Avatar billede Coldize Nybegynder
17. september 2012 - 13:54 Der er 30 kommentarer og
1 løsning

En trojaner på computeren

Dette er udløberen til mit spørgsmål "En lille trojaner på computeren":
Oprettet søn. d. 16. september 2012 kl. 12:37:23

Har ændret pointstørrelse fra 30 til 60, da jeg syntes det er mere omfattende end jeg troede og syntes at der skal gives lidt flere point for det. :)

Hermed logfiler fra Malwarebytes og OTL:

Malwarebytes Anti-Malware (Prøveversion) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.16.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
HJC :: BJERGLY [administrator]

Beskyttelse: Slået til

16-09-2012 13:26:29
mbam-log-2012-09-16 (13-26-29).txt

Skanningstype: Hurtig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 213330
Tid gået: 12 minut(ter), 15 sekund(er)

Hukommelses Processorer Inficeret: 2
C:\WINDOWS\Temp\temp68.exe (Trojan.FakeAlert) -> 2472 -> Bliver slettet ved genstart.
C:\Documents and Settings\HJC\Application Data\Antivirus Protection\securityhelper.exe (Trojan.FakeAlert) -> 2828 -> Bliver slettet ved genstart.

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 3
HKCR\sp (TrojanProxy.Agent) -> Sat i karantæne og slettet succesfuldt.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Sat i karantæne og slettet succesfuldt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Sat i karantæne og slettet succesfuldt.

Registreringsdatabaseværdier Inficeret: 6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IntelAgent (Trojan.FakeAlert) -> Data: C:\WINDOWS\Temp\temp68.exe -> Sat i karantæne og slettet succesfuldt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Antivirus Protection 2012 SH (Trojan.FakeAlert) -> Data: C:\Documents and Settings\HJC\Application Data\Antivirus Protection\securityhelper.exe -> Sat i karantæne og slettet succesfuldt.
HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\rbb.exe" -a "%1" %* -> Sat i karantæne og slettet succesfuldt.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\{c473eeac-8377-1d7f-e234-fef60c4d9044}\n. -> Sat i karantæne og slettet succesfuldt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Microsoft Windows (Trojan.Agent.MSGen) -> Data: C:\Documents and Settings\HJC\Application Data\091588.exe -> Sat i karantæne og slettet succesfuldt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|1157 (Trojan.Agent) -> Data: C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mskaezzhv.pif -> Bliver slettet ved genstart.

Registreringsdatabasedata Objekter Inficeret: 5
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Dårlig: (\\.\globalroot\systemroot\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\n.) God: (wbemess.dll) -> Sat i karantæne og erstattet succesfuldt.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Dårlig: ("C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\rbb.exe" -a "C:\Programmer\Internet Explorer\iexplore.exe") God: (iexplore.exe) -> Sat i karantæne og erstattet succesfuldt.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Dårlig: (1) God: (0) -> Sat i karantæne og erstattet succesfuldt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Dårlig: (1) God: (0) -> Sat i karantæne og erstattet succesfuldt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Dårlig: (1) God: (0) -> Sat i karantæne og erstattet succesfuldt.

Inficerede Mapper: 1
C:\Documents and Settings\HJC\Menuen Start\Programmer\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Sat i karantæne og slettet succesfuldt.

Inficerede Filer: 23
C:\WINDOWS\Temp\temp68.exe (Trojan.FakeAlert) -> Bliver slettet ved genstart.
C:\Documents and Settings\HJC\Application Data\Antivirus Protection\securityhelper.exe (Trojan.FakeAlert) -> Bliver slettet ved genstart.
C:\Documents and Settings\All Users\Application Data\38C4.tmp (Rogue.InternetSecurity) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\All Users\Application Data\64E4.tmp (Rogue.InternetSecurity) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\2.tmp (Rogue.InternetSecurity) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\2A.tmp (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\3738625.exe (Trojan.Agent) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\3755187.exe (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\4.tmp (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\5.tmp (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\91694593.exe (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\jar_cache3432750702085744128.tmp (Trojan.FakeAlert) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\~!#35.tmp (Trojan.Lameshield) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\~!#36.tmp (Trojan.Lameshield) -> Sat i karantæne og slettet succesfuldt.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\n (Trojan.Sirefef) -> Bliver slettet ved genstart.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\L\00000008.@ (Trojan.BitMiner) -> Sat i karantæne og slettet succesfuldt.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\U\00000004.@ (Rootkit.Zaccess) -> Sat i karantæne og slettet succesfuldt.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Sat i karantæne og slettet succesfuldt.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\U\000000cb.@ (Rootkit.0Access) -> Sat i karantæne og slettet succesfuldt.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\U\80000000.@ (Trojan.Small) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Lokale indstillinger\Temp\ms0cfg32.exe (Exploit.Drop.GS) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Skrivebord\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Sat i karantæne og slettet succesfuldt.
C:\Documents and Settings\HJC\Menuen Start\Programmer\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Sat i karantæne og slettet succesfuldt.

(færdig)

---

OTL logfile created on: 16-09-2012 15:01:56 - Run 1
OTL by OldTimer - Version 3.2.61.5    Folder = C:\Documents and Settings\HJC\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,60% Memory free
1,85 Gb Paging File | 1,60 Gb Available in Paging File | 86,12% Paging File free
Paging file location(s):  [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 37,23 Gb Total Space | 21,57 Gb Free Space | 57,94% Space Free | Partition Type: NTFS

Computer Name: BJERGLY | User Name: HJC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-16 15:00:34 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HJC\Skrivebord\OTL.exe
PRC - [2012-09-07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programmer\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-09-07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008-04-14 18:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004-09-10 15:32:48 | 000,053,248 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\SYSTEM32\BrmfBAgS.exe
PRC - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\MDM.EXE
PRC - [2002-05-08 11:51:52 | 000,212,992 | ---- | M] (Intel Corporation) -- C:\Programmer\intel\ASF Agent\ASFAgent.exe
PRC - [2001-08-17 22:36:00 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\SYSTEM32\BrmfRsmg.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2012-09-07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programmer\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-09-04 18:41:54 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-04-21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programmer\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2008-11-04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005-04-04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-09-10 15:32:48 | 000,053,248 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\BrmfBAgS.exe -- (brmfbags)
SRV - [2003-06-19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\MDM.EXE -- (MDM)
SRV - [2002-05-08 11:51:52 | 000,212,992 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmer\intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2002-05-03 13:29:42 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\xphwtgbu.sys -- (ouso)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2012-03-28 12:42:34 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2009-06-30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys -- (pavboot)
DRV - [2008-04-14 17:38:19 | 000,028,416 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\grserial.sys -- (GCR410P)
DRV - [2008-04-13 20:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mf.sys -- (mf)
DRV - [2007-01-23 16:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - [2007-01-23 16:45:00 | 000,034,576 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV - [2007-01-23 16:45:00 | 000,033,296 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV - [2007-01-23 16:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042mou.Sys -- (L8042mou)
DRV - [2007-01-23 16:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007-01-23 16:44:00 | 000,010,640 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LBeepKE.sys -- (LBeepKE)
DRV - [2002-11-08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002-08-30 16:59:38 | 000,089,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e1000nt5.sys -- (E1000)
DRV - [2002-05-07 18:06:36 | 000,023,744 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\platalrt.sys -- (PlatAlrt)
DRV - [2002-05-07 18:05:56 | 000,039,680 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Netalrt.sys -- (NetAlrt)
DRV - [2002-05-03 13:30:08 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2001-10-04 16:32:30 | 000,039,680 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrParwdm.sys -- (BrParWdm)
DRV - [2001-08-17 23:52:24 | 000,038,144 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPT3XX.SYS -- (hpt3xx)
DRV - [2001-08-17 22:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4.SYS -- (nv4)
DRV - [2001-08-17 22:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [2001-08-17 21:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrParImg.sys -- (brparimg)
DRV - [2001-08-17 21:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/ (...)
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/ (...)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.euro.dell.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
IE - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/ (...)
IE - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/ (...)
IE - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Programmer\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2012-06-05 16:45:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins

[2012-06-05 16:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HJC\Application Data\Mozilla\Extensions
[2012-06-05 16:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2012-04-21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programmer\mozilla firefox\components\browsercomps.dll
[2012-04-21 03:46:21 | 000,001,525 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\amazon-co-uk.xml
[2012-04-21 03:46:21 | 000,002,252 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\bing.xml
[2012-04-21 03:46:22 | 000,001,178 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\wikipedia-da.xml

O1 HOSTS File: ([2012-07-31 08:05:56 | 000,000,761 | RHS- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/ (...) (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/ (...) (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/ (...) (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/ (...) (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/ (...) (Java Plug-in 1.6.0_11)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/ (...) (ActiveScan 2.0 Installer Class)
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} https://lra.certifikat.tdc.dk/ (...) (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/ (...) (a-squared Scanner)
O16 - DPF: {C07E5288-22FB-11D7-962E-0004AC77C761} http://activex.dataloen.dk/ (...) (Dataloen.ctlVirtuelDesktop)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/ (...) (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/ (...) (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/ (...) (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/ (...) (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/ (...) (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/ (...) (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/ (...) (Shockwave Flash Object)
O16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} https://udstedelse.certifikat.tdc.dk/ (...) (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.242.40.3 212.242.40.51 212.242.40.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B53F314-55CD-4F70-BA7F-F9D6E24BA319}: DhcpNameServer = 212.242.40.3 212.242.40.51 212.242.40.3
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\b04d0485382: DllName - (C:\WINDOWS\system32\__c00525F1.dat) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELLWP.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001-10-25 13:48:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1723214923-1974565712-2106517767-1012\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: BITS -  File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012-09-16 15:00:37 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HJC\Skrivebord\OTL.exe
[2012-09-16 14:18:05 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012-09-16 14:17:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\HJC\Skrivebord\dds.scr
[2012-09-16 14:11:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012-09-16 14:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\Avg2013
[2012-09-16 14:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\MFAData
[2012-09-16 13:39:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\HJC\Menuen Start\Programmer\Administration
[2012-09-16 13:39:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HJC\Skabeloner
[2012-09-16 13:39:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HJC\SendTo
[2012-09-16 13:39:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\HJC\Printere
[2012-09-16 13:39:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\HJC\Skrivebord\dds.com
[2012-09-15 10:38:38 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2012-09-15 10:38:06 | 000,000,000 | ---D | C] -- C:\Programmer\Panda Security
[2012-09-03 17:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012-09-03 17:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-09-16 15:00:34 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HJC\Skrivebord\OTL.exe
[2012-09-16 14:58:45 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012-09-16 14:58:41 | 000,002,591 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2012-09-16 14:58:28 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\tasks\Uwckoyzrxv.job
[2012-09-16 14:58:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012-09-16 14:58:24 | 2145,443,840 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-16 13:20:57 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012-09-16 12:55:17 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\HJC\Skrivebord\Microsoft Office Outlook 2007.lnk
[2012-09-16 12:53:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-09-16 11:28:26 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-09-15 11:46:32 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\HJC\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2012-09-14 15:34:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-09-16 13:14:34 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Malwarebytes Anti-Malware.lnk
[2012-09-04 18:46:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-09-04 18:41:57 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-06-25 13:02:58 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\L\00000004.@
[2012-06-25 13:02:57 | 000,091,136 | ---- | C] () -- C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\U\80000032.@
[2012-06-05 16:44:32 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-2SIR8.exe
[2012-04-21 07:25:05 | 000,381,952 | ---- | C] () -- C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\wlbls.exe
[2012-03-16 18:18:51 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-34UBI.exe
[2011-12-20 07:51:16 | 000,015,464 | -HS- | C] () -- C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\265i704r2qu2y215ulc4yp7rn6671x8860vytu36r87
[2011-12-20 07:51:16 | 000,015,464 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\265i704r2qu2y215ulc4yp7rn6671x8860vytu36r87
[2011-02-07 12:26:06 | 000,114,688 | RHS- | C] () -- C:\WINDOWS\System32\msexch40T.dll
[2003-01-28 18:44:28 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2001-10-09 09:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\@
[2001-10-09 09:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\{c473eeac-8377-1d7f-e234-fef60c4d9044}\@

========== LOP Check ==========

[2012-05-27 18:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\529C5357000020F100036D35D151FC4E
[2012-09-16 12:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6F63A58B0000E6CD0261CC5F7B07D287
[2012-03-01 13:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\86fed6
[2012-09-16 14:11:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2006-05-01 12:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey
[2012-09-16 14:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009-04-18 18:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011-02-19 08:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2012-09-16 13:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HJC\Application Data\Antivirus Protection
[2012-05-11 12:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HJC\Application Data\fifa
[2012-07-03 10:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HJC\Application Data\hellomoto
[2012-09-16 14:58:28 | 000,000,306 | -HS- | M] () -- C:\WINDOWS\Tasks\Uwckoyzrxv.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE  >
[2008-04-14 18:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D -- C:\WINDOWS\explorer.exe
[2008-04-14 18:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007-06-13 15:22:35 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=91E15A22E62A11014DB521FB589B6093 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007-06-13 15:10:54 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=9D7A9E7F4A89AA43D108C4E4C153B561 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004-08-27 02:53:49 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=DA77B9561CC9AC54584C86CAB36EBF25 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES.EXE  >
[2009-02-09 11:53:36 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=113BF3D1FDE0813E955381C137BA8F33 -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009-02-09 13:25:40 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=32F091E3425759B126760F44B5E931C9 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009-02-09 13:25:40 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=32F091E3425759B126760F44B5E931C9 -- C:\WINDOWS\SYSTEM32\DLLCACHE\services.exe
[2009-02-09 13:25:40 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=32F091E3425759B126760F44B5E931C9 -- C:\WINDOWS\SYSTEM32\services.exe
[2004-08-27 02:53:53 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=55BBE54A196B1A9F99EC2E01F4AC1215 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe
[2009-02-09 12:11:38 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=7B637DCA529042B0C506AE3C71660D16 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2008-04-14 18:06:01 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=AB2B6ABF3FCDA803FF0E2251F9A5274E -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008-04-14 18:06:01 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=AB2B6ABF3FCDA803FF0E2251F9A5274E -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009-02-09 13:18:41 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=F8BCC407FCB4CDBF17163FAE3C820D80 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe

< MD5 for: SVCHOST.EXE  >
[2004-08-27 02:53:54 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=46FE2ED518FDFBFD289F014A3078575C -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2012-09-07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programmer\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008-04-14 18:06:03 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=555F8F4CB284FE94059DCACF6074F9EC -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008-04-14 18:06:03 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=555F8F4CB284FE94059DCACF6074F9EC -- C:\WINDOWS\SYSTEM32\svchost.exe

< MD5 for: USERINIT.EXE  >
[2004-08-27 02:53:54 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=3A03D6433E4E5FD3430DD3431FC6AC54 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008-04-14 18:06:05 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008-04-14 18:06:05 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772 -- C:\WINDOWS\SYSTEM32\userinit.exe

< MD5 for: WINLOGON.EXE  >
[2012-09-07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programmer\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004-08-27 02:53:54 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=713AD65B9FF9CEE0A43181B442D846EB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-14 18:06:06 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 18:06:06 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B -- C:\WINDOWS\SYSTEM32\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemroot%\*. /mp /s >

< HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 /s >
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009-02-09 12:53:27 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

< HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32 /s >
"" = %SystemRoot%\system32\SHELL32.dll -- [2011-01-21 16:44:12 | 008,474,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: HITACHI_DK23EB-40
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0,00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 37,00GB
Starting Offset: 32901120
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >


---

OTL Extras logfile created on: 16-09-2012 15:01:56 - Run 1
OTL by OldTimer - Version 3.2.61.5    Folder = C:\Documents and Settings\HJC\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 78,60% Memory free
1,85 Gb Paging File | 1,60 Gb Available in Paging File | 86,12% Paging File free
Paging file location(s):  [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 37,23 Gb Total Space | 21,57 Gb Free Space | 57,94% Space Free | Partition Type: NTFS

Computer Name: BJERGLY | User Name: HJC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1723214923-1974565712-2106517767-1012\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Programmer\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\svc]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97C6-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4C701994-43D2-4B7B-A548-C6E6C224D9A9}" = Intel® PRO Network Adapters WMI Provider (2.0)
"{6797B492-3814-4129-AD07-C727D23FB5BF}" = Intel® Pro Alerting Agent, Version 3.0.0
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple-programunderstøttelse
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0010-0406-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Danish) 12
"{90120000-0015-0406-0000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2007
"{90120000-0015-0406-0000-0000000FF1CE}_PROHYBRIDR_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0406-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2007
"{90120000-0016-0406-0000-0000000FF1CE}_PROHYBRIDR_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0406-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2007
"{90120000-0018-0406-0000-0000000FF1CE}_PROHYBRIDR_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0406-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2007
"{90120000-0019-0406-0000-0000000FF1CE}_PROHYBRIDR_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0406-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2007
"{90120000-001A-0406-0000-0000000FF1CE}_PROHYBRIDR_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0406-0000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2007
"{90120000-001B-0406-0000-0000000FF1CE}_PROHYBRIDR_{652017DD-E99F-4420-9CC8-AC25CE8375A5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2007
"{90120000-001F-0406-0000-0000000FF1CE}_PROHYBRIDR_{25E093C2-374E-44A9-9BCE-3881BD442F3F}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0406-0000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2007
"{90120000-006E-0406-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2007
"{90120000-006E-0406-0000-0000000FF1CE}_PROHYBRIDR_{50865937-2EBB-4BBF-8861-BF5972C95D4B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1030-7B44-A81300000003}" = Adobe Reader 8.1.3 - Dansk
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD202930-5F70-4B35-B875-1E28604F328D}" = Logitech Communications Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Press Interactive Training" = Microsoft Interactive Training
"Mozilla Firefox 12.0 (x86 da)" = Mozilla Firefox 12.0 (x86 da)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1723214923-1974565712-2106517767-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Smart Fortress 2012" = Smart Fortress 2012

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14-10-2010 21:28:40 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 14-10-2010 22:28:39 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 14-10-2010 23:28:37 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 15-10-2010 00:28:38 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 15-10-2010 01:28:37 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 15-10-2010 02:28:40 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 15-10-2010 03:25:14 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 15-10-2010 04:25:14 | Computer Name = BJERGLY | Source = Google Update | ID = 20
Description =

Error - 24-10-2010 11:22:26 | Computer Name = BJERGLY | Source = Application Hang | ID = 1002
Description = Stoppet program OUTLOOK.EXE, version 12.0.6539.5000, stoppet modul
hungapp, version 0.0.0.0, stoppet adresse 0x00000000.

Error - 03-11-2010 07:18:44 | Computer Name = BJERGLY | Source = Application Hang | ID = 1002
Description = Stoppet program iexplore.exe, version 7.0.6000.17091, stoppet modul
hungapp, version 0.0.0.0, stoppet adresse 0x00000000.

[ System Events ]
Error - 15-09-2012 04:28:29 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 05:19:09 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 07:19:53 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 07:47:27 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 07:47:27 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7026
Description = Følgende boot-start- eller system-start-driver kunne ikke indlæses:
  agp440

Error - 16-09-2012 07:56:57 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 08:05:45 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 08:21:28 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 08:40:31 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060

Error - 16-09-2012 08:59:50 | Computer Name = BJERGLY | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  %%1060


< End of report >
Avatar billede f-arn Guru
17. september 2012 - 14:40 #1
Deaktiver dine Sikkerheds programmer, mens "Fixet" kører.

Start OTL

Kopier nedenstånde med fed skrift ind i feltet "Custom Scans/Fixes"

:processes
killallprocesses

:OTL
O20 - Winlogon\Notify\b04d0485382: DllName - (C:\WINDOWS\system32\__c00525F1.dat) -  File not found
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:Services
ouso

:files
C:\Documents and Settings\HJC\Application Data\hellomoto
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}
C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\{c473eeac-8377-1d7f-e234-fef60c4d9044}
C:\WINDOWS\Tasks\Uwckoyzrxv.job
ipconfig /flushdns /c
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
netsh winsock reset catalog /c

:Commands
[resethosts]
[CREATERESTOREPOINT]
[emptytemp]
[Reboot]


Luk alle andre åbne vinduer og klik på "Run Fix"

Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd.

Ellers ligger den her: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log
Avatar billede Coldize Nybegynder
17. september 2012 - 14:43 #2
Okay, det kaster jeg mig over så snart jeg har fri og sidder foran computeren.
Avatar billede f-arn Guru
17. september 2012 - 15:22 #3
Når jeg skriver "Deaktiver dine Sikkerheds programmer, mens "Fixet" kører." gælder det alle Sikkerheds programmer !

Også Malwarebytes
Avatar billede Coldize Nybegynder
17. september 2012 - 17:41 #4
All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\b04d0485382\ deleted successfully.
C:\WINDOWS\001165_.tmp deleted successfully.
C:\WINDOWS\003718_.tmp deleted successfully.
C:\WINDOWS\006122_.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SETA4.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
Service ouso stopped successfully!
Service ouso deleted successfully!
========== FILES ==========
C:\Documents and Settings\HJC\Application Data\hellomoto folder moved successfully.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\U folder moved successfully.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044}\L folder moved successfully.
C:\WINDOWS\Installer\{c473eeac-8377-1d7f-e234-fef60c4d9044} folder moved successfully.
C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\{c473eeac-8377-1d7f-e234-fef60c4d9044}\U folder moved successfully.
C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\{c473eeac-8377-1d7f-e234-fef60c4d9044}\L folder moved successfully.
C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\{c473eeac-8377-1d7f-e234-fef60c4d9044} folder moved successfully.
C:\WINDOWS\Tasks\Uwckoyzrxv.job moved successfully.
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev tømt.
C:\Documents and Settings\HJC\Skrivebord\cmd.bat deleted successfully.
C:\Documents and Settings\HJC\Skrivebord\cmd.txt deleted successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
C:\Documents and Settings\HJC\Skrivebord\cmd.bat deleted successfully.
C:\Documents and Settings\HJC\Skrivebord\cmd.txt deleted successfully.
< netsh winsock reset catalog /c >
Winsock-kataloget blev nulstillet.
Du skal genstarte computeren for at fuldf›re nulstillingen.
C:\Documents and Settings\HJC\Skrivebord\cmd.bat deleted successfully.
C:\Documents and Settings\HJC\Skrivebord\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 696118 bytes

User: All Users

User: Default User
->Temp folder emptied: 4271741 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: HJC
->Temp folder emptied: 345545558 bytes
->Temporary Internet Files folder emptied: 137303047 bytes
->Java cache emptied: 45231146 bytes
->FireFox cache emptied: 68361542 bytes
->Flash cache emptied: 8876309 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 10131992 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 328142701 bytes
->Flash cache emptied: 9074 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 963214884 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.823,00 mb


OTL by OldTimer - Version 3.2.61.5 log created on 09172012_172939

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Avatar billede Coldize Nybegynder
17. september 2012 - 17:50 #5
Kan det også være trojaneren der gør at søgefunktioner ikke virker?
Avatar billede f-arn Guru
17. september 2012 - 18:06 #6
Kan det også være trojaneren der gør at søgefunktioner ikke virker?


Du skriver ikke hvilke søgefunktioner - men ja.

------

Hent og gem ComboFix på dit skrivebord.

Kør så ComboFix.exe og følg anvisningerne.

Vigtigt--> Da ComboFix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her:  C:\ComboFix.txt
Avatar billede Coldize Nybegynder
17. september 2012 - 18:07 #7
Der er søgefunktioner som Google, MSN og ja selv herinde.
Avatar billede Coldize Nybegynder
17. september 2012 - 18:54 #8
Den fryser (rører intet ved computeren når jeg først har sat den til).

Den starter med at komme med en meddelelse om at der ikke er oprettet en gendannelses konsol og spørger så om jeg vil installere en fra nettet. Det laver den fejl i og starter så med at scanne.

Jeg lod den stå i 20 min. men der skete intet. Lagde derimod mærke til at den åbenbart fryser efter ca. 1 min. Da uret nede i hjørnet ikke rigtig kommer videre herefter.

Jeg slår alt fra inkl. Malwarebytes.
Avatar billede Coldize Nybegynder
17. september 2012 - 18:57 #9
I modsætning til igår kunne jeg nu se gendannelsestidspunkter inde i genoprettelses funktionen, og kan nu se Windows Sikkerhedscenter korrekt.

Igår kunne jeg ikke se om Windows Firewall var slået til eller fra eller redigere i indstillinger derinde. (kan dog stadig ikke aktivere den)
Avatar billede Coldize Nybegynder
17. september 2012 - 18:59 #10
Det eneste den skriver når jeg forsøger at komme ind i indstillingerne for den er:
Windows kan ikke vise indstillingerne for Windows Firewall af en ukendt årsag.
Avatar billede f-arn Guru
17. september 2012 - 19:33 #11
Vil du godt hente en ny  ComboFix, genstarte til fejlsikret og prøve igen.

Husk at slå sikkerhedes programmer fra.

Du må ikke røre PCen, mens ComboFix kører !!!
Avatar billede Coldize Nybegynder
17. september 2012 - 21:57 #12
har snart scannet en time , så vidt jeg  kan se på uret i hjørnet, er den ikke frosset. Skal jeg lade den stå natten over eller skal jeg stoppe den?
Avatar billede f-arn Guru
17. september 2012 - 22:07 #13
Lad den stå *S*
Avatar billede Coldize Nybegynder
18. september 2012 - 08:58 #14
Jeg har først mulighed for at kigge på den efter arbejde. dvs. ved en 17.30 tiden.
Hvis den stadig står og scanner, hvad skal jeg så gøre?
(Bare lige så jeg er forberedt) :)
Avatar billede f-arn Guru
18. september 2012 - 12:58 #15
Hvis uret er gået i stå, skal du stoppe den og genstarte.

Hvis den stadig kører, vil jeg gerne vide hvilket stage den er nået til.
Avatar billede Coldize Nybegynder
18. september 2012 - 18:44 #16
Nå jeg kommer så hen til computeren for at konstatere at den ikke har lavet noget.
Glemte helt igårt at skrive at selv om jeg er gået i fejlsikret tilstand, vil den stadig ikke installere genoprettelseskonsol og påbegynder i stedet  at scanne efter inficeret filer, med nedenstående tekst. (Det samme tekst som jeg ankom til for 20 min side)

Scanner efter inficerede filer  . . .
Dette tager typisk ikke mere end 10 minutter
Dog skal det bemærkes, at tiden kan nemt blive længere for maskiner, der er kraftigt inficeret


Hvad gør jeg herfra?????
Avatar billede f-arn Guru
18. september 2012 - 19:07 #17
Stop den og genstart.

------

Deaktiver dit sikkerhedprogram, mens du kører disse ->


Download Tdsskiller.zip på dit skrivebord og pak den ud i en mappe.

Start TDSSKiller.exe.

Under "Change parameters" sætter du flueben ved "Detect TDLFS file system"

Klik på "Start Scan"

Hvis en inficeret fil bliver fundet, vil "Default action" være Cure, klik på Continue
Hvis den finder TDLFS file system, klikker du på Delete.
Hvis en mistænkelig fil opdages, vil "Default action" være Skip, klik på Continue
Hvis den ikke spørger om "Reboot" (genstart) så klik på "Report", kopier den tekst herind i tråden.

Genstart hvis den kræver det.

Hvis den genstarter kan du finde logfilen her :
C:\TDSSKiller.[Version]_[Dato]_[Tidspunkt]_log.txt.

Kopier den tekst herind I denne tråd.

------

Hent og gem aswMBR på dit Skrivebord.

Start aswMBR og klik på "Scan"

Hvis den spørger efter "Avast virus definitioner" klikker du "Yes"

Når den er færdig med at scanne, klikker du på "SAVE LOG" og sender loggen herind.

------

PS Vil du godt gøre det, i den rækkefølge jeg anfører :exclaim:
Avatar billede Coldize Nybegynder
18. september 2012 - 19:28 #18
Okay step 1 er nu udført og jeg fortsætter til næste:

19:21:03.0687 3412  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:21:03.0890 3412  ============================================================
19:21:03.0890 3412  Current date / time: 2012/09/18 19:21:03.0890
19:21:03.0890 3412  SystemInfo:
19:21:03.0890 3412 
19:21:03.0890 3412  OS Version: 5.1.2600 ServicePack: 3.0
19:21:03.0890 3412  Product type: Workstation
19:21:03.0890 3412  ComputerName: BJERGLY
19:21:03.0890 3412  UserName: HJC
19:21:03.0890 3412  Windows directory: C:\WINDOWS
19:21:03.0890 3412  System windows directory: C:\WINDOWS
19:21:03.0890 3412  Processor architecture: Intel x86
19:21:03.0890 3412  Number of processors: 1
19:21:03.0890 3412  Page size: 0x1000
19:21:03.0890 3412  Boot type: Normal boot
19:21:03.0890 3412  ============================================================
19:21:06.0140 3412  Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:21:06.0140 3412  ============================================================
19:21:06.0140 3412  \Device\Harddisk0\DR0:
19:21:06.0140 3412  MBR partitions:
19:21:06.0140 3412  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4A757FC
19:21:06.0140 3412  ============================================================
19:21:06.0187 3412  C: <-> \Device\Harddisk0\DR0\Partition1
19:21:06.0187 3412  ============================================================
19:21:06.0187 3412  Initialize success
19:21:06.0187 3412  ============================================================
19:21:27.0046 2364  ============================================================
19:21:27.0046 2364  Scan started
19:21:27.0046 2364  Mode: Manual; TDLFS;
19:21:27.0046 2364  ============================================================
19:21:27.0281 2364  ================ Scan system memory ========================
19:21:27.0281 2364  System memory - ok
19:21:27.0296 2364  ================ Scan services =============================
19:21:27.0468 2364  Abiosdsk - ok
19:21:27.0531 2364  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
19:21:27.0531 2364  abp480n5 - ok
19:21:27.0640 2364  [ 9B4D88C2BCF3DD1C4EF9C276CBFD455B ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:21:27.0640 2364  Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 9B4D88C2BCF3DD1C4EF9C276CBFD455B, Fake md5: 991B6D6FE2A4D70CAF76C41334E60926
19:21:27.0656 2364  ACPI ( Virus.Win32.Rloader.a ) - infected
19:21:27.0656 2364  ACPI - detected Virus.Win32.Rloader.a (0)
19:21:27.0703 2364  [ 6F99FE216DE8C4875DBB12937620DA0C ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
19:21:27.0703 2364  ACPIEC - ok
19:21:27.0796 2364  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:21:27.0812 2364  AdobeFlashPlayerUpdateSvc - ok
19:21:27.0859 2364  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\System32\DRIVERS\adpu160m.sys
19:21:27.0859 2364  adpu160m - ok
19:21:27.0921 2364  [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio        C:\WINDOWS\system32\drivers\aeaudio.sys
19:21:27.0921 2364  aeaudio - ok
19:21:27.0953 2364  [ 8BED39E3C35D6A489438B8141717A557 ] aec            C:\WINDOWS\system32\drivers\aec.sys
19:21:27.0953 2364  aec - ok
19:21:28.0015 2364  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD            C:\WINDOWS\System32\drivers\afd.sys
19:21:28.0031 2364  AFD - ok
19:21:28.0093 2364  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
19:21:28.0109 2364  agp440 - ok
19:21:28.0140 2364  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
19:21:28.0140 2364  agpCPQ - ok
19:21:28.0187 2364  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x        C:\WINDOWS\System32\DRIVERS\aha154x.sys
19:21:28.0187 2364  Aha154x - ok
19:21:28.0250 2364  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2        C:\WINDOWS\System32\DRIVERS\aic78u2.sys
19:21:28.0250 2364  aic78u2 - ok
19:21:28.0265 2364  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx        C:\WINDOWS\System32\DRIVERS\aic78xx.sys
19:21:28.0281 2364  aic78xx - ok
19:21:28.0328 2364  [ 6642DB68B97ECB8088FBA2D2539FDB7E ] Alerter        C:\WINDOWS\system32\alrsvc.dll
19:21:28.0328 2364  Alerter - ok
19:21:28.0359 2364  [ AB74A1B7500ACA7D43D84804CBDF11FB ] ALG            C:\WINDOWS\System32\alg.exe
19:21:28.0359 2364  ALG - ok
19:21:28.0421 2364  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\System32\DRIVERS\aliide.sys
19:21:28.0437 2364  AliIde - ok
19:21:28.0468 2364  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\System32\DRIVERS\alim1541.sys
19:21:28.0468 2364  alim1541 - ok
19:21:28.0515 2364  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\System32\DRIVERS\amdagp.sys
19:21:28.0515 2364  amdagp - ok
19:21:28.0531 2364  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\System32\DRIVERS\amsint.sys
19:21:28.0531 2364  amsint - ok
19:21:28.0609 2364  [ E39274E0BE87E672211392A4176C4EE6 ] AppMgmt        C:\WINDOWS\System32\appmgmts.dll
19:21:28.0609 2364  AppMgmt - ok
19:21:28.0640 2364  [ 62D318E9A0C8FC9B780008E724283707 ] asc            C:\WINDOWS\System32\DRIVERS\asc.sys
19:21:28.0656 2364  asc - ok
19:21:28.0671 2364  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\System32\DRIVERS\asc3350p.sys
19:21:28.0671 2364  asc3350p - ok
19:21:28.0703 2364  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550        C:\WINDOWS\System32\DRIVERS\asc3550.sys
19:21:28.0703 2364  asc3550 - ok
19:21:28.0843 2364  [ 2B363D346B081BE18DC63E4A8139C258 ] ASFAgent        C:\Programmer\Intel\ASF Agent\ASFAgent.exe
19:21:28.0859 2364  ASFAgent - ok
19:21:29.0000 2364  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:21:29.0046 2364  aspnet_state - ok
19:21:29.0093 2364  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:21:29.0093 2364  AsyncMac - ok
19:21:29.0171 2364  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi          C:\WINDOWS\system32\DRIVERS\atapi.sys
19:21:29.0171 2364  atapi - ok
19:21:29.0187 2364  Atdisk - ok
19:21:29.0250 2364  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc        C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:21:29.0250 2364  Atmarpc - ok
19:21:29.0296 2364  [ F6C00138B3F637DDE807005B16E61DCC ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
19:21:29.0296 2364  AudioSrv - ok
19:21:29.0359 2364  [ D9F724AA26C010A217C97606B160ED68 ] audstub        C:\WINDOWS\system32\DRIVERS\audstub.sys
19:21:29.0359 2364  audstub - ok
19:21:29.0421 2364  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
19:21:29.0421 2364  Beep - ok
19:21:29.0500 2364  [ 51C84408E87A52187E25D839C58BDC45 ] BITS            C:\WINDOWS\system32\qmgr.dll
19:21:29.0562 2364  BITS - ok
19:21:29.0609 2364  [ 4BA311473E0D8557827E6F2FE33A8095 ] brfilt          C:\WINDOWS\system32\Drivers\Brfilt.sys
19:21:29.0609 2364  brfilt - ok
19:21:29.0625 2364  brmfbags - ok
19:21:29.0703 2364  [ 58AD7404C7FEE33EB0F3FC2BACD04FF6 ] Browser        C:\WINDOWS\System32\browser.dll
19:21:29.0703 2364  Browser - ok
19:21:29.0750 2364  [ E05D9EDA91C1B2C4C4F6F5A6D5B14B58 ] brparimg        C:\WINDOWS\system32\DRIVERS\BrParImg.sys
19:21:29.0750 2364  brparimg - ok
19:21:29.0781 2364  [ BCE53D2CC9EA15EA9646599A44B831CB ] BrParWdm        C:\WINDOWS\system32\Drivers\BrParwdm.sys
19:21:29.0796 2364  BrParWdm - ok
19:21:29.0859 2364  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf          C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
19:21:29.0859 2364  cbidf - ok
19:21:29.0875 2364  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k        C:\WINDOWS\system32\drivers\cbidf2k.sys
19:21:29.0875 2364  cbidf2k - ok
19:21:29.0921 2364  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
19:21:29.0921 2364  cd20xrnt - ok
19:21:29.0953 2364  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio        C:\WINDOWS\system32\drivers\Cdaudio.sys
19:21:29.0953 2364  Cdaudio - ok
19:21:30.0031 2364  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
19:21:30.0031 2364  Cdfs - ok
19:21:30.0062 2364  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom          C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:21:30.0078 2364  Cdrom - ok
19:21:30.0093 2364  Changer - ok
19:21:30.0156 2364  [ 1838615C98AFA3A0AC1F4B15A113A82F ] cisvc          C:\WINDOWS\system32\cisvc.exe
19:21:30.0156 2364  cisvc - ok
19:21:30.0218 2364  [ 5CEA9FBC68FBD66A91E7EF09900AB566 ] ClipSrv        C:\WINDOWS\system32\clipsrv.exe
19:21:30.0218 2364  ClipSrv - ok
19:21:30.0265 2364  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:21:30.0375 2364  clr_optimization_v2.0.50727_32 - ok
19:21:30.0421 2364  [ 5F473210A23E33AFAFEF3CF42B064D88 ] CmdIde          C:\WINDOWS\System32\DRIVERS\cmdide.sys
19:21:30.0421 2364  CmdIde - ok
19:21:30.0453 2364  COMSysApp - ok
19:21:30.0484 2364  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\System32\DRIVERS\cpqarray.sys
19:21:30.0484 2364  Cpqarray - ok
19:21:30.0546 2364  [ 325D42794A21D1717B98F354ACF499E2 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
19:21:30.0546 2364  CryptSvc - ok
19:21:30.0640 2364  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k        C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
19:21:30.0640 2364  dac2w2k - ok
19:21:30.0687 2364  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\System32\DRIVERS\dac960nt.sys
19:21:30.0687 2364  dac960nt - ok
19:21:30.0765 2364  [ 059187B38452A01BB3B397691DDF3552 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
19:21:30.0781 2364  DcomLaunch - ok
19:21:30.0859 2364  [ A6E52FA9ADA7F92DEF4206C0F64F6784 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
19:21:30.0859 2364  Dhcp - ok
19:21:30.0921 2364  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
19:21:30.0921 2364  Disk - ok
19:21:30.0937 2364  dmadmin - ok
19:21:31.0015 2364  [ 8A3088F97B2CAA3340BBB068F314E596 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
19:21:31.0031 2364  dmboot - ok
19:21:31.0078 2364  [ 6D152A2781FFBD6A63A1E58801240E8E ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
19:21:31.0078 2364  dmio - ok
19:21:31.0140 2364  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
19:21:31.0140 2364  dmload - ok
19:21:31.0234 2364  [ 6428446DF3FE5C3B439973FB4C43D38E ] dmserver        C:\WINDOWS\System32\dmserver.dll
19:21:31.0234 2364  dmserver - ok
19:21:31.0265 2364  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
19:21:31.0265 2364  DMusic - ok
19:21:31.0312 2364  [ 42970873BC779A19C2BAAD3FC0D5833A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
19:21:31.0312 2364  Dnscache - ok
19:21:31.0375 2364  [ 0B8193A12175EAE5BC34063A63C49CFF ] Dot3svc        C:\WINDOWS\System32\dot3svc.dll
19:21:31.0375 2364  Dot3svc - ok
19:21:31.0406 2364  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\System32\DRIVERS\dpti2o.sys
19:21:31.0421 2364  dpti2o - ok
19:21:31.0453 2364  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud        C:\WINDOWS\system32\drivers\drmkaud.sys
19:21:31.0453 2364  drmkaud - ok
19:21:31.0531 2364  [ 1FCD34CDABEF47DA160F8CF7471758A7 ] E1000          C:\WINDOWS\system32\DRIVERS\e1000nt5.sys
19:21:31.0531 2364  E1000 - ok
19:21:31.0578 2364  [ 95885EC4562461D3AD78AA6AC714D32F ] EapHost        C:\WINDOWS\System32\eapsvc.dll
19:21:31.0593 2364  EapHost - ok
19:21:31.0625 2364  [ 6E883BF518296A40959131C2304AF714 ] EL90XBC        C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
19:21:31.0625 2364  EL90XBC - ok
19:21:31.0687 2364  [ 396038F82CB672D83E792092319024AA ] ERSvc          C:\WINDOWS\System32\ersvc.dll
19:21:31.0687 2364  ERSvc - ok
19:21:31.0765 2364  [ 32F091E3425759B126760F44B5E931C9 ] Eventlog        C:\WINDOWS\system32\services.exe
19:21:31.0765 2364  Eventlog - ok
19:21:31.0843 2364  [ 72B9667D6F9FF2A85FCC43FDD7C8ED9F ] EventSystem    C:\WINDOWS\System32\es.dll
19:21:31.0859 2364  EventSystem - ok
19:21:31.0890 2364  [ 38D332A6D56AF32635675F132548343E ] Fastfat        C:\WINDOWS\system32\drivers\Fastfat.sys
19:21:31.0890 2364  Fastfat - ok
19:21:31.0968 2364  [ A17D630FABFE7B796CBDBEE79F9E6612 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:21:31.0984 2364  FastUserSwitchingCompatibility - ok
19:21:32.0046 2364  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc            C:\WINDOWS\system32\DRIVERS\fdc.sys
19:21:32.0046 2364  Fdc - ok
19:21:32.0078 2364  [ BB52A20854CF3E8E0474EE7167C7A3A5 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
19:21:32.0078 2364  Fips - ok
19:21:32.0140 2364  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:21:32.0140 2364  Flpydisk - ok
19:21:32.0187 2364  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
19:21:32.0187 2364  FltMgr - ok
19:21:32.0312 2364  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:21:32.0312 2364  FontCache3.0.0.0 - ok
19:21:32.0343 2364  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:21:32.0343 2364  Fs_Rec - ok
19:21:32.0375 2364  [ 0A58505B5D0ABA661D2FF59CD8CF79B9 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:21:32.0375 2364  Ftdisk - ok
19:21:32.0421 2364  [ FF065B977A8B71F679D17A9B1EF1C2E0 ] GCR410P        C:\WINDOWS\system32\DRIVERS\grserial.sys
19:21:32.0421 2364  GCR410P - ok
19:21:32.0484 2364  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc            C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:21:32.0484 2364  Gpc - ok
19:21:32.0593 2364  [ 9E256613B0A999DDD2AA889E340CD402 ] helpsvc        C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:21:32.0593 2364  helpsvc - ok
19:21:32.0765 2364  [ 8DBCD76C2A538C26357831DD14CD792F ] HidServ        C:\WINDOWS\System32\hidserv.dll
19:21:32.0765 2364  HidServ - ok
19:21:32.0812 2364  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:21:32.0812 2364  HidUsb - ok
19:21:32.0875 2364  [ 8751C1091AF19D3787798DA90FFB0902 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
19:21:32.0890 2364  hkmsvc - ok
19:21:32.0921 2364  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn            C:\WINDOWS\System32\DRIVERS\hpn.sys
19:21:32.0921 2364  hpn - ok
19:21:32.0968 2364  [ B077B7F8E79779EA967E84A4FC040227 ] hpt3xx          C:\WINDOWS\System32\DRIVERS\hpt3xx.sys
19:21:32.0968 2364  hpt3xx - ok
19:21:33.0046 2364  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
19:21:33.0046 2364  HTTP - ok
19:21:33.0125 2364  [ 8E23B6943D42D0BE0419F3FFFDE93A31 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
19:21:33.0125 2364  HTTPFilter - ok
19:21:33.0140 2364  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt        C:\WINDOWS\system32\drivers\i2omgmt.sys
19:21:33.0140 2364  i2omgmt - ok
19:21:33.0203 2364  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp          C:\WINDOWS\System32\DRIVERS\i2omp.sys
19:21:33.0203 2364  i2omp - ok
19:21:33.0250 2364  [ 42F890598EFB480076558CA3CC151107 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:21:33.0250 2364  i8042prt - ok
19:21:33.0281 2364  [ C7B04F6F4C2262561A792B5863A8A082 ] ialm            C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:21:33.0281 2364  ialm - ok
19:21:33.0453 2364  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:21:33.0453 2364  IDriverT - ok
19:21:33.0703 2364  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc          c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:21:33.0796 2364  idsvc - ok
19:21:33.0859 2364  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi          C:\WINDOWS\system32\drivers\Imapi.sys
19:21:33.0859 2364  Imapi - ok
19:21:33.0937 2364  [ F73C9C37D4B7453C2CB7DCFD2640C75F ] ImapiService    C:\WINDOWS\system32\imapi.exe
19:21:33.0937 2364  ImapiService - ok
19:21:34.0000 2364  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u        C:\WINDOWS\System32\DRIVERS\ini910u.sys
19:21:34.0000 2364  ini910u - ok
19:21:34.0046 2364  [ 3BCDDA95F24D21D4B050C9F0F531C88B ] IntelIde        C:\WINDOWS\System32\DRIVERS\intelide.sys
19:21:34.0046 2364  IntelIde - ok
19:21:34.0125 2364  [ D1CD31B6CD4A99F3B82AEC84CFDD4CBA ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:21:34.0125 2364  intelppm - ok
19:21:34.0171 2364  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw          C:\WINDOWS\system32\drivers\ip6fw.sys
19:21:34.0171 2364  ip6fw - ok
19:21:34.0218 2364  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:21:34.0218 2364  IpFilterDriver - ok
19:21:34.0281 2364  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:21:34.0281 2364  IpInIp - ok
19:21:34.0328 2364  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat          C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:21:34.0343 2364  IpNat - ok
19:21:34.0375 2364  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec          C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:21:34.0375 2364  IPSec - ok
19:21:34.0421 2364  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
19:21:34.0437 2364  IRENUM - ok
19:21:34.0500 2364  [ 3CE6EC5903C59223B61F6A0B9B84B022 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:21:34.0500 2364  isapnp - ok
19:21:34.0718 2364  [ 32192B4EBE8720ED8D49A455C962CB91 ] JavaQuickStarterService C:\Programmer\Java\jre6\bin\jqs.exe
19:21:34.0718 2364  JavaQuickStarterService - ok
19:21:34.0781 2364  [ 32E823DFD0A7F18CF3B024F78C7AA7DD ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:21:34.0781 2364  Kbdclass - ok
19:21:34.0796 2364  [ 530D40F58095397B6B8AA5A0FDD074A5 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:21:34.0796 2364  kbdhid - ok
19:21:34.0859 2364  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
19:21:34.0859 2364  kmixer - ok
19:21:34.0937 2364  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
19:21:34.0937 2364  KSecDD - ok
19:21:35.0000 2364  [ 58759156A6918913EDD368F995BE3E53 ] L8042Kbd        C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
19:21:35.0000 2364  L8042Kbd - ok
19:21:35.0062 2364  [ 973F78482AA2F2760323900B3A501C40 ] L8042mou        C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
19:21:35.0078 2364  L8042mou - ok
19:21:35.0140 2364  [ F429B46A773ED6B84025C8EA9949188F ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
19:21:35.0140 2364  lanmanserver - ok
19:21:35.0218 2364  [ 62D286F1131AAD51B6D8D8249A27B8CA ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:21:35.0218 2364  lanmanworkstation - ok
19:21:35.0281 2364  [ 231212DD5B44165BD3E3A836936E8E65 ] LBeepKE        C:\WINDOWS\system32\Drivers\LBeepKE.sys
19:21:35.0281 2364  LBeepKE - ok
19:21:35.0312 2364  lbrtfdc - ok
19:21:35.0375 2364  [ C91206CA84684057118265E8377C77B6 ] LHidFilt        C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
19:21:35.0375 2364  LHidFilt - ok
19:21:35.0421 2364  [ 508C79641EB2256D7B8FD9ED64AA7B53 ] LmHosts        C:\WINDOWS\System32\lmhsvc.dll
19:21:35.0421 2364  LmHosts - ok
19:21:35.0453 2364  [ 9F03720FA5E6D14CD4DFEA610F2C1A7C ] LMouFilt        C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
19:21:35.0453 2364  LMouFilt - ok
19:21:35.0500 2364  [ 2A3E4DB78B20B2CD2C548A48A8E6B1B7 ] LMouKE          C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
19:21:35.0500 2364  LMouKE - ok
19:21:35.0578 2364  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector  C:\WINDOWS\system32\drivers\mbam.sys
19:21:35.0593 2364  MBAMProtector - ok
19:21:35.0718 2364  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler  C:\Programmer\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:21:35.0734 2364  MBAMScheduler - ok
19:21:35.0812 2364  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService    C:\Programmer\Malwarebytes' Anti-Malware\mbamservice.exe
19:21:35.0828 2364  MBAMService - ok
19:21:35.0953 2364  [ 11F714F85530A2BD134074DC30E99FCA ] MDM            C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
19:21:35.0968 2364  MDM - ok
19:21:36.0031 2364  [ 6C585D70D270607FF861D762494B25E2 ] Messenger      C:\WINDOWS\System32\msgsvc.dll
19:21:36.0031 2364  Messenger - ok
19:21:36.0093 2364  [ A7DA20AB18A1BDAE28B0F349E57DA0D1 ] mf              C:\WINDOWS\system32\DRIVERS\mf.sys
19:21:36.0093 2364  mf - ok
19:21:36.0156 2364  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd          C:\WINDOWS\system32\drivers\mnmdd.sys
19:21:36.0156 2364  mnmdd - ok
19:21:36.0250 2364  [ 8184E5463AB9BB8CFB37A28852DB16C5 ] mnmsrvc        C:\WINDOWS\System32\mnmsrvc.exe
19:21:36.0250 2364  mnmsrvc - ok
19:21:36.0312 2364  [ 67AC997DB66FDFD07738DF58B45CD1B9 ] Modem          C:\WINDOWS\system32\drivers\Modem.sys
19:21:36.0312 2364  Modem - ok
19:21:36.0343 2364  [ 22774A2AB832972ECA2CE227819F5AF0 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:21:36.0343 2364  Mouclass - ok
19:21:36.0375 2364  [ 39F0A46109B167707018E8889D5FEC93 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:21:36.0375 2364  mouhid - ok
19:21:36.0453 2364  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
19:21:36.0453 2364  MountMgr - ok
19:21:36.0531 2364  [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Programmer\Mozilla Maintenance Service\maintenanceservice.exe
19:21:36.0546 2364  MozillaMaintenance - ok
19:21:36.0625 2364  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\System32\DRIVERS\mraid35x.sys
19:21:36.0640 2364  mraid35x - ok
19:21:36.0687 2364  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:21:36.0703 2364  MRxDAV - ok
19:21:36.0796 2364  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:21:36.0796 2364  MRxSmb - ok
19:21:36.0875 2364  [ 5375122A1C3ABF51A9DBE222398E3A25 ] MSDTC          C:\WINDOWS\System32\msdtc.exe
19:21:36.0875 2364  MSDTC - ok
19:21:36.0953 2364  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
19:21:36.0953 2364  Msfs - ok
19:21:36.0968 2364  MSIServer - ok
19:21:37.0046 2364  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV        C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:21:37.0046 2364  MSKSSRV - ok
19:21:37.0078 2364  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:21:37.0078 2364  MSPCLOCK - ok
19:21:37.0140 2364  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM          C:\WINDOWS\system32\drivers\MSPQM.sys
19:21:37.0140 2364  MSPQM - ok
19:21:37.0156 2364  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:21:37.0171 2364  mssmbios - ok
19:21:37.0234 2364  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup            C:\WINDOWS\system32\drivers\Mup.sys
19:21:37.0234 2364  Mup - ok
19:21:37.0328 2364  [ 8FF76BFF355B66E320BC1E4429C22657 ] napagent        C:\WINDOWS\System32\qagentrt.dll
19:21:37.0328 2364  napagent - ok
19:21:37.0421 2364  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
19:21:37.0421 2364  NDIS - ok
19:21:37.0484 2364  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:21:37.0484 2364  NdisTapi - ok
19:21:37.0546 2364  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio        C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:21:37.0546 2364  Ndisuio - ok
19:21:37.0640 2364  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan        C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:21:37.0640 2364  NdisWan - ok
19:21:37.0671 2364  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy        C:\WINDOWS\system32\drivers\NDProxy.sys
19:21:37.0671 2364  NDProxy - ok
19:21:37.0734 2364  [ 73C0F29643F54EBE777521C88535114A ] NetAlrt        C:\WINDOWS\System32\drivers\NetAlrt.sys
19:21:37.0734 2364  NetAlrt - ok
19:21:37.0812 2364  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS        C:\WINDOWS\system32\DRIVERS\netbios.sys
19:21:37.0812 2364  NetBIOS - ok
19:21:37.0843 2364  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT          C:\WINDOWS\system32\DRIVERS\netbt.sys
19:21:37.0859 2364  NetBT - ok
19:21:37.0921 2364  [ 1B81D1D833268A82F979CB4CC8F7A4EF ] NetDDE          C:\WINDOWS\system32\netdde.exe
19:21:37.0937 2364  NetDDE - ok
19:21:37.0953 2364  [ 1B81D1D833268A82F979CB4CC8F7A4EF ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
19:21:37.0953 2364  NetDDEdsdm - ok
19:21:38.0015 2364  [ AC9FCA8BCD685ABDB9928B1964B731A2 ] Netlogon        C:\WINDOWS\System32\lsass.exe
19:21:38.0015 2364  Netlogon - ok
19:21:38.0062 2364  [ 7B4A4A94389364565C2334A82FCDDF67 ] Netman          C:\WINDOWS\System32\netman.dll
19:21:38.0062 2364  Netman - ok
19:21:38.0140 2364  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:21:38.0156 2364  NetTcpPortSharing - ok
19:21:38.0218 2364  [ 3B0979E9506755266C100F43D3700CA7 ] Nla            C:\WINDOWS\System32\mswsock.dll
19:21:38.0234 2364  Nla - ok
19:21:38.0281 2364  [ 847D6D775524FA5E58D851DDEC566A12 ] NMSCFG          C:\WINDOWS\System32\drivers\NMSCFG.SYS
19:21:38.0281 2364  NMSCFG - ok
19:21:38.0375 2364  [ 89F315B13245C3DFDA4438694F302B2E ] NMSSvc          C:\WINDOWS\System32\NMSSvc.exe
19:21:38.0406 2364  NMSSvc - ok
19:21:38.0453 2364  [ B9730495E0CF674680121E34BD95A73B ] NPF            C:\WINDOWS\system32\drivers\NPF.sys
19:21:38.0453 2364  NPF - ok
19:21:38.0531 2364  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
19:21:38.0531 2364  Npfs - ok
19:21:38.0593 2364  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
19:21:38.0609 2364  Ntfs - ok
19:21:38.0656 2364  [ AC9FCA8BCD685ABDB9928B1964B731A2 ] NtLmSsp        C:\WINDOWS\System32\lsass.exe
19:21:38.0656 2364  NtLmSsp - ok
19:21:38.0734 2364  [ 1FE8446399F6044504F569014A2599B3 ] NtmsSvc        C:\WINDOWS\system32\ntmssvc.dll
19:21:38.0750 2364  NtmsSvc - ok
19:21:38.0796 2364  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
19:21:38.0796 2364  Null - ok
19:21:38.0953 2364  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:21:39.0078 2364  nv - ok
19:21:39.0140 2364  [ 4D31783965B0B7CED7DB3F4EE14CF260 ] nv4            C:\WINDOWS\system32\DRIVERS\nv4.sys
19:21:39.0156 2364  nv4 - ok
19:21:39.0187 2364  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:21:39.0187 2364  NwlnkFlt - ok
19:21:39.0203 2364  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:21:39.0218 2364  NwlnkFwd - ok
19:21:39.0421 2364  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE
19:21:39.0437 2364  odserv - ok
19:21:39.0484 2364  [ 53D5F1278D9EDB21689BBBCECC09108D ] omci            C:\WINDOWS\system32\DRIVERS\omci.sys
19:21:39.0484 2364  omci - ok
19:21:39.0578 2364  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE
19:21:39.0578 2364  ose - ok
19:21:39.0625 2364  [ 9BF236206FA05C0182693F81CCA36D58 ] P3              C:\WINDOWS\system32\DRIVERS\p3.sys
19:21:39.0625 2364  P3 - ok
19:21:39.0703 2364  [ 9E048790F33FE5F4FA9D27B5650A1DD5 ] Parport        C:\WINDOWS\system32\DRIVERS\parport.sys
19:21:39.0703 2364  Parport - ok
19:21:39.0734 2364  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr        C:\WINDOWS\system32\drivers\PartMgr.sys
19:21:39.0734 2364  PartMgr - ok
19:21:39.0796 2364  [ 48E97AF5B876301131E9D1B0C43212C3 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
19:21:39.0796 2364  ParVdm - ok
19:21:39.0859 2364  [ 3ADB8BD6154A3EF87496E8FCE9C22493 ] pavboot        C:\WINDOWS\system32\drivers\pavboot.sys
19:21:39.0859 2364  pavboot - ok
19:21:39.0921 2364  [ 5D756DA95BD1E2F6E495704715532FDC ] PCI            C:\WINDOWS\system32\DRIVERS\pci.sys
19:21:39.0937 2364  PCI - ok
19:21:39.0937 2364  PCIDump - ok
19:21:40.0015 2364  [ 69CE0D409C11347196147EA4C6C02364 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
19:21:40.0015 2364  PCIIde - ok
19:21:40.0093 2364  [ E980B6D0CA6ACBA679A0AC810AB9A57C ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
19:21:40.0093 2364  Pcmcia - ok
19:21:40.0109 2364  PDCOMP - ok
19:21:40.0125 2364  PDFRAME - ok
19:21:40.0156 2364  PDRELI - ok
19:21:40.0171 2364  PDRFRAME - ok
19:21:40.0218 2364  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2          C:\WINDOWS\System32\DRIVERS\perc2.sys
19:21:40.0218 2364  perc2 - ok
19:21:40.0234 2364  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\System32\DRIVERS\perc2hib.sys
19:21:40.0234 2364  perc2hib - ok
19:21:40.0468 2364  [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart  C:\ComboFix\pev.3XE
19:21:40.0484 2364  PEVSystemStart - ok
19:21:40.0531 2364  [ 7E885EB50520747204947EFF818B0A29 ] PlatAlrt        C:\WINDOWS\System32\drivers\PlatAlrt.sys
19:21:40.0531 2364  PlatAlrt - ok
19:21:40.0562 2364  [ 32F091E3425759B126760F44B5E931C9 ] PlugPlay        C:\WINDOWS\system32\services.exe
19:21:40.0562 2364  PlugPlay - ok
19:21:40.0609 2364  [ AC9FCA8BCD685ABDB9928B1964B731A2 ] PolicyAgent    C:\WINDOWS\system32\lsass.exe
19:21:40.0609 2364  PolicyAgent - ok
19:21:40.0625 2364  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:21:40.0640 2364  PptpMiniport - ok
19:21:40.0687 2364  [ ED3CC89AF43FB4BAA963DA18F7474681 ] Processor      C:\WINDOWS\system32\DRIVERS\processr.sys
19:21:40.0687 2364  Processor - ok
19:21:40.0718 2364  [ AC9FCA8BCD685ABDB9928B1964B731A2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:21:40.0718 2364  ProtectedStorage - ok
19:21:40.0734 2364  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
19:21:40.0734 2364  PSched - ok
19:21:40.0812 2364  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink        C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:21:40.0812 2364  Ptilink - ok
19:21:40.0875 2364  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\System32\DRIVERS\ql1080.sys
19:21:40.0875 2364  ql1080 - ok
19:21:40.0890 2364  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt        C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
19:21:40.0890 2364  Ql10wnt - ok
19:21:40.0906 2364  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160        C:\WINDOWS\System32\DRIVERS\ql12160.sys
19:21:40.0906 2364  ql12160 - ok
19:21:40.0921 2364  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\System32\DRIVERS\ql1240.sys
19:21:40.0921 2364  ql1240 - ok
19:21:40.0953 2364  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\System32\DRIVERS\ql1280.sys
19:21:40.0953 2364  ql1280 - ok
19:21:40.0968 2364  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:21:40.0968 2364  RasAcd - ok
19:21:41.0062 2364  [ 82C008EC993ABA0BBC9D178B25F71746 ] RasAuto        C:\WINDOWS\System32\rasauto.dll
19:21:41.0062 2364  RasAuto - ok
19:21:41.0125 2364  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp        C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:21:41.0125 2364  Rasl2tp - ok
19:21:41.0234 2364  [ 8A18F96203BE26AD7E6A4AF765610527 ] RasMan          C:\WINDOWS\System32\rasmans.dll
19:21:41.0234 2364  RasMan - ok
19:21:41.0265 2364  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:21:41.0265 2364  RasPppoe - ok
19:21:41.0296 2364  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
19:21:41.0296 2364  Raspti - ok
19:21:41.0343 2364  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss          C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:21:41.0343 2364  Rdbss - ok
19:21:41.0375 2364  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:21:41.0375 2364  RDPCDD - ok
19:21:41.0453 2364  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr          C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:21:41.0468 2364  rdpdr - ok
19:21:41.0531 2364  [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD          C:\WINDOWS\system32\drivers\RDPWD.sys
19:21:41.0546 2364  RDPWD - ok
19:21:41.0656 2364  [ 2C0AB39D91E3C9118A191A48F7BD67F6 ] RDSessMgr      C:\WINDOWS\system32\sessmgr.exe
19:21:41.0656 2364  RDSessMgr - ok
19:21:41.0734 2364  [ D2EA9DAE9A9F1BF40C0EA1D1D7C5592C ] redbook        C:\WINDOWS\system32\DRIVERS\redbook.sys
19:21:41.0734 2364  redbook - ok
19:21:41.0781 2364  [ BD3EA2FCA2D32B003874BA4819F1818C ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
19:21:41.0781 2364  RemoteAccess - ok
19:21:41.0843 2364  [ 13BCBC0ACF9DC7F3192034BD858CC1AD ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
19:21:41.0843 2364  RemoteRegistry - ok
19:21:41.0890 2364  [ 9FABC6ADD7A3212EA934E62943DE252C ] RpcLocator      C:\WINDOWS\System32\locator.exe
19:21:41.0890 2364  RpcLocator - ok
19:21:41.0953 2364  [ 059187B38452A01BB3B397691DDF3552 ] RpcSs          C:\WINDOWS\system32\rpcss.dll
19:21:41.0953 2364  RpcSs - ok
19:21:42.0015 2364  [ 72309905945D7EAAB911B376F86B95E6 ] RSVP            C:\WINDOWS\System32\rsvp.exe
19:21:42.0031 2364  RSVP - ok
19:21:42.0062 2364  [ AC9FCA8BCD685ABDB9928B1964B731A2 ] SamSs          C:\WINDOWS\system32\lsass.exe
19:21:42.0062 2364  SamSs - ok
19:21:42.0140 2364  [ C8BF6AE55768820130ECF35A6E4D64CC ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
19:21:42.0140 2364  SCardSvr - ok
19:21:42.0218 2364  [ 7D53DC5DE342AF26401A3CBBBC8CAFB8 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
19:21:42.0234 2364  Schedule - ok
19:21:42.0296 2364  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:21:42.0296 2364  Secdrv - ok
19:21:42.0359 2364  [ 31C48478030803C99A050C47C22D4A9D ] seclogon        C:\WINDOWS\System32\seclogon.dll
19:21:42.0359 2364  seclogon - ok
19:21:42.0390 2364  [ 1DDA52FBBD05D3FA61A209447FA54AEF ] SENS            C:\WINDOWS\system32\sens.dll
19:21:42.0390 2364  SENS - ok
19:21:42.0468 2364  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum        C:\WINDOWS\system32\DRIVERS\serenum.sys
19:21:42.0468 2364  serenum - ok
19:21:42.0531 2364  [ 680ED46039EBD4C23EB708F1AF6B9E5D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
19:21:42.0531 2364  Serial - ok
19:21:42.0703 2364  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy        C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:21:42.0703 2364  Sfloppy - ok
19:21:42.0750 2364  [ A17D630FABFE7B796CBDBEE79F9E6612 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:21:42.0750 2364  ShellHWDetection - ok
19:21:42.0765 2364  Simbad - ok
19:21:42.0828 2364  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\System32\DRIVERS\sisagp.sys
19:21:42.0828 2364  sisagp - ok
19:21:42.0921 2364  [ 8583E3DC5285EB3DDFB74FB646CDF295 ] smwdm          C:\WINDOWS\system32\drivers\smwdm.sys
19:21:42.0937 2364  smwdm - ok
19:21:42.0984 2364  [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1        C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:21:42.0984 2364  SONYPVU1 - ok
19:21:43.0015 2364  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow        C:\WINDOWS\System32\DRIVERS\sparrow.sys
19:21:43.0015 2364  Sparrow - ok
19:21:43.0062 2364  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
19:21:43.0078 2364  splitter - ok
19:21:43.0125 2364  [ 60784F891563FB1B767F70117FC2428F ] Spooler        C:\WINDOWS\system32\spoolsv.exe
19:21:43.0125 2364  Spooler - ok
19:21:43.0156 2364  [ B3ECB8B07F7991132C71C1B16A82FFE3 ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
19:21:43.0156 2364  sr - ok
19:21:43.0234 2364  [ 1E8F91A7CD08BDB7482746F97365E12E ] srservice      C:\WINDOWS\system32\srsvc.dll
19:21:43.0234 2364  srservice - ok
19:21:43.0328 2364  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv            C:\WINDOWS\system32\DRIVERS\srv.sys
19:21:43.0328 2364  Srv - ok
19:21:43.0390 2364  [ B1D1003D618961EB936A0717E74CB147 ] SSDPSRV        C:\WINDOWS\System32\ssdpsrv.dll
19:21:43.0406 2364  SSDPSRV - ok
19:21:43.0453 2364  [ 787E2A34B0BE4B102843D0659811C7AC ] stisvc          C:\WINDOWS\system32\wiaservc.dll
19:21:43.0468 2364  stisvc - ok
19:21:43.0531 2364  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
19:21:43.0531 2364  swenum - ok
19:21:43.0703 2364  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
19:21:43.0703 2364  swmidi - ok
19:21:43.0718 2364  SwPrv - ok
19:21:43.0765 2364  [ 1FF3217614018630D0A6758630FC698C ] symc810        C:\WINDOWS\System32\DRIVERS\symc810.sys
19:21:43.0765 2364  symc810 - ok
19:21:43.0781 2364  [ 070E001D95CF725186EF8B20335F933C ] symc8xx        C:\WINDOWS\System32\DRIVERS\symc8xx.sys
19:21:43.0781 2364  symc8xx - ok
19:21:43.0812 2364  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\System32\DRIVERS\sym_hi.sys
19:21:43.0812 2364  sym_hi - ok
19:21:43.0828 2364  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\System32\DRIVERS\sym_u3.sys
19:21:43.0828 2364  sym_u3 - ok
19:21:43.0890 2364  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
19:21:43.0890 2364  sysaudio - ok
19:21:43.0953 2364  [ 6453945E83873CDC17E81B0E6A71E707 ] SysmonLog      C:\WINDOWS\system32\smlogsvc.exe
19:21:43.0968 2364  SysmonLog - ok
19:21:44.0000 2364  [ DD04BA74CF4D5D223675B1BD8326648E ] TapiSrv        C:\WINDOWS\System32\tapisrv.dll
19:21:44.0000 2364  TapiSrv - ok
19:21:44.0093 2364  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip          C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:21:44.0109 2364  Tcpip - ok
19:21:44.0171 2364  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
19:21:44.0171 2364  TDPIPE - ok
19:21:44.0203 2364  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP          C:\WINDOWS\system32\drivers\TDTCP.sys
19:21:44.0218 2364  TDTCP - ok
19:21:44.0281 2364  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
19:21:44.0281 2364  TermDD - ok
19:21:44.0359 2364  [ 14C8EC0AA06A33CCC5407E4324F91312 ] TermService    C:\WINDOWS\System32\termsrv.dll
19:21:44.0375 2364  TermService - ok
19:21:44.0406 2364  [ A17D630FABFE7B796CBDBEE79F9E6612 ] Themes          C:\WINDOWS\System32\shsvcs.dll
19:21:44.0406 2364  Themes - ok
19:21:44.0468 2364  [ 5CA8CA112235E9178F20422A07135F0E ] TlntSvr        C:\WINDOWS\System32\tlntsvr.exe
19:21:44.0484 2364  TlntSvr - ok
19:21:44.0546 2364  [ 9B0EDFA321A32202B0D0D94B853F0A78 ] TosIde          C:\WINDOWS\System32\DRIVERS\toside.sys
19:21:44.0546 2364  TosIde - ok
19:21:44.0703 2364  [ F9D5FFA46CDE05C235EA258C02BA8A66 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
19:21:44.0703 2364  TrkWks - ok
19:21:44.0765 2364  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
19:21:44.0781 2364  Udfs - ok
19:21:44.0812 2364  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra          C:\WINDOWS\System32\DRIVERS\ultra.sys
19:21:44.0812 2364  ultra - ok
19:21:44.0890 2364  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
19:21:44.0906 2364  Update - ok
19:21:44.0984 2364  [ D091AA5963C06AFEC8BFC3D5B1B24647 ] upnphost        C:\WINDOWS\System32\upnphost.dll
19:21:44.0984 2364  upnphost - ok
19:21:45.0031 2364  [ 925EDCAE2170355679E1D2D1E638F68E ] UPS            C:\WINDOWS\System32\ups.exe
19:21:45.0031 2364  UPS - ok
19:21:45.0109 2364  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp        C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:21:45.0109 2364  usbccgp - ok
19:21:45.0171 2364  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci        C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:21:45.0171 2364  usbehci - ok
19:21:45.0234 2364  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:21:45.0250 2364  usbhub - ok
19:21:45.0312 2364  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan        C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:21:45.0312 2364  usbscan - ok
19:21:45.0343 2364  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR        C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:21:45.0343 2364  USBSTOR - ok
19:21:45.0390 2364  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci        C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:21:45.0390 2364  usbuhci - ok
19:21:45.0421 2364  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave        C:\WINDOWS\System32\drivers\vga.sys
19:21:45.0421 2364  VgaSave - ok
19:21:45.0468 2364  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\System32\DRIVERS\viaagp.sys
19:21:45.0468 2364  viaagp - ok
19:21:45.0515 2364  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\System32\DRIVERS\viaide.sys
19:21:45.0515 2364  ViaIde - ok
19:21:45.0546 2364  [ 69D9E1DE5F897580F8B1D1957528B0B2 ] VolSnap        C:\WINDOWS\system32\drivers\VolSnap.sys
19:21:45.0546 2364  VolSnap - ok
19:21:45.0734 2364  [ 3F5D90C4BB1C6A75E264E8D7148EB3CE ] VSS            C:\WINDOWS\System32\vssvc.exe
19:21:45.0750 2364  VSS - ok
19:21:45.0781 2364  [ 1C398054BA3D3E75E991F548AB8D763F ] w32time        C:\WINDOWS\system32\w32time.dll
19:21:45.0796 2364  w32time - ok
19:21:45.0828 2364  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:21:45.0828 2364  Wanarp - ok
19:21:45.0890 2364  [ 3DDD5E3B14944E211AB3274BAE5E4129 ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
19:21:45.0890 2364  wceusbsh - ok
19:21:45.0984 2364  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
19:21:46.0000 2364  Wdf01000 - ok
19:21:46.0015 2364  WDICA - ok
19:21:46.0046 2364  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
19:21:46.0062 2364  wdmaud - ok
19:21:46.0125 2364  [ 1A85AD583CD64227203BDC1FE2AFA520 ] WebClient      C:\WINDOWS\System32\webclnt.dll
19:21:46.0125 2364  WebClient - ok
19:21:46.0281 2364  [ C16C23396F1C1BA7D170C54EC4E78F1B ] winmgmt        C:\WINDOWS\system32\wbem\WMIsvc.dll
19:21:46.0281 2364  winmgmt - ok
19:21:46.0375 2364  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
19:21:46.0375 2364  WmdmPmSN - ok
19:21:46.0468 2364  [ 031AE33D8F143D37F53E122375950396 ] Wmi            C:\WINDOWS\System32\advapi32.dll
19:21:46.0484 2364  Wmi - ok
19:21:46.0546 2364  [ A11D7A4DBABBF29BD66E189905C21D4E ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:21:46.0562 2364  WmiApSrv - ok
19:21:46.0781 2364  [ 6EE45AD8DBEF8785B8CD312736626EBE ] WMPNetworkSvc  C:\Programmer\Windows Media Player\WMPNetwk.exe
19:21:46.0812 2364  WMPNetworkSvc - ok
19:21:46.0843 2364  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL        C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:21:46.0843 2364  WS2IFSL - ok
19:21:46.0921 2364  [ BC71BC51DD57E792851D31795F3EDBF1 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
19:21:46.0921 2364  wscsvc - ok
19:21:46.0953 2364  [ 2BC349942C6CE07736F78BEC266816CE ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
19:21:46.0968 2364  wuauserv - ok
19:21:47.0015 2364  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:21:47.0031 2364  WudfPf - ok
19:21:47.0062 2364  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:21:47.0062 2364  WudfRd - ok
19:21:47.0093 2364  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc        C:\WINDOWS\System32\WUDFSvc.dll
19:21:47.0093 2364  WudfSvc - ok
19:21:47.0187 2364  [ F335FB0F45374C2EA9C3EBA798EB550D ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
19:21:47.0187 2364  WZCSVC - ok
19:21:47.0250 2364  [ 3FEE6C536D5BFC0F1B6BCA56F97D1F80 ] xmlprov        C:\WINDOWS\System32\xmlprov.dll
19:21:47.0265 2364  xmlprov - ok
19:21:47.0312 2364  [ 981210DDF5F7ED0CDF9F407999B3080C ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
19:21:47.0328 2364  {6080A529-897E-4629-A488-ABA0C29B635E} - ok
19:21:47.0359 2364  [ 7BA8437F4E9DB34AC602FFB66CA7120F ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
19:21:47.0359 2364  {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
19:21:47.0359 2364  ================ Scan global ===============================
19:21:47.0421 2364  [ 0F8B96647BAEE41953B838F8E29C7069 ] C:\WINDOWS\system32\basesrv.dll
19:21:47.0500 2364  [ 699CDBDEC3B80E87D5939C983FD980FC ] C:\WINDOWS\system32\winsrv.dll
19:21:47.0531 2364  [ 699CDBDEC3B80E87D5939C983FD980FC ] C:\WINDOWS\system32\winsrv.dll
19:21:47.0562 2364  [ 32F091E3425759B126760F44B5E931C9 ] C:\WINDOWS\system32\services.exe
19:21:47.0562 2364  [Global] - ok
19:21:47.0578 2364  ================ Scan MBR ==================================
19:21:47.0687 2364  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:21:47.0953 2364  \Device\Harddisk0\DR0 - ok
19:21:47.0968 2364  ================ Scan VBR ==================================
19:21:47.0984 2364  [ EA94D32937FA5187734BFA06328F030B ] \Device\Harddisk0\DR0\Partition1
19:21:47.0984 2364  \Device\Harddisk0\DR0\Partition1 - ok
19:21:48.0000 2364  ============================================================
19:21:48.0000 2364  Scan finished
19:21:48.0000 2364  ============================================================
19:21:48.0015 1608  Detected object count: 1
19:21:48.0015 1608  Actual detected object count: 1
19:22:21.0343 1608  C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
19:22:27.0046 1608  Backup copy found, using it..
19:22:27.0062 1608  C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
19:22:27.0062 1608  ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
19:23:37.0031 1000  Deinitialize success
Avatar billede Coldize Nybegynder
18. september 2012 - 19:30 #19
Der var lige en lille ekstra log fil på 4 kb som jeg ikke ved om du også vil have herind.
Her er den
19:25:14.0765 0360  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:25:15.0265 0360  ============================================================
19:25:15.0265 0360  Current date / time: 2012/09/18 19:25:15.0265
19:25:15.0265 0360  SystemInfo:
19:25:15.0265 0360 
19:25:15.0296 0360  OS Version: 5.1.2600 ServicePack: 3.0
19:25:15.0296 0360  Product type: Workstation
19:25:15.0296 0360  ComputerName: BJERGLY
19:25:15.0296 0360  UserName: HJC
19:25:15.0296 0360  Windows directory: C:\WINDOWS
19:25:15.0296 0360  System windows directory: C:\WINDOWS
19:25:15.0296 0360  Processor architecture: Intel x86
19:25:15.0296 0360  Number of processors: 1
19:25:15.0296 0360  Page size: 0x1000
19:25:15.0296 0360  Boot type: Normal boot
19:25:15.0296 0360  ============================================================
19:25:21.0218 0360  BG loaded
19:25:22.0968 0360  Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:25:22.0984 0360  ============================================================
19:25:22.0984 0360  \Device\Harddisk0\DR0:
19:25:23.0000 0360  MBR partitions:
19:25:23.0000 0360  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x4A757FC
19:25:23.0000 0360  ============================================================
19:25:23.0062 0360  C: <-> \Device\Harddisk0\DR0\Partition1
19:25:23.0125 0360  ============================================================
19:25:23.0125 0360  Initialize success
19:25:23.0125 0360  ============================================================
19:26:32.0828 1648  Deinitialize success
Avatar billede Coldize Nybegynder
18. september 2012 - 19:44 #20
Og hermed den sidste del af opgaven.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-18 19:31:29
-----------------------------
19:31:29.734    OS Version: Windows 5.1.2600 Service Pack 3
19:31:29.734    Number of processors: 1 586 0x207
19:31:29.734    ComputerName: BJERGLY  UserName: HJC
19:31:30.265    Initialize success
19:32:57.406    AVAST engine defs: 12091400
19:33:09.125    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:33:09.125    Disk 0 Vendor: HITACHI_DK23EB-40 00K0A0C0 Size: 38154MB BusType: 3
19:33:09.140    Disk 0 MBR read successfully
19:33:09.140    Disk 0 MBR scan
19:33:09.203    Disk 0 Windows XP default MBR code
19:33:09.203    Disk 0 Partition 1 00    DE Dell Utility Dell 4.1      31 MB offset 63
19:33:09.203    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        38122 MB offset 64260
19:33:09.218    Disk 0 scanning sectors +78140160
19:33:09.312    Disk 0 scanning C:\WINDOWS\system32\drivers
19:33:28.906    Service scanning
19:34:08.187    Modules scanning
19:34:32.187    Disk 0 trace - called modules:
19:34:32.203    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:34:32.718    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a681ab8]
19:34:32.718    3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a60db00]
19:34:33.078    AVAST engine scan C:\WINDOWS
19:35:05.562    AVAST engine scan C:\WINDOWS\system32
19:36:25.109    File: C:\WINDOWS\system32\msexch40T.dll  **INFECTED** Win32:MalOb-EI [Cryp]
19:38:42.281    AVAST engine scan C:\WINDOWS\system32\drivers
19:39:06.750    AVAST engine scan C:\Documents and Settings\HJC
19:41:06.968    File: C:\Documents and Settings\HJC\Lokale indstillinger\Application Data\wlbls.exe  **INFECTED** Win32:MalOb-GF [Cryp]
19:41:23.734    AVAST engine scan C:\Documents and Settings\All Users
19:43:06.140    Scan finished successfully
19:43:41.625    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HJC\Skrivebord\MBR.dat"
19:43:41.625    The log file has been saved successfully to "C:\Documents and Settings\HJC\Skrivebord\aswMBR.txt"
Avatar billede f-arn Guru
18. september 2012 - 21:45 #21
Lad os prøve en anden tilgang.

------

Hent og installer ERUNT: http://www.derfisch.de/lars/erunt-setup.exe

Start den og lad den lave en Backup af Registreringsdatabasen.

Du skal ikke la' den starte Automatisk :exclaim:

------

Fjern Alle USB nøgler og Externe Harddiske før du kører programmet.

Hent og gem RogueKiller på dit skrivebord.

Den kan også hentes her

Luk alle vinduer og kør "RogueKiller" (Hvis den blokeres, kør den flere gange)

Hvis den slet ikke vil køre, prøv at omdøbe den til winlogon.exe

Lad det indledende scan køre.

Tryk SCAN.

Når den har scannet færdig, trykker du på Delete.

Genstart og send de logs den laver herind.
Avatar billede Coldize Nybegynder
19. september 2012 - 18:42 #22
Med hensyn til at jeg skal fjerne alle USB stik.. Gælder det også det til en trådløse mus??
Avatar billede Coldize Nybegynder
19. september 2012 - 19:03 #23
Okay, RK lagde to rapporter på skrivebordet.

Hermed den sidste af dem.:

RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HJC [Admin rights]
Mode : Remove -- Date : 09/19/2012 18:58:23

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI_DK23EB-40 +++++
--- User ---
[MBR] 58d2b5222840e7b4a468ad5b04d2aa34
[BSP] da044a12a9e455db31201c79935b99ad : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 38122 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Avatar billede f-arn Guru
19. september 2012 - 19:05 #24
Hvis du har en almindelig mus, er det bedst at bruge den.
Avatar billede Coldize Nybegynder
19. september 2012 - 19:08 #25
Okay. jeg forsøgte at scanne. Der skete heldigvis ikke noget.
Jeg har nemlig ikke lige en alm. mus "ved hånden".
Avatar billede f-arn Guru
19. september 2012 - 19:35 #26
OK - vi prøver noget udenfor Windows.

Du skal bruge en CD og en USB nøgle til dette:

Hent http://oldtimer.geekstogo.com/OTLPENet.exe

Og gem den på dit Skrivebord.

Til 32 bit Windows, hent Farbar Recovery Scan Tool og gem den på en USB nøgle.

Sæt en CD i dit CD drev, og start OTLPENet.exe

Den laver en Boot CD, som du skal starte den ramte PC med.

Start PCen op med REATOGO-X-PE som du lige har lavet, og find din USB nøgle. (Da det kører på en CD, går det ikke just hurtigt)

Start Farbar Recovery Scan Tool og klik på Scan.

Når den er færdig lukker du REATOGO-X-PE og sender FRST.txt herind.
Avatar billede Coldize Nybegynder
19. september 2012 - 19:40 #27
Jeg har ikke en CD eller USB nøgle pt. Skal jeg lige ha fat i, men har mulighed for at kigge på det imorgen efter arbejde..

Smider .txt teksten herind så snart det er gjort. :)
Avatar billede f-arn Guru
21. september 2012 - 23:22 #28
Har du opgivet ?
Avatar billede Coldize Nybegynder
22. september 2012 - 14:17 #29
Nej havde bare en masse ting jeg skulle ordne også, men går i gang om et split øjeblik.. Sender loggen ind asap.
Avatar billede Coldize Nybegynder
24. september 2012 - 20:01 #30
Jeg har en kammerat der kiggede på det sidste af den, (tror han syntes jeg virkede en "smule" irriteret på computeren til sidst. hehe)

Han har ordnet resten nu, men syntes selv at det mest arbejde blev klaret med hjælp herinde fra.

Jeg syntes derfor at du, f-arn skal ha' point for tålmodighed, hjælpsomhed og god ekspertise, derfor må du meget gerne smide et svar ind så du kan få de 60 point. :)
Avatar billede f-arn Guru
24. september 2012 - 21:50 #31
OK :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester