012-09-15 20:09:48 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\L\00000004.@

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@ >
[2011-11-18 22:23:34 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@

< C:\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179} >

< C:\Users\Roneklindt\AppData\Local\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@ >
[2012-07-21 23:26:07 | 000,002,048 | -HS- | M] () -- C:\Users\Roneklindt\AppData\Local\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@

< C:\Users\Roneklindt\AppData\Local\{5fe39fe5-5c5f-abd8-783c-3092b01c6179} >

<  >

< :Commands >

< [purity] >

< [resethosts] >

< [EMPTYFLASH] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


COMBOFIX:

ComboFix 12-09-15.02 - Roneklindt 16-09-2012  14:25:43.1.1 - x86
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.45.1030.18.952.268 [GMT 2:00]
Kører fra: c:\users\Roneklindt\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Roneklindt\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\@
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\L\00000004.@
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\L\201d3dde
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@
c:\windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000032.@
D:\autorun.inf
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --> c:\windows\System32\services.exe
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-08-16 til 2012-09-16  )))))))))))))))))))))))))))))))))))
.
.
2012-09-05 19:24 . 2012-09-05 19:24    73696    ----a-w-    c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-09-03 18:08 . 2012-09-03 18:08    27496    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2012-08-29 21:27 . 2012-08-29 21:27    --------    d-----w-    C:\BANANEN
2012-08-29 10:57 . 2012-08-29 10:57    --------    d-----w-    c:\program files\Microsoft Security Client
2012-08-24 13:43 . 2012-08-24 13:43    301920    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2012-08-21 18:49 . 2012-08-21 18:49    --------    d-----w-    c:\users\Roneklindt\AppData\Roaming\Malwarebytes
2012-08-21 18:49 . 2012-08-21 18:49    --------    d-----w-    c:\programdata\Malwarebytes
2012-08-21 18:49 . 2012-09-02 01:19    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2012-08-21 18:49 . 2012-07-03 11:46    22344    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-08-21 18:35 . 2012-09-02 01:19    --------    d-----w-    c:\program files\CCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-03 17:14 . 2012-06-19 17:05    70344    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-03 17:14 . 2012-06-19 17:05    426184    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2012-07-26 01:21 . 2012-07-26 01:21    237408    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2012-07-13 16:30 . 2012-07-13 16:30    161792    ----a-w-    c:\windows\system32\msls31.dll
2012-07-13 16:30 . 2012-07-13 16:30    1129472    ----a-w-    c:\windows\system32\wininet.dll
2012-07-13 16:30 . 2012-07-13 16:30    86528    ----a-w-    c:\windows\system32\iesysprep.dll
2012-07-13 16:30 . 2012-07-13 16:30    76800    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2012-07-13 16:30 . 2012-07-13 16:30    74752    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2012-07-13 16:30 . 2012-07-13 16:30    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2012-07-13 16:30 . 2012-07-13 16:30    63488    ----a-w-    c:\windows\system32\tdc.ocx
2012-07-13 16:30 . 2012-07-13 16:30    367104    ----a-w-    c:\windows\system32\html.iec
2012-07-13 16:30 . 2012-07-13 16:30    74752    ----a-w-    c:\windows\system32\iesetup.dll
2012-07-13 16:30 . 2012-07-13 16:30    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2012-07-13 16:30 . 2012-07-13 16:30    23552    ----a-w-    c:\windows\system32\licmgr10.dll
2012-07-13 16:30 . 2012-07-13 16:30    152064    ----a-w-    c:\windows\system32\wextract.exe
2012-07-13 16:30 . 2012-07-13 16:30    150528    ----a-w-    c:\windows\system32\iexpress.exe
2012-07-13 16:30 . 2012-07-13 16:30    420864    ----a-w-    c:\windows\system32\vbscript.dll
2012-07-13 16:30 . 2012-07-13 16:30    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2012-07-13 16:30 . 2012-07-13 16:30    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2012-07-13 16:30 . 2012-07-13 16:30    1800192    ----a-w-    c:\windows\system32\jscript9.dll
2012-07-13 16:30 . 2012-07-13 16:30    11776    ----a-w-    c:\windows\system32\mshta.exe
2012-07-13 16:30 . 2012-07-13 16:30    101888    ----a-w-    c:\windows\system32\admparse.dll
2012-07-13 16:30 . 2012-07-13 16:30    35840    ----a-w-    c:\windows\system32\imgutil.dll
2012-07-13 16:30 . 2012-07-13 16:30    110592    ----a-w-    c:\windows\system32\IEAdvpack.dll
2012-07-13 16:28 . 2012-07-13 16:28    979456    ----a-w-    c:\windows\system32\MFH264Dec.dll
2012-07-13 16:28 . 2012-07-13 16:28    357376    ----a-w-    c:\windows\system32\MFHEAACdec.dll
2012-07-13 16:28 . 2012-07-13 16:28    302592    ----a-w-    c:\windows\system32\mfmp4src.dll
2012-07-13 16:28 . 2012-07-13 16:28    261632    ----a-w-    c:\windows\system32\mfreadwrite.dll
2012-07-13 16:28 . 2012-07-13 16:28    98816    ----a-w-    c:\windows\system32\mfps.dll
2012-07-13 16:28 . 2012-07-13 16:28    2873344    ----a-w-    c:\windows\system32\mf.dll
2012-07-13 16:28 . 2012-07-13 16:28    209920    ----a-w-    c:\windows\system32\mfplat.dll
2012-07-13 16:28 . 2012-07-13 16:28    586240    ----a-w-    c:\windows\system32\stobject.dll
2012-07-13 16:28 . 2012-07-13 16:28    135680    ----a-w-    c:\windows\system32\XpsRasterService.dll
2012-07-13 16:28 . 2012-07-13 16:28    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2012-07-13 16:28 . 2012-07-13 16:28    478720    ----a-w-    c:\windows\system32\dxgi.dll
2012-07-13 16:28 . 2012-07-13 16:28    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2012-07-13 16:28 . 2012-07-13 16:28    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2012-07-13 16:28 . 2012-07-13 16:28    638336    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2012-07-13 16:28 . 2012-07-13 16:28    37376    ----a-w-    c:\windows\system32\cdd.dll
2012-07-13 16:28 . 2012-07-13 16:28    258048    ----a-w-    c:\windows\system32\winspool.drv
2012-07-13 16:28 . 2012-07-13 16:28    667648    ----a-w-    c:\windows\system32\printfilterpipelinesvc.exe
2012-07-13 16:28 . 2012-07-13 16:28    26112    ----a-w-    c:\windows\system32\printfilterpipelineprxy.dll
2012-07-13 16:28 . 2012-07-13 16:28    847360    ----a-w-    c:\windows\system32\OpcServices.dll
2012-07-13 16:28 . 2012-07-13 16:28    1554432    ----a-w-    c:\windows\system32\xpsservices.dll
2012-07-13 16:26 . 2012-07-13 16:26    4096    ----a-w-    c:\windows\system32\drivers\da-DK\dxgkrnl.sys.mui
2012-07-13 16:26 . 2012-07-13 16:26    369664    ----a-w-    c:\windows\system32\WMPhoto.dll
2012-07-13 16:26 . 2012-07-13 16:26    252928    ----a-w-    c:\windows\system32\dxdiag.exe
2012-07-13 16:26 . 2012-07-13 16:26    195584    ----a-w-    c:\windows\system32\dxdiagn.dll
2012-07-13 16:26 . 2012-07-13 16:26    519680    ----a-w-    c:\windows\system32\d3d11.dll
2012-07-13 16:26 . 2012-07-13 16:26    974848    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2012-07-13 16:26 . 2012-07-13 16:26    321024    ----a-w-    c:\windows\system32\PhotoMetadataHandler.dll
2012-07-13 16:26 . 2012-07-13 16:26    189440    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2012-06-30 14:26 . 2012-06-30 14:26    67156    ----a-w-    c:\windows\Huawei ModemsUninstall.exe
2012-06-20 18:55 . 2012-06-20 18:56    772592    ----a-w-    c:\windows\system32\npDeployJava1.dll
2012-06-20 18:55 . 2012-06-20 18:56    687600    ----a-w-    c:\windows\system32\deployJava1.dll
2012-06-20 01:10 . 2012-06-20 01:10    6656    ----a-w-    c:\windows\system32\kbd106n.dll
2012-06-19 15:41 . 2012-06-19 15:41    319456    ----a-w-    c:\windows\DIFxAPI.dll
2012-06-19 15:41 . 2012-06-19 15:41    315392    ----a-w-    c:\windows\HideWin.exe
2012-09-05 19:24 . 2012-06-19 16:40    266720    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-03 18:07    1734240    ----a-w-    c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-03 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-09 870920]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-30 397312]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-03 947808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-15 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03    303104    ----a-w-    c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 17:15]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.com/ig?hl=da
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&s=2&o=vb32&d=0612&m=extensa_5230
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\users\Roneklindt\AppData\Roaming\Mozilla\Firefox\Profiles\p72hkaug.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/ig
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B379ce5f9-e061-427e-a3ab-46694dec1fff%7D&mid=297acc72ec3547d0966bd154343c1f21-fab9e376f2db6063f21074670f3e748cbe54e38d&ds=AVG&v=12.2.5.32&lang=da&pr=fr&d=2012-06-19%2018%3A52%3A14&sap=ku&q=
.
- - - - TOMME GENVEJE FJERNET - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-16 14:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Connect it\BecHelperService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Connect it\LoggerServer.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG2012\avgidsagent.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Gennemført tid: 2012-09-16  14:45:35 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2012-09-16 12:45
.
Pre-Kørsel: 42.326.761.472 byte ledig
Post-Kørsel: 42.514.075.648 byte ledig
.
- - End Of File - - B50041C8547DF9BEEDAE88738808217D

MALWARE FØR SLETNING:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.16.04

Windows Vista Service Pack 2 x86 FAT32
Internet Explorer 9.0.8112.16421
Roneklindt :: RONEKLINDT-PC [administrator]

16-09-2012 14:49:18
mbam-log-2012-09-16 (15-40-14).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 288939
Tid gået: 46 minut(ter), 50 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 5
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@.vir (Rootkit.Zaccess) -> Ingen handling valgt.
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Ingen handling valgt.
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@.vir (Rootkit.0Access) -> Ingen handling valgt.
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@.vir (Trojan.Small) -> Ingen handling valgt.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Ingen handling valgt.

(færdig)



MALWARE EFTER SLETNING:



Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.16.04

Windows Vista Service Pack 2 x86 FAT32
Internet Explorer 9.0.8112.16421
Roneklindt :: RONEKLINDT-PC [administrator]

16-09-2012 14:49:18
mbam-log-2012-09-16 (14-49-18).txt

Skanningstype: Fuldstændig skanning (C:\|D:\|)
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 288939
Tid gået: 46 minut(ter), 50 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 5
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000004.@.vir (Rootkit.Zaccess) -> Sat i karantæne og slettet succesfuldt.
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Sat i karantæne og slettet succesfuldt.
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\000000cb.@.vir (Rootkit.0Access) -> Sat i karantæne og slettet succesfuldt.
C:\Qoobox\Quarantine\C\Windows\Installer\{5fe39fe5-5c5f-abd8-783c-3092b01c6179}\U\80000000.@.vir (Trojan.Small) -> Sat i karantæne og slettet succesfuldt.
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Sat i karantæne og slettet succesfuldt.

(færdig)
Avatar billede Coldize Nybegynder
16. september 2012 - 15:58 #14
Ehm det skal jeg da ikke bruge til noget det der???
Avatar billede Coldize Nybegynder
16. september 2012 - 16:01 #15
Roneklindt, hvorfor har du smidt en log herind.
Er det et spørgsmål du sender????
Avatar billede 220661 Ekspert
16. september 2012 - 16:12 #16
Nej han har selv et spørgsmål med otl i egen tråd. Han må bare koiere den ind der så sullep kan kigge på den.
Avatar billede Coldize Nybegynder
16. september 2012 - 16:19 #17
Okay.
Det forvirrede mig bare lige at der pludselig var ekstra logs herinde.
Avatar billede Roneklindt Novice
16. september 2012 - 17:20 #18
Hov Det var i den forkerte tråd :P MY BAD
Sorry
Avatar billede f-arn Guru
16. september 2012 - 18:33 #19
@Coldize

Jeg håber du forstår.

Jeg kan ikke arbejde med logs fra to computere og da jeg ikke kan slette det Roneklindt har sendt ind, vil jeg be' dig gøre et af to:

1. Lukke dette, og opret et nyt spørgsmål med logs fra Malwarebytes og OTL. De skal ikke køres igen.

2. Oprette dig som bruger på Spywarefri, og lave et nyt spørgsmål der.

I begge tilfælde, skal du henvise til dette spøgsmål.

Igen - jeg håber du forstår.

Lad os vide hvad du gør.
Avatar billede Roneklindt Novice
16. september 2012 - 18:55 #20
sorry er virkelig ked af den ballade jeg har lavet ..
Avatar billede Coldize Nybegynder
16. september 2012 - 21:48 #21
Hov det gør ikke noget roneklindt, som sagt det forvirrede mig bare.
Beklager hvis mine beskeder skabte lidt "kaos" Det var ikke min intention.

Hvis f-arn kan løse begge ting i denne tråd gør det skam ikke mig noget.

Så jeg kan sagtens bruge denne tråd alligevel hvis det er ok med dig f-arn. Pointen er sådan set bare om jeg kan få mit problem ud af verden.
Avatar billede f-arn Guru
16. september 2012 - 22:53 #22
Jeg vil foretrække, at du laver et nyt spørgsmål.

Du har også et ZeroAccess/Sirefef Rootkit (som Roneklindt), men det er forvirrende at ha' to i samme tråd.

Så - for at minimere risikoen for fejl - opret et nyt spørgsmål.
Avatar billede 220661 Ekspert
16. september 2012 - 23:07 #23
Kan kun give f-arn ret i at oprette et nyt spørgsmål, og henvise til at det er en udløber herfra.
Avatar billede Coldize Nybegynder
17. september 2012 - 13:55 #24
Spørgsmål lukkes hermed og nyt er oprettet.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester