| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira meldet ständig Befall mit Tr/atraps.gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.10.2012, 19:23
| #1 |
| |  Avira meldet ständig Befall mit Tr/atraps.gen2 Hallo Wie im Titel beschrieben meldete Avira ständig neuen Befall mit TR/ATRAPS.GEN2. Habe dann Malwarebyes Antiwalmare einmal im schnell-scan-modus laufen lassen, wo 4 viren entdeckt wurden. Dannach nur noch sporadischer Befall. Im Vollscan-modus wurde dann noche ein Virus gefunden. Dannach keine Alarme mehr von Avira. Ein Schnellscan und ein Vollscan mit Malware danach ohne Fund. Habe dann auf eure Seite geschaut. Und dann steht immer wieder: Selbst beim ausbleiben der Fehlermeldungen kann der Rechner immer noch befallen sein. Poste also die von euch geforderten OTL und GMER logs. TL logfile created on: 09-10-2012 22:54:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Lars\Dokumenter\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy 2,75 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 77,41% Memory free 4,59 Gb Paging File | 4,04 Gb Available in Paging File | 87,93% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer Drive C: | 298,08 Gb Total Space | 217,51 Gb Free Space | 72,97% Space Free | Partition Type: NTFS Drive D: | 596,16 Gb Total Space | 516,34 Gb Free Space | 86,61% Space Free | Partition Type: NTFS Computer Name: ANTECE8400 | User Name:johnrambo| Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\johnrambo\Dokumenter\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programmer\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programmer\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programmer\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programmer\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programmer\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programmer\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\WINDOWS\system32\WDBtnMgr.exe (Western Digital Technologies, Inc.) PRC - C:\Programmer\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programmer\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Programmer\Fælles filer\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programmer\GIGABYTE\ET6\GUI.exe () PRC - C:\Programmer\WD\WD Anywhere Backup\MemeoBackup.exe (Memeo Inc.) PRC - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe (Linksys) PRC - C:\Programmer\Fælles filer\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe (GEMTEKS) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) PRC - C:\Programmer\Logitech\Video\LogiTray.exe (Logitech Inc.) PRC - C:\Programmer\Logitech\Video\FxSvr2.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programmer\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\Programmer\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programmer\Fælles filer\Apple\Apple Application Support\zlib1.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programmer\OpenOffice.org 3\program\libxml2.dll () MOD - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Programmer\GIGABYTE\ET6\MFCCPU.dll () MOD - C:\Programmer\GIGABYTE\ET6\GVTunner.dll () MOD - C:\Programmer\GIGABYTE\ET6\Normal.dll () MOD - C:\Programmer\GIGABYTE\ET6\OCK.dll () MOD - C:\Programmer\GIGABYTE\ET6\work.dll () MOD - C:\Programmer\GIGABYTE\ET6\HM.dll () MOD - C:\Programmer\GIGABYTE\ET6\SF.dll () MOD - C:\Programmer\GIGABYTE\ET6\ycc.dll () MOD - C:\Programmer\GIGABYTE\ET6\CIAMIB.dll () MOD - C:\Programmer\GIGABYTE\ET6\GUI.exe () MOD - C:\WINDOWS\system32\ssp2ml3.dll () MOD - C:\WINDOWS\system32\redmonnt.dll () MOD - C:\Programmer\WD\WD Anywhere Backup\sqlite3.dll () MOD - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\Security.dll () MOD - C:\Programmer\GIGABYTE\ET6\Sound.dll () MOD - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\GEMWEP.DLL () ========== Services (SafeList) ========== SRV - (WMP54Gv4SVC) -- C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (JavaQuickStarterService) -- C:\Programmer\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programmer\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Programmer\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Programmer\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programmer\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (Apple Mobile Device) -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Fabs) -- C:\Programmer\Fælles filer\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programmer\Fælles filer\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (IDriverT) -- C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (SSPORT) -- C:\WINDOWS\system32\Drivers\SSPORT.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (Changer) -- File not found DRV - (GVTDrv) -- C:\WINDOWS\system32\drivers\GVTDrv.sys () DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.) DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.) DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.) DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation) DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_da IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programmer\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programmer\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Programmer\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmer\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programmer\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programmer\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programmer\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmer\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmer\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Programmer\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmer\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2012-09-19 17:19:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins [2012-09-19 17:20:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lars\Application Data\Mozilla\Extensions [2012-09-22 20:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnrambo\Application Data\Mozilla\Firefox\Profiles\28s6n179.default\extensions [2011-03-11 20:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnrambo\Application Data\Mozilla\Firefox\Profiles\3fm2ldce.default\extensions [2011-03-11 20:41:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\johnrambo\Application Data\Mozilla\Firefox\Profiles\3fm2ldce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2) [2012-09-19 17:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions [2012-09-06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programmer\mozilla firefox\components\browsercomps.dll [2012-09-06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\amazondotcom-de.xml [2012-09-06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\bing.xml [2012-09-06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\eBay-de.xml [2012-09-06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\leo_ende_de.xml [2012-09-06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\wikipedia-de.xml [2012-09-06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011-03-05 00:14:03 | 000,430,605 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14825 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE File not found O4 - HKLM..\Run: [avgnt] C:\Programmer\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EasyTuneVI] C:\Programmer\GIGABYTE\ET6\ETcall.exe () O4 - HKLM..\Run: [ISUSPM] C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe (Logitech Inc.) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [TrayServer] C:\Programmer\MAGIX\Video_deluxe_16_Premium\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.) O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004..\Run: [fsm] File not found O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\OpenOffice.org 3.1.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\Gemeinsames\Menuen Start\Programmer\Start\OpenOffice.org 3.1.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\OpenOffice.org 3.1.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\WD Anywhere Backup Launcher.lnk = C:\Documents and Settings\Lars\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Programmer\Bonjour\mdnsNSP.dll File not found O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites) O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites) O15 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..Trusted Domains: danid.dk ([]http in Trusted sites) O15 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..Trusted Domains: danid.dk ([]https in Trusted sites) O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.145.0.cab (Battlefield Heroes Updater) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab (e-Safekey) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A09AC428-9126-49A4-ABB0-142D3DF7D1B7}: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - No CLSID value found. O24 - Desktop Components:0 (Min aktuelle startside) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-19 11:09:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3f1bc4c2-d0b7-11df-affb-00241d143f7c}\Shell - "" = AutoRun O33 - MountPoints2\{3f1bc4c2-d0b7-11df-affb-00241d143f7c}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{5d1ebb40-ac03-11e1-b3fb-00241d143f7c}\Shell - "" = AutoRun O33 - MountPoints2\{5d1ebb40-ac03-11e1-b3fb-00241d143f7c}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8e3a4274-a8db-11e1-b3e5-00241d143f7c}\Shell - "" = AutoRun O33 - MountPoints2\{8e3a4274-a8db-11e1-b3e5-00241d143f7c}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8e3a4277-a8db-11e1-b3e5-00241d143f7c}\Shell - "" = AutoRun O33 - MountPoints2\{8e3a4277-a8db-11e1-b3e5-00241d143f7c}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{fd541bd2-6d63-11de-acbc-00241d143f7c}\Shell - "" = AutoRun O33 - MountPoints2\{fd541bd2-6d63-11de-acbc-00241d143f7c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012-10-09 22:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\Sun [2012-10-09 22:42:12 | 000,000,000 | ---D | C] -- C:\Programmer\Fælles filer\Java [2012-10-09 22:41:47 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012-10-09 22:41:47 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012-10-09 22:41:42 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012-10-08 21:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Malwarebytes' Anti-Malware [2012-10-08 21:48:22 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012-10-08 21:48:22 | 000,000,000 | ---D | C] -- C:\Programmer\Malwarebytes' Anti-Malware [2012-09-22 23:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee [2012-09-19 23:41:07 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-09-19 17:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lars\Dokumenter\Downloads [2012-09-19 17:19:56 | 000,000,000 | ---D | C] -- C:\Programmer\Mozilla Maintenance Service [2012-09-19 17:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012-09-19 17:19:54 | 000,000,000 | ---D | C] -- C:\Programmer\Mozilla Firefox [2011-04-30 18:03:57 | 000,638,816 | ---- | C] (Microsoft Corporation) -- C:\Programmer\iexplore.exe [2005-12-13 17:12:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\stdole.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-10-09 22:50:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-10-09 22:41:32 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012-10-09 22:41:31 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012-10-09 22:41:31 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2012-10-09 22:41:31 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012-10-09 22:41:31 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012-10-09 22:41:31 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012-10-09 22:41:31 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012-10-09 22:38:23 | 000,448,032 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat [2012-10-09 22:38:23 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-10-09 22:38:23 | 000,078,430 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat [2012-10-09 22:38:23 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-10-09 22:34:45 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys [2012-10-09 22:34:45 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref [2012-10-09 22:34:12 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys [2012-10-09 22:34:12 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\WD Anywhere Backup Launcher.lnk [2012-10-09 22:34:11 | 000,201,044 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012-10-09 22:34:11 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-10-09 22:34:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-10-09 22:30:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-10-09 22:28:29 | 000,001,719 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Adobe Reader X.lnk [2012-10-09 22:16:00 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1957994488-839522115-1008UA.job [2012-10-09 20:16:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1957994488-839522115-1008Core.job [2012-10-09 18:50:15 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012-10-09 18:50:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012-10-08 21:48:25 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\ Malwarebytes Anti-Malware .lnk [2012-10-08 21:43:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-10-07 10:59:49 | 000,139,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2012-10-07 10:59:44 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2012-10-06 22:41:17 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0 [2012-10-06 19:26:46 | 000,000,009 | ---- | M] () -- C:\END [2012-09-19 17:19:56 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\johnrambo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012-09-19 17:19:56 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk [2012-09-18 23:58:09 | 000,007,633 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\publikationer.odt [2012-09-18 23:45:38 | 000,017,995 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\motiveret ansøgning lektor.odt [2012-09-18 21:14:37 | 000,137,885 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\anbefaling.pdf [2012-09-18 19:33:23 | 000,002,248 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\kvittering.pdf [2012-09-13 20:27:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012-10-09 22:28:29 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Adobe Reader X.lnk [2012-10-09 22:28:29 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Adobe Reader X.lnk [2012-10-08 21:48:25 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\ Malwarebytes Anti-Malware .lnk [2012-10-07 22:08:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2012-10-06 19:26:38 | 000,000,009 | ---- | C] () -- C:\END [2012-09-19 23:41:07 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-09-19 17:19:56 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\johnrambo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012-09-19 17:19:56 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Mozilla Firefox.lnk [2012-09-19 17:19:56 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk [2012-09-18 23:58:09 | 000,007,633 | ---- | C] () -- C:\Documents and Settings\johnrambo\Skrivebord\publikationer.odt [2012-09-18 23:40:29 | 000,017,995 | ---- | C] () -- C:\Documents and Settings\johnramboSkrivebord\motiveret ansøgning lektor.odt [2012-09-18 21:14:37 | 000,137,885 | ---- | C] () -- C:\Documents and Settings\johnrambo\Skrivebord\anbefaling.pdf [2012-09-18 19:33:23 | 000,002,248 | ---- | C] () -- C:\Documents and Settings\johnrambo\Skrivebord\kvittering.pdf [2012-08-02 17:46:05 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2012-08-02 17:46:01 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2012-08-02 17:45:29 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2012-02-19 13:01:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011-11-25 22:12:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2011-09-11 20:12:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe [2011-09-11 20:12:13 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2011-08-11 23:08:06 | 000,000,073 | ---- | C] () -- C:\WINDOWS\PRIVAT~1.INI [2011-07-02 13:51:24 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Speed.INI [2011-07-02 12:29:40 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys [2011-03-09 19:03:20 | 000,031,768 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011-03-09 18:26:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011-03-04 15:16:45 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Lars\.recently-used.xbel [2010-11-04 18:24:37 | 019,657,194 | ---- | C] () -- C:\Programmer\vlc-1.1.4-win32.exe [2010-10-17 10:46:13 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010-03-25 00:35:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\johnrambo\temp.dat [2009-07-08 15:57:40 | 000,007,775 | ---- | C] () -- C:\Documents and Settings\johnrambo\Application Data\.civclientrc [2009-06-20 21:38:28 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-08-02 14:20:28 | 000,220,184 | ---- | C] ( ) -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\Interop.Microsoft.Office.Core.dll ========== ZeroAccess Check ========== [2009-12-14 23:29:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009-04-29 06:34:54 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = fastprox.dll -- [2009-02-09 12:53:27 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 18:05:37 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011-11-25 22:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2009-06-19 16:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey [2009-09-24 18:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IVANOFF [2010-01-05 22:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX [2010-07-06 17:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Memeo [2012-05-22 18:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files [2010-05-24 18:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games [2010-05-31 20:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2012-05-21 22:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tivola [2010-05-26 16:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualDecor [2010-07-06 17:23:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\WD [2010-02-10 18:13:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6} [2010-11-10 12:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009-08-16 10:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2012-06-09 16:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\.minecraft [2011-11-25 22:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Babylon [2011-11-25 22:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\BabylonToolbar [2010-12-09 14:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\LEGO Company [2011-12-04 17:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Minecrafter [2011-05-15 18:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Octoshape [2010-03-06 10:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\OpenOffice.org [2012-10-09 21:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\PriceGong [2011-05-15 13:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Unity [2012-04-23 08:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gast\Application Data\BabylonToolbar [2012-04-23 08:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gast\Application Data\PriceGong [2011-12-06 11:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemeinsames\Application Data\BabylonToolbar [2010-04-15 13:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemeinsames\Application Data\Canon [2010-04-10 11:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemeinsames\Application Data\OpenOffice.org [2009-07-08 15:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\.freeciv [2011-11-26 10:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\BabylonToolbar [2012-02-02 14:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Canon [2010-02-10 18:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Cryptomathic [2010-03-14 23:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\DeepBurner [2011-01-28 15:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\gtk-2.0 [2010-03-23 18:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\innoPlus [2010-01-05 22:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\MAGIX [2012-07-24 04:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\My Games [2009-06-23 22:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\OpenOffice.org [2011-03-09 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Opera [2012-10-09 22:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\PriceGong ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404800E7 < End of report > OTL Extras logfile created on: 09-10-2012 22:54:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\johnrambo\Dokumenter\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy 2,75 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 77,41% Memory free 4,59 Gb Paging File | 4,04 Gb Available in Paging File | 87,93% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer Drive C: | 298,08 Gb Total Space | 217,51 Gb Free Space | 72,97% Space Free | Partition Type: NTFS Drive D: | 596,16 Gb Total Space | 516,34 Gb Free Space | 86,61% Space Free | Partition Type: NTFS Computer Name: ANTECE8400 | User Name:johnrambo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programmer\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programmer\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programmer\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver "{350C9406-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes "{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01 "{41779D63-3B63-438A-A137-BE528E505E2F}" = Den Store Danske Encyklopædi "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1009.1 "{47985AEA-2CA2-3344-851E-BA4DC9101C68}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DAN "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = Digital Signatur "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.03 "{B69349AE-2D41-3708-8BA4-4DC22645CA04}" = Microsoft .NET Framework 3.5 Language Pack SP1 - dan "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoPlus "{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup "{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D142BEFF-D093-46FA-BBD7-79994DB4EE82}" = En Verden med Matematik "{DFCB15E0-969C-3E74-8654-F5978478E876}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DAN "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "7-Zip" = 7-Zip 9.20 "adgangforalle.dk 2.1" = adgangforalle.dk 2.1 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "AudibleManager" = AudibleManager "AudioCon" = AudioCon "Avira AntiVir Desktop" = Avira Free Antivirus "CANONBJ_Deinstall_CNMCP3k.DLL" = Canon S820 "CASAnova_is1" = CASAnova Version 3.3 "CCleaner" = CCleaner "Digital Editions" = Adobe Digital Editions "Digital Signatur" = Digital Signatur "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Furnish Pro" = Furnish Pro "ie8" = Windows Internet Explorer 8 "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1009.1 "MAGIX 3D Maker D" = MAGIX 3D Maker (embeded) "MAGIX Screenshare D" = MAGIX Screenshare "MAGIX Speed burnR D" = MAGIX Speed burnR "MAGIX Video deluxe 16 Premium D" = MAGIX Video deluxe 16 Premium 9.0.0.54 (D) "MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Microsoft .NET Framework 3.5 Language Pack SP1 - dan" = Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "Nykredit Privatbudget" = Nykredit Privatbudget "Picasa 3" = Picasa 3 "Pixie_is1" = Pixie 1.7.6 "PunkBusterSvc" = PunkBuster Services "QcDrv" = Logitech® Camera-driver "Room328Designer" = Room328Designer "Samsung ML-1640 Series" = Samsung ML-1640 Series "UnityWebPlayer" = Unity Web Player (All users) "VLC media player" = VLC media player 1.0.3 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.8 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08-10-2012 14:26:42 | Computer Name = ANTECE8400 | Source = Application Error | ID = 1000 Description = Fejlagtigt program spywareterminatorupdate.exe, version 3.0.0.39, fejlagtigt modul torrentdll.dll, version 3.0.0.1, fejlagtig adresse 0x00132780. [ System Events ] Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023 Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126 Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023 Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126 Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023 Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126 Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023 Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126 Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023 Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126 Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023 Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126 Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023 Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126 Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023 Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126 Error - 09-10-2012 16:44:08 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023 Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126 Error - 09-10-2012 16:44:08 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023 Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126 < End of report > GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-10-10 06:30:58 Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Scsi\nvgts1Port2Path3Target3Lun0 SAMSUNG_ rev.1AG0 Running: 7docgel7.exe; Driver: C:\DOCUME~1\johnrambo\LOKALE~1\Temp\pwdirfow.sys ---- System - GMER 1.0.15 ---- SSDT A29CF72E ZwCreateKey SSDT A29CF724 ZwCreateThread SSDT A29CF733 ZwDeleteKey SSDT A29CF73D ZwDeleteValueKey SSDT A29CF742 ZwLoadKey SSDT A29CF710 ZwOpenProcess SSDT A29CF715 ZwOpenThread SSDT A29CF74C ZwReplaceKey SSDT A29CF747 ZwRestoreKey SSDT A29CF738 ZwSetValueKey ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8A57360, 0x32DEFD, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Programmer\Mozilla Firefox\firefox.exe[2900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01210C00 C:\Programmer\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Programmer\Mozilla Firefox\firefox.exe[2900] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01447B4C C:\Programmer\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Programmer\Mozilla Firefox\firefox.exe[2900] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01447B29 C:\Programmer\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Programmer\Mozilla Firefox\firefox.exe[2900] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 01213FAC C:\Programmer\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Programmer\Mozilla Firefox\firefox.exe[2900] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01447AAA C:\Programmer\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- EOF - GMER 1.0.15 ---- Ups. Habe gerade bemerkt dass einiges auf dänisch geschrieben ist. Denke aber die wesentlichen Informationen sind auf englisch. Skrivebord = Schreibtisch Alter Kieler, wohne jetzt in DK. Hoffe Ihr könnt mir helfen. Med venlig hilsen Johnrambo |
|
11.10.2012, 07:21
| #2 |
| /// the machine /// TB-Ausbilder    | Avira meldet ständig Befall mit Tr/atraps.gen2 Hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.
__________________ |
|
11.10.2012, 23:24
| #3 |
| | Avira meldet ständig Befall mit Tr/atraps.gen2 Sorry war erst spät am PC.....habe Nachtschicht morgen, dh erst wieder samstagmorgen an diesem PC.
__________________Es gab ein "hoffentlich kleines" Problem. Habe Combofix heruntergelasden, Avira Echtzeitscanner deaktiviert wie "befohlen", und combofix gestartet. Dann kam die Fehlermeldung vom combofix das der Avira Echtzeitscanner noch aktiv ist. Konnte combofix nicht "stoppen", habe dann Avira deinstalliert und danach mit combofix weiter gemacht. Hier das Ergebniss Code:
ATTFilter ComboFix 12-10-11.03 - Lars 12-10-2012 0:07.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2814.2052 [GMT 2:00]
Kører fra: c:\documents and settings\Lars\Skrivebord\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Dannede nyt systemgendannelsespunkt
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Einar\WINDOWS
c:\documents and settings\Gast\Application Data\PriceGong
c:\documents and settings\Gast\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Gast\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Lars\Application Data\PriceGong
c:\documents and settings\Lars\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\11186.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\15286.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\15417.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\2260.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\2620.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\450.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\6101.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\6269.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\6627.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\7427.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\8582.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\9514.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Lars\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Lars\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Lars\WINDOWS
c:\programmer\iexplore.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\mswmpdat.tlb
c:\windows\system32\SET91.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\wmcache.nld
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2012-09-11 til 2012-10-11 )))))))))))))))))))))))))))))))))))
.
.
2012-10-09 20:42 . 2012-10-09 20:42 -------- d-----w- c:\documents and settings\Lars\Lokale indstillinger\Application Data\Sun
2012-10-09 20:42 . 2012-10-09 20:42 -------- d-----w- c:\programmer\Fælles filer\Java
2012-10-09 20:41 . 2012-10-09 20:41 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-09 20:41 . 2012-10-09 20:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 19:48 . 2012-10-08 19:48 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2012-10-08 19:48 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-07 20:08 . 2011-06-21 09:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2012-09-22 21:41 . 2012-09-22 21:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2012-09-19 21:41 . 2012-10-09 16:50 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-19 15:19 . 2012-09-19 15:19 -------- d-----w- c:\programmer\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 15:30 . 2011-07-02 10:29 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2012-10-11 15:30 . 2009-06-19 09:17 16608 ----a-w- c:\windows\gdrv.sys
2012-10-09 20:41 . 2010-11-23 18:28 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-09 20:41 . 2009-11-26 15:44 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-09 16:50 . 2011-05-16 19:14 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-07 08:59 . 2012-08-02 15:46 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-07 08:59 . 2012-08-02 15:46 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-07 08:59 . 2011-08-05 14:47 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-10-06 20:41 . 2012-08-02 15:46 270240 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-28 15:17 . 2004-08-26 15:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:17 . 2004-08-26 15:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:17 . 2004-08-26 15:53 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-26 15:48 385024 ------w- c:\windows\system32\html.iec
2012-08-27 12:27 . 2012-08-02 15:45 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-08-24 13:53 . 2004-08-26 15:53 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2004-08-26 17:50 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2004-08-26 15:50 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-04 16:24 . 2010-11-04 16:24 19657194 ----a-w- c:\programmer\vlc-1.1.4-win32.exe
2012-09-06 01:26 . 2012-09-19 15:19 266720 ----a-w- c:\programmer\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-31 39408]
"LogitechSoftwareUpdate"="c:\programmer\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-09 16851968]
"TrayServer"="c:\programmer\MAGIX\Video_deluxe_16_Premium\TrayServer.exe" [2008-08-07 90112]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-15 614400]
"WD Button Manager"="WDBtnMgr.exe" [2010-07-06 364544]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"ISUSPM"="c:\programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"EasyTuneVI"="c:\programmer\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\programmer\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\programmer\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe ARM"="c:\programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Gemeinsames\Menuen Start\Programmer\Start\
OpenOffice.org 3.1.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\Lars\Menuen Start\Programmer\Start\
OpenOffice.org 3.1.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
WD Anywhere Backup Launcher.lnk - c:\documents and settings\Lars\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe [2010-7-6 17542]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programmer\Fælles filer\MAGIX Services\Database\bin\FABS.exe [06-05-2009 19:53 1220608]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [24-09-2008 17:09 41376]
R4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys --> c:\windows\system32\DRIVERS\avkmgr.sys [?]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [08-02-2010 01:58 135664]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13-08-2012 13:33 3064000]
S2 SkypeUpdate;Skype Updater;c:\programmer\Skype\Updater\Updater.exe [13-07-2012 13:28 160944]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [19-09-2012 23:41 250808]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [31-07-2011 21:33 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [31-07-2011 21:33 20864]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [31-07-2011 21:33 19968]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [31-07-2011 21:33 24960]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmer\Fælles filer\MAGIX Services\Database\bin\fbserver.exe [07-08-2008 12:10 3276800]
S3 gupdatem;Google Update Tjeneste (gupdatem);c:\programmer\Google\Update\GoogleUpdate.exe [08-02-2010 01:58 135664]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmer\Mozilla Maintenance Service\maintenanceservice.exe [19-09-2012 17:19 114144]
SUnknown GVTDrv;GVTDrv; [x]
.
--- Andre Services/Drivers i Hukommelsen ---
.
*Deregistered* - avipbb
.
Indhold af mappen 'Planlagte Opgaver'
.
2012-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 16:50]
.
2012-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 23:58]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-02-07 23:58]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1957994488-839522115-1008Core.job
- c:\documents and settings\Gemeinsames\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2011-04-16 23:44]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1957994488-839522115-1008UA.job
- c:\documents and settings\Gemeinsames\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2011-04-16 23:44]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.de/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: danid.dk
Trusted Zone: danid.dk
TCP: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51
FF - ProfilePath - c:\documents and settings\Lars\Application Data\Mozilla\Firefox\Profiles\28s6n179.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - TOMME GENVEJE FJERNET - - - -
.
HKCU-Run-fsm - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-12 00:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
scanner skjulte filer ...
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_ rev.1AG0 -> Harddisk1\DR1 -> \Device\Scsi\nvgts1Port2Path2Target2Lun0
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-1957994488-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:8b,22,19,52,8b,72,08,99,e2,a6,25,fe,60,f8,c2,d2,82,8c,00,87,18,
24,b7,6f,b4,90,2c,6d,54,2f,d6,4d,0c,65,68,27,81,15,1b,30,47,77,d7,14,bf,c6,\
"rkeysecu"=hex:a5,0d,ff,95,bd,fa,d9,68,65,df,d0,d5,6d,1f,4a,f7
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Philips\GoGear SA19xx]
@DACL=(02 0000)
.
Gennemført tid: 2012-10-12 00:12:30
ComboFix-quarantined-files.txt 2012-10-11 22:12
.
Pre-Kørsel: 233.832.923.136 byte ledig
Post-Kørsel: 283.207.438.336 byte ledig
.
WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 804FCFF157E86823EF020F6CFEC9FBF4
Was emphiehlst du+ Wie gesagt lass dir Zeit bin erst Samstagmorgen wieder an meinem Heim-PC. Hilsen aus DK Johnrambo |
|
12.10.2012, 06:02
| #4 |
| /// the machine /// TB-Ausbilder | Avira meldet ständig Befall mit Tr/atraps.gen2 Am Besten Avast installieren. Update Malwarebytes, Quick Scan, Funde löschen lassen, Log posten. ESET Online Scanner
Und poste ein frisches OTL logfile. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.10.2012, 15:25
| #5 |
| | Avira meldet ständig Befall mit Tr/atraps.gen2 Danke Schrauber! Bin auf Arbeit ;-), also nicht am infiziertem Heim-PC. Mir ist nicht ganz klar ob ich erst: "Update Malwarebytes, Quick Scan, Funde löschen lassen, Log posten." ausführen soll, deine antwort abwarten und dann ESET-online scanning machen soll oder einfach alles hintereinander und dann alles posten?? Installiere als erstes ersteinmal Avast..oder? Hilsen Lars |
|
12.10.2012, 15:26
| #6 |
| /// the machine /// TB-Ausbilder | Avira meldet ständig Befall mit Tr/atraps.gen2 Installier zuerst, genau. Alles was ich in einer Antwort poste kannst Du auch am Stück abarbeiten 
__________________ --> Avira meldet ständig Befall mit Tr/atraps.gen2 |
|
13.10.2012, 12:04
| #7 |
| | Avira meldet ständig Befall mit Tr/atraps.gen2 Moin Hier der aktuelle Malware-quickscan Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.13.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Lars :: ANTECE8400 [Administrator] 13-10-2012 11:22:11 mbam-log-2012-10-13 (11-22-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 254819 Laufzeit: 5 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\Documents and Settings\johnrambo\Lokale indstillinger\Temp\94539674-BAB0-7891-AB43-2FAEC30A5F98\MyBabylonTB.exe Win32/Toolbar.Babylon application
Code:
ATTFilter OTL logfile created on: 13-10-2012 12:42:20 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\johnrambo\Dokumenter\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy
2,75 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 70,75% Memory free
4,59 Gb Paging File | 4,02 Gb Available in Paging File | 87,49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 298,08 Gb Total Space | 262,84 Gb Free Space | 88,18% Space Free | Partition Type: NTFS
Drive D: | 596,16 Gb Total Space | 515,59 Gb Free Space | 86,48% Space Free | Partition Type: NTFS
Computer Name: ANTECE8400 | User Name: johnrambo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\johnrambo\Dokumenter\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Programmer\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programmer\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programmer\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programmer\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programmer\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\Programmer\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programmer\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Programmer\Fælles filer\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmer\GIGABYTE\ET6\GUI.exe ()
PRC - C:\Programmer\WD\WD Anywhere Backup\MemeoBackup.exe (Memeo Inc.)
PRC - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe (Linksys)
PRC - C:\Programmer\Fælles filer\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe (GEMTEKS)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Programmer\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Programmer\Logitech\Video\FxSvr2.exe (Logitech Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Programmer\AVAST Software\Avast\defs\12101300\algo.dll ()
MOD - C:\Programmer\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Programmer\Fælles filer\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programmer\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Programmer\GIGABYTE\ET6\MFCCPU.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\GVTunner.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\Normal.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\OCK.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\work.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\HM.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\SF.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\ycc.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\CIAMIB.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\GUI.exe ()
MOD - C:\WINDOWS\system32\ssp2ml3.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - C:\Programmer\WD\WD Anywhere Backup\sqlite3.dll ()
MOD - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\Security.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\Sound.dll ()
MOD - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\GEMWEP.DLL ()
========== Services (SafeList) ==========
SRV - (WMP54Gv4SVC) -- C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Programmer\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programmer\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programmer\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Programmer\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Programmer\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Apple Mobile Device) -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Fabs) -- C:\Programmer\Fælles filer\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programmer\Fælles filer\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (IDriverT) -- C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (SSPORT) -- C:\WINDOWS\system32\Drivers\SSPORT.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\johnrambo\LOKALE~1\Temp\catchme.sys File not found
DRV - (GVTDrv) -- C:\WINDOWS\system32\drivers\GVTDrv.sys ()
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswNdis) -- C:\WINDOWS\system32\drivers\aswNdis.sys (ALWIL Software)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_da
IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programmer\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programmer\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Programmer\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmer\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programmer\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programmer\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programmer\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmer\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmer\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Programmer\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmer\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programmer\AVAST Software\Avast\WebRep\FF [2012-10-13 11:09:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2012-09-19 17:19:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins
[2012-09-19 17:20:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnrambo\Application Data\Mozilla\Extensions
[2012-09-22 20:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnrambo\Application Data\Mozilla\Firefox\Profiles\28s6n179.default\extensions
[2011-03-11 20:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnrambo\Application Data\Mozilla\Firefox\Profiles\3fm2ldce.default\extensions
[2011-03-11 20:41:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\johnrambo\Application Data\Mozilla\Firefox\Profiles\3fm2ldce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2012-09-19 17:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2012-10-13 11:09:45 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMMER\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012-09-06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programmer\mozilla firefox\components\browsercomps.dll
[2012-09-06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012-09-06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\bing.xml
[2012-09-06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\eBay-de.xml
[2012-09-06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\leo_ende_de.xml
[2012-09-06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\wikipedia-de.xml
[2012-09-06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012-10-12 00:11:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmer\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmer\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe ARM] C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Programmer\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EasyTuneVI] C:\Programmer\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [ISUSPM] C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TrayServer] C:\Programmer\MAGIX\Video_deluxe_16_Premium\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\OpenOffice.org 3.1.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Gemeinsames\Menuen Start\Programmer\Start\OpenOffice.org 3.1.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\OpenOffice.org 3.1.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\WD Anywhere Backup Launcher.lnk = C:\Documents and Settings\johnrambo\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..Trusted Domains: danid.dk ([]https in Trusted sites)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.145.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab (e-Safekey)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A09AC428-9126-49A4-ABB0-142D3DF7D1B7}: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-19 11:09:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012-10-13 11:32:19 | 000,000,000 | ---D | C] -- C:\Programmer\ESET
[2012-10-13 11:18:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-10-13 11:15:49 | 000,113,776 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012-10-13 11:15:46 | 000,202,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012-10-13 11:15:46 | 000,018,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012-10-13 11:15:43 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012-10-13 11:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\avast! Internet Security
[2012-10-13 11:09:54 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012-10-13 11:09:54 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012-10-13 11:09:53 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012-10-13 11:09:53 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012-10-13 11:09:53 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012-10-13 11:09:53 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012-10-13 11:09:53 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012-10-13 11:09:53 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012-10-13 11:09:42 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012-10-13 11:09:41 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012-10-13 11:09:31 | 000,000,000 | ---D | C] -- C:\Programmer\AVAST Software
[2012-10-13 11:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012-10-12 00:03:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-10-12 00:03:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-10-12 00:03:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-10-12 00:03:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-10-11 23:58:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-10-11 23:58:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Administration
[2012-10-11 23:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012-10-11 23:55:29 | 004,766,830 | R--- | C] (Swearware) -- C:\Documents and Settings\johnrambo\Skrivebord\ComboFix.exe
[2012-10-09 22:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\Sun
[2012-10-09 22:42:12 | 000,000,000 | ---D | C] -- C:\Programmer\Fælles filer\Java
[2012-10-09 22:41:47 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012-10-09 22:41:47 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-10-09 22:41:42 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012-10-08 21:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Malwarebytes' Anti-Malware
[2012-10-08 21:48:22 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-10-08 21:48:22 | 000,000,000 | ---D | C] -- C:\Programmer\Malwarebytes' Anti-Malware
[2012-09-22 23:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2012-09-19 23:41:07 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-09-19 17:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnrambo\Dokumenter\Downloads
[2012-09-19 17:19:56 | 000,000,000 | ---D | C] -- C:\Programmer\Mozilla Maintenance Service
[2012-09-19 17:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012-09-19 17:19:54 | 000,000,000 | ---D | C] -- C:\Programmer\Mozilla Firefox
[2005-12-13 17:12:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\stdole.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012-10-13 12:30:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-10-13 12:16:00 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1957994488-839522115-1008UA.job
[2012-10-13 11:50:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-10-13 11:21:31 | 000,448,032 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
[2012-10-13 11:21:31 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-10-13 11:21:31 | 000,078,430 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
[2012-10-13 11:21:31 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-10-13 11:18:02 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2012-10-13 11:18:01 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2012-10-13 11:17:55 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012-10-13 11:17:29 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\WD Anywhere Backup Launcher.lnk
[2012-10-13 11:17:27 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2012-10-13 11:17:20 | 000,201,044 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012-10-13 11:17:03 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-10-13 11:16:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-10-13 11:15:46 | 000,002,708 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012-10-13 11:14:23 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\avast! Internet Security.lnk
[2012-10-13 11:02:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-10-12 00:11:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-10-11 23:55:47 | 004,766,830 | R--- | M] (Swearware) -- C:\Documents and Settings\johnrambo\Skrivebord\ComboFix.exe
[2012-10-11 20:16:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1957994488-839522115-1008Core.job
[2012-10-10 22:16:06 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-10-09 22:41:32 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012-10-09 22:41:31 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012-10-09 22:41:31 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012-10-09 22:41:31 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-10-09 22:41:31 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-10-09 22:41:31 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012-10-09 22:41:31 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012-10-09 22:28:29 | 000,001,719 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Adobe Reader X.lnk
[2012-10-09 18:50:15 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-10-09 18:50:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-10-08 21:48:25 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\ Malwarebytes Anti-Malware .lnk
[2012-10-07 10:59:49 | 000,139,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012-10-07 10:59:44 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2012-10-06 22:41:17 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2012-10-06 19:26:46 | 000,000,009 | ---- | M] () -- C:\END
[2012-09-19 17:19:56 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\johnrambo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-09-19 17:19:56 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2012-09-18 23:58:09 | 000,007,633 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\publikationer.odt
[2012-09-18 23:45:38 | 000,017,995 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\motiveret ansøgning lektor.odt
[2012-09-18 21:14:37 | 000,137,885 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\anbefaling.pdf
[2012-09-18 19:33:23 | 000,002,248 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\kvittering.pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012-10-13 11:14:23 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\avast! Internet Security.lnk
[2012-10-13 11:09:53 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012-10-13 11:04:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\GVTunner.ref
[2012-10-12 00:03:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-10-12 00:03:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-10-12 00:03:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-10-12 00:03:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-10-12 00:03:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-10-09 22:28:29 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Adobe Reader X.lnk
[2012-10-09 22:28:29 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Adobe Reader X.lnk
[2012-10-08 21:48:25 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\ Malwarebytes Anti-Malware .lnk
[2012-10-07 22:08:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2012-10-06 19:26:38 | 000,000,009 | ---- | C] () -- C:\END
[2012-09-19 23:41:07 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-09-19 17:19:56 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\johnrambo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-09-19 17:19:56 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Mozilla Firefox.lnk
[2012-09-19 17:19:56 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2012-09-18 23:58:09 | 000,007,633 | ---- | C] () -- C:\Documents and Settings\johnrambo\Skrivebord\publikationer.odt
[2012-09-18 23:40:29 | 000,017,995 | ---- | C] () -- C:\Documents and Settings\johnrambo\Skrivebord\motiveret ansøgning lektor.odt
[2012-09-18 21:14:37 | 000,137,885 | ---- | C] () -- C:\Documents and Settings\johnrambo\Skrivebord\anbefaling.pdf
[2012-09-18 19:33:23 | 000,002,248 | ---- | C] () -- C:\Documents and Settings\johnrambo\Skrivebord\kvittering.pdf
[2012-08-02 17:46:05 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012-08-02 17:46:01 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012-08-02 17:45:29 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012-02-19 13:01:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-11-25 22:12:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011-09-11 20:12:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011-09-11 20:12:13 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011-08-11 23:08:06 | 000,000,073 | ---- | C] () -- C:\WINDOWS\PRIVAT~1.INI
[2011-07-02 13:51:24 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Speed.INI
[2011-07-02 12:29:40 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2011-03-09 19:03:20 | 000,031,768 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-03-09 18:26:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-03-04 15:16:45 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\johnrambo\.recently-used.xbel
[2010-11-04 18:24:37 | 019,657,194 | ---- | C] () -- C:\Programmer\vlc-1.1.4-win32.exe
[2010-10-17 10:46:13 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-03-25 00:35:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\johnrambo\temp.dat
[2009-07-08 15:57:40 | 000,007,775 | ---- | C] () -- C:\Documents and Settings\johnrambo\Application Data\.civclientrc
[2009-06-20 21:38:28 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-08-02 14:20:28 | 000,220,184 | ---- | C] ( ) -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\Interop.Microsoft.Office.Core.dll
========== ZeroAccess Check ==========
[2009-12-14 23:29:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009-04-29 06:34:54 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 12:53:27 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 18:05:37 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012-10-13 11:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011-11-25 22:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009-06-19 16:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey
[2009-09-24 18:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IVANOFF
[2010-01-05 22:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010-07-06 17:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2012-05-22 18:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010-05-24 18:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012-05-21 22:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tivola
[2010-05-26 16:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualDecor
[2010-07-06 17:23:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\WD
[2010-02-10 18:13:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
[2010-11-10 12:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009-08-16 10:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012-06-09 16:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\.minecraft
[2011-11-25 22:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Babylon
[2011-11-25 22:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\BabylonToolbar
[2010-12-09 14:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\LEGO Company
[2011-12-04 17:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Minecrafter
[2011-05-15 18:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Octoshape
[2010-03-06 10:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\OpenOffice.org
[2012-10-09 21:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\PriceGong
[2011-05-15 13:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Unity
[2012-04-23 08:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gast\Application Data\BabylonToolbar
[2011-12-06 11:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemeinsames\Application Data\BabylonToolbar
[2010-04-15 13:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemeinsames\Application Data\Canon
[2010-04-10 11:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemeinsames\Application Data\OpenOffice.org
[2009-07-08 15:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\.freeciv
[2011-11-26 10:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\BabylonToolbar
[2012-02-02 14:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Canon
[2010-02-10 18:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Cryptomathic
[2010-03-14 23:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\DeepBurner
[2011-01-28 15:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\gtk-2.0
[2010-03-23 18:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\innoPlus
[2010-01-05 22:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\MAGIX
[2012-07-24 04:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\My Games
[2009-06-23 22:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\OpenOffice.org
[2011-03-09 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Opera
========== Purity Check ==========
< End of report >
Du fragst nach anderen Problemen. Software zum Programmentfernen, Systemaufräumen und Schlankhalten, Backup. Man findet 1000 Angebote und Meinungen im Netz. Lege grossen Wert auf deine ;-)!! Hilsen Johnrambo |
|
13.10.2012, 12:26
| #8 |
| /// the machine /// TB-Ausbilder | Avira meldet ständig Befall mit Tr/atraps.gen2 Hi, Fixen mit OTL
Code:
ATTFilter :OTL
MOD - C:\Programmer\Mozilla Firefox\mozjs.dll ()
O4 - Startup: C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\WD Anywhere Backup Launcher.lnk = C:\Documents and Settings\johnrambo\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe ()
[2011-11-25 22:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010-02-10 18:13:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
[2010-11-10 12:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009-08-16 10:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012-06-09 16:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\.minecraft
[2011-11-25 22:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Babylon
[2011-11-25 22:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\BabylonToolbar
[2012-10-09 21:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\PriceGong
[2011-05-15 13:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Unity
[2012-04-23 08:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gast\Application Data\BabylonToolbar
[2011-12-06 11:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemeinsames\Application Data\BabylonToolbar
[2011-11-26 10:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\BabylonToolbar
:Commands
[emptytemp]
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Und ein frisches OTL log bitte. Rest klären wir wenn wir durch sind
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.10.2012, 14:17
| #9 |
| | Avira meldet ständig Befall mit Tr/atraps.gen2 So alles fertig!! OTL-fix log Code:
ATTFilter All processes killed
========== OTL ==========
File move failed. C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\WD Anywhere Backup Launcher.lnk scheduled to be moved on reboot.
File C:\Documents and Settings\johnrambo\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe not found.
C:\Documents and Settings\All Users\Application Data\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
Folder C:\Documents and Settings\johnrambo\Application Data\.minecraft\ not found.
Folder C:\Documents and Settings\johnrambo\Application Data\Babylon\ not found.
Folder C:\Documents and Settings\johnrambo\Application Data\BabylonToolbar\ not found.
Folder C:\Documents and Settings\johnrambo\Application Data\PriceGong\ not found.
Folder C:\Documents and Settings\johnrambo\Application Data\Unity\ not found.
C:\Documents and Settings\Gast\Application Data\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Documents and Settings\Gemeinsames\Application Data\BabylonToolbar\BabylonToolbar folder moved successfully.
Folder C:\Documents and Settings\johnrambo\Application Data\BabylonToolbar\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Einar
->Temp folder emptied: 2041248863 bytes
->Temporary Internet Files folder emptied: 69687086 bytes
->Java cache emptied: 62906518 bytes
->Flash cache emptied: 348132 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 12118713 bytes
->Flash cache emptied: 456 bytes
User: Gemeinsames
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Java cache emptied: 13565306 bytes
->Google Chrome cache emptied: 382827998 bytes
->Flash cache emptied: 134161 bytes
User: Lars
->Temp folder emptied: 1119124 bytes
->Temporary Internet Files folder emptied: 327974 bytes
->Java cache emptied: 90754174 bytes
->FireFox cache emptied: 62163934 bytes
->Apple Safari cache emptied: 5898240 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 11238 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 82054 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2133519 bytes
%systemroot%\System32 .tmp files removed: 2660 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17690 bytes
RecycleBin emptied: 2432 bytes
Total Files Cleaned = 2.619,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10132012_144953
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\WD Anywhere Backup Launcher.lnk not found!
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter # AdwCleaner v2.004 - Logfil lavet d. 13/10/2012 kl. 14:56:26
# Opdateret d. 06/10/2012 af Xplode
# Operativ system : Microsoft Windows XP Service Pack 3 (32 bits)
# Bruger : Lars - ANTECE8400
# Boot Mode : Normal
# Kører fra : C:\Documents and Settings\Lars\Dokumenter\Downloads\adwcleaner.exe
# Indstilling [Søg]
***** [Servicer] *****
***** [Filer / Mapper] *****
Mapper Fundet : C:\Documents and Settings\All Users\Application Data\Trymedia
Mapper Fundet : C:\Documents and Settings\Einar\Application Data\Babylon
Mapper Fundet : C:\Documents and Settings\Einar\Application Data\BabylonToolbar
Mapper Fundet : C:\Documents and Settings\Einar\Application Data\PriceGong
Mapper Fundet : C:\Documents and Settings\Gast\Application Data\BabylonToolbar
Mapper Fundet : C:\Documents and Settings\Gemeinsames\Application Data\BabylonToolbar
Mapper Fundet : C:\Documents and Settings\Lars\Application Data\BabylonToolbar
Mapper Fundet : C:\Programmer\Conduit
***** [Registeret] *****
Nøgle Fundet : HKCU\Software\Conduit
Nøgle Fundet : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Nøgle Fundet : HKLM\Software\Babylon
Nøgle Fundet : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Nøgle Fundet : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Nøgle Fundet : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Nøgle Fundet : HKLM\SOFTWARE\Classes\Conduit.Engine
Nøgle Fundet : HKLM\SOFTWARE\Classes\Toolbar.CT2452474
Nøgle Fundet : HKLM\SOFTWARE\Classes\Toolbar.CT3008668
Nøgle Fundet : HKLM\SOFTWARE\Classes\Toolbar.CT3158970
Nøgle Fundet : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Nøgle Fundet : HKLM\Software\Conduit
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Nøgle Fundet : HKU\S-1-5-21-2000478354-1957994488-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?AF=100476&babsrc=NT_ss&mntrId=f822256900000000000000241d143f7c
*************************
AdwCleaner[R1].txt - [2716 octets] - [13/10/2012 14:56:26]
########## EOF - C:\AdwCleaner[R1].txt - [2776 octets] ##########
Code:
ATTFilter # AdwCleaner v2.004 - Logfil lavet d. 13/10/2012 kl. 14:59:30
# Opdateret d. 06/10/2012 af Xplode
# Operativ system : Microsoft Windows XP Service Pack 3 (32 bits)
# Bruger : Lars - ANTECE8400
# Boot Mode : Normal
# Kører fra : C:\Documents and Settings\Lars\Dokumenter\Downloads\adwcleaner.exe
# Indstilling [Slet]
***** [Servicer] *****
***** [Filer / Mapper] *****
Mapper Slettet : C:\Documents and Settings\All Users\Application Data\Trymedia
Mapper Slettet : C:\Documents and Settings\Einar\Application Data\Babylon
Mapper Slettet : C:\Documents and Settings\Einar\Application Data\BabylonToolbar
Mapper Slettet : C:\Documents and Settings\Einar\Application Data\PriceGong
Mapper Slettet : C:\Documents and Settings\Gast\Application Data\BabylonToolbar
Mapper Slettet : C:\Documents and Settings\Gemeinsames\Application Data\BabylonToolbar
Mapper Slettet : C:\Documents and Settings\Lars\Application Data\BabylonToolbar
Mapper Slettet : C:\Programmer\Conduit
***** [Registeret] *****
Nøgle Slettet : HKCU\Software\Conduit
Nøgle Slettet : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Nøgle Slettet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Nøgle Slettet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Nøgle Slettet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Nøgle Slettet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Nøgle Slettet : HKLM\Software\Babylon
Nøgle Slettet : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Nøgle Slettet : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Nøgle Slettet : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Nøgle Slettet : HKLM\SOFTWARE\Classes\Conduit.Engine
Nøgle Slettet : HKLM\SOFTWARE\Classes\Toolbar.CT2452474
Nøgle Slettet : HKLM\SOFTWARE\Classes\Toolbar.CT3008668
Nøgle Slettet : HKLM\SOFTWARE\Classes\Toolbar.CT3158970
Nøgle Slettet : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Nøgle Slettet : HKLM\Software\Conduit
Nøgle Slettet : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Udskiftet : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?AF=100476&babsrc=NT_ss&mntrId=f822256900000000000000241d143f7c --> hxxp://www.google.com
*************************
AdwCleaner[R1].txt - [2845 octets] - [13/10/2012 14:56:26]
AdwCleaner[S1].txt - [2685 octets] - [13/10/2012 14:59:30]
########## EOF - C:\AdwCleaner[S1].txt - [2745 octets] ##########
Code:
ATTFilter OTL logfile created on: 13-10-2012 15:04:43 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\johnrambo\Dokumenter\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy
2,75 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 76,59% Memory free
4,59 Gb Paging File | 4,09 Gb Available in Paging File | 89,17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 298,08 Gb Total Space | 265,62 Gb Free Space | 89,11% Space Free | Partition Type: NTFS
Drive D: | 596,16 Gb Total Space | 515,59 Gb Free Space | 86,48% Space Free | Partition Type: NTFS
Computer Name: ANTECE8400 | User Name: johnrambo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\johnrambo\Dokumenter\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Programmer\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programmer\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programmer\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programmer\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programmer\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\Programmer\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programmer\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Programmer\Fælles filer\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmer\GIGABYTE\ET6\GUI.exe ()
PRC - C:\Programmer\WD\WD Anywhere Backup\MemeoBackup.exe (Memeo Inc.)
PRC - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe (Linksys)
PRC - C:\Programmer\Fælles filer\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe (GEMTEKS)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Programmer\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Programmer\Logitech\Video\FxSvr2.exe (Logitech Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Programmer\AVAST Software\Avast\defs\12101300\algo.dll ()
MOD - C:\Programmer\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Programmer\Fælles filer\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programmer\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Programmer\GIGABYTE\ET6\MFCCPU.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\GVTunner.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\Normal.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\OCK.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\work.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\HM.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\SF.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\ycc.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\CIAMIB.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\GUI.exe ()
MOD - C:\WINDOWS\system32\ssp2ml3.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - C:\Programmer\WD\WD Anywhere Backup\sqlite3.dll ()
MOD - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\Security.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\Sound.dll ()
MOD - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\GEMWEP.DLL ()
========== Services (SafeList) ==========
SRV - (WMP54Gv4SVC) -- C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Programmer\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programmer\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Programmer\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Programmer\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Programmer\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Apple Mobile Device) -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Fabs) -- C:\Programmer\Fælles filer\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programmer\Fælles filer\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (IDriverT) -- C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (SSPORT) -- C:\WINDOWS\system32\Drivers\SSPORT.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\johnrambo\LOKALE~1\Temp\catchme.sys File not found
DRV - (GVTDrv) -- C:\WINDOWS\system32\drivers\GVTDrv.sys ()
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswNdis2) -- C:\WINDOWS\System32\drivers\aswNdis2.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswKbd) -- C:\WINDOWS\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (aswFW) -- C:\WINDOWS\System32\drivers\aswFW.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswNdis) -- C:\WINDOWS\system32\drivers\aswNdis.sys (ALWIL Software)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_da
IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programmer\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programmer\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Programmer\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmer\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programmer\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programmer\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programmer\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmer\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmer\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Programmer\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmer\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Programmer\AVAST Software\Avast\WebRep\FF [2012-10-13 11:09:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2012-09-19 17:19:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins
[2012-09-19 17:20:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnrambo\Application Data\Mozilla\Extensions
[2012-09-22 20:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnrambo\Application Data\Mozilla\Firefox\Profiles\28s6n179.default\extensions
[2011-03-11 20:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnrambo\Application Data\Mozilla\Firefox\Profiles\3fm2ldce.default\extensions
[2011-03-11 20:41:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\johnrambo\Application Data\Mozilla\Firefox\Profiles\3fm2ldce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2012-09-19 17:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2012-10-13 11:09:45 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMMER\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012-09-06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programmer\mozilla firefox\components\browsercomps.dll
[2012-09-06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012-09-06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\bing.xml
[2012-09-06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\eBay-de.xml
[2012-09-06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\leo_ende_de.xml
[2012-09-06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\wikipedia-de.xml
[2012-09-06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012-10-12 00:11:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmer\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmer\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe ARM] C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Programmer\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EasyTuneVI] C:\Programmer\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [ISUSPM] C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TrayServer] C:\Programmer\MAGIX\Video_deluxe_16_Premium\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\OpenOffice.org 3.1.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Gemeinsames\Menuen Start\Programmer\Start\OpenOffice.org 3.1.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\OpenOffice.org 3.1.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\WD Anywhere Backup Launcher.lnk = C:\Documents and Settings\johnrambo\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..Trusted Domains: danid.dk ([]https in Trusted sites)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.145.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab (e-Safekey)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A09AC428-9126-49A4-ABB0-142D3DF7D1B7}: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-19 11:09:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012-10-13 14:49:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-10-13 11:32:19 | 000,000,000 | ---D | C] -- C:\Programmer\ESET
[2012-10-13 11:18:51 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-10-13 11:15:49 | 000,113,776 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2012-10-13 11:15:46 | 000,202,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2012-10-13 11:15:46 | 000,018,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012-10-13 11:15:43 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2012-10-13 11:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\avast! Internet Security
[2012-10-13 11:09:54 | 000,355,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012-10-13 11:09:54 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012-10-13 11:09:53 | 000,729,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012-10-13 11:09:53 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012-10-13 11:09:53 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012-10-13 11:09:53 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012-10-13 11:09:53 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012-10-13 11:09:53 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012-10-13 11:09:42 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012-10-13 11:09:41 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012-10-13 11:09:31 | 000,000,000 | ---D | C] -- C:\Programmer\AVAST Software
[2012-10-13 11:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012-10-12 00:03:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-10-12 00:03:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-10-12 00:03:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-10-12 00:03:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-10-11 23:58:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-10-11 23:58:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Administration
[2012-10-11 23:58:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012-10-11 23:55:29 | 004,766,830 | R--- | C] (Swearware) -- C:\Documents and Settings\johnrambo\Skrivebord\ComboFix.exe
[2012-10-09 22:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\Sun
[2012-10-09 22:42:12 | 000,000,000 | ---D | C] -- C:\Programmer\Fælles filer\Java
[2012-10-08 21:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Malwarebytes' Anti-Malware
[2012-10-08 21:48:22 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-10-08 21:48:22 | 000,000,000 | ---D | C] -- C:\Programmer\Malwarebytes' Anti-Malware
[2012-09-22 23:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2012-09-19 17:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnrambo\Dokumenter\Downloads
[2012-09-19 17:19:56 | 000,000,000 | ---D | C] -- C:\Programmer\Mozilla Maintenance Service
[2012-09-19 17:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012-09-19 17:19:54 | 000,000,000 | ---D | C] -- C:\Programmer\Mozilla Firefox
[2005-12-13 17:12:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\stdole.dll
========== Files - Modified Within 30 Days ==========
[2012-10-13 15:06:12 | 000,448,032 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
[2012-10-13 15:06:12 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-10-13 15:06:12 | 000,078,430 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
[2012-10-13 15:06:12 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-10-13 15:02:29 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2012-10-13 15:02:29 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2012-10-13 15:02:13 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\WD Anywhere Backup Launcher.lnk
[2012-10-13 15:02:07 | 000,201,044 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012-10-13 15:02:06 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012-10-13 15:02:05 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-10-13 15:01:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-10-13 14:50:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-10-13 14:30:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-10-13 14:16:00 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1957994488-839522115-1008UA.job
[2012-10-13 11:15:46 | 000,002,708 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012-10-13 11:14:23 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\avast! Internet Security.lnk
[2012-10-13 11:02:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-10-12 00:11:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-10-11 23:55:47 | 004,766,830 | R--- | M] (Swearware) -- C:\Documents and Settings\johnrambo\Skrivebord\ComboFix.exe
[2012-10-11 20:16:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1957994488-839522115-1008Core.job
[2012-10-10 22:16:06 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-10-09 22:28:29 | 000,001,719 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Adobe Reader X.lnk
[2012-10-08 21:48:25 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\ Malwarebytes Anti-Malware .lnk
[2012-10-07 10:59:49 | 000,139,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012-10-07 10:59:44 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2012-10-06 22:41:17 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2012-10-06 19:26:46 | 000,000,009 | ---- | M] () -- C:\END
[2012-09-19 17:19:56 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\johnrambo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-09-19 17:19:56 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2012-09-18 23:58:09 | 000,007,633 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\publikationer.odt
[2012-09-18 23:45:38 | 000,017,995 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\motiveret ansøgning lektor.odt
[2012-09-18 21:14:37 | 000,137,885 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\anbefaling.pdf
[2012-09-18 19:33:23 | 000,002,248 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\kvittering.pdf
========== Files Created - No Company Name ==========
[2012-10-13 11:14:23 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\avast! Internet Security.lnk
[2012-10-13 11:09:53 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012-10-13 11:04:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\GVTunner.ref
[2012-10-12 00:03:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-10-12 00:03:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-10-12 00:03:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-10-12 00:03:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-10-12 00:03:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-10-09 22:28:29 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Adobe Reader X.lnk
[2012-10-09 22:28:29 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Adobe Reader X.lnk
[2012-10-08 21:48:25 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\ Malwarebytes Anti-Malware .lnk
[2012-10-07 22:08:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2012-10-06 19:26:38 | 000,000,009 | ---- | C] () -- C:\END
[2012-09-19 23:41:07 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-09-19 17:19:56 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\johnrambo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-09-19 17:19:56 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Mozilla Firefox.lnk
[2012-09-19 17:19:56 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2012-09-18 23:58:09 | 000,007,633 | ---- | C] () -- C:\Documents and Settings\johnrambo\Skrivebord\publikationer.odt
[2012-09-18 23:40:29 | 000,017,995 | ---- | C] () -- C:\Documents and Settings\johnrambo\Skrivebord\motiveret ansøgning lektor.odt
[2012-09-18 21:14:37 | 000,137,885 | ---- | C] () -- C:\Documents and Settings\johnrambo\Skrivebord\anbefaling.pdf
[2012-09-18 19:33:23 | 000,002,248 | ---- | C] () -- C:\Documents and Settings\johnrambo\Skrivebord\kvittering.pdf
[2012-08-02 17:46:05 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012-08-02 17:46:01 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012-08-02 17:45:29 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012-02-19 13:01:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-11-25 22:12:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011-09-11 20:12:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011-09-11 20:12:13 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011-08-11 23:08:06 | 000,000,073 | ---- | C] () -- C:\WINDOWS\PRIVAT~1.INI
[2011-07-02 13:51:24 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Speed.INI
[2011-07-02 12:29:40 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2011-03-09 19:03:20 | 000,031,768 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-03-09 18:26:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-03-04 15:16:45 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\johnrambo\.recently-used.xbel
[2010-11-04 18:24:37 | 019,657,194 | ---- | C] () -- C:\Programmer\vlc-1.1.4-win32.exe
[2010-10-17 10:46:13 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-03-25 00:35:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\johnrambo\temp.dat
[2009-07-08 15:57:40 | 000,007,775 | ---- | C] () -- C:\Documents and Settings\johnrambo\Application Data\.civclientrc
[2009-06-20 21:38:28 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-08-02 14:20:28 | 000,220,184 | ---- | C] ( ) -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\Interop.Microsoft.Office.Core.dll
========== ZeroAccess Check ==========
[2009-12-14 23:29:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009-04-29 06:34:54 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-02-09 12:53:27 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008-04-14 18:05:37 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012-10-13 11:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009-06-19 16:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey
[2009-09-24 18:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IVANOFF
[2010-01-05 22:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010-07-06 17:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2012-05-22 18:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010-05-24 18:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012-05-21 22:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tivola
[2010-05-26 16:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualDecor
[2010-07-06 17:23:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\WD
[2012-06-09 16:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\.minecraft
[2010-12-09 14:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\LEGO Company
[2011-12-04 17:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Minecrafter
[2011-05-15 18:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Octoshape
[2010-03-06 10:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\OpenOffice.org
[2011-05-15 13:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Unity
[2010-04-15 13:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemeinsames\Application Data\Canon
[2010-04-10 11:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemeinsames\Application Data\OpenOffice.org
[2009-07-08 15:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\.freeciv
[2012-02-02 14:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Canon
[2010-02-10 18:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Cryptomathic
[2010-03-14 23:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\DeepBurner
[2011-01-28 15:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\gtk-2.0
[2010-03-23 18:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\innoPlus
[2010-01-05 22:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\MAGIX
[2012-07-24 04:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\My Games
[2009-06-23 22:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\OpenOffice.org
[2011-03-09 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Opera
========== Purity Check ==========
< End of report >
Habe im OTL-fix log gesehen das einiges nicht gefunden wurde. Habe ja die Eigennamen mit johnrambo ersetz, wie von euch empfohlen oder hätte ich es mit ** ersetzen sollen?? Problem?? Hilsen Johnrambo |
|
13.10.2012, 16:09
| #10 |
| /// the machine /// TB-Ausbilder | Avira meldet ständig Befall mit Tr/atraps.gen2 Nee kein Problem AdwCleaner öffnen > Uninstall Windows-Taste+R > Combofix /Uninstall > Enter OTL öffnen > Button Bereinigung drücken Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.10.2012, 17:16
| #11 |
| | Avira meldet ständig Befall mit Tr/atraps.gen2 Schon mal danke Schrauber! Schulde dir n´Bier!! Hatte bei der Entfernung von combofix vielleicht ein Problem. Ich Hornochse hatte im Ausführungfenster uninstall fasch geschrieben, was darin resultierte das combofix seine "normale" aufnahm. Habe dann kindisch, panisch das fenster einfach per x oben rechts geschlossen... schlimm? Danke für die vielen guten Tips. Fehlt mir nur noch ein gutes programm zum entfernen von software, habe so einigen Müll angehäuft. Wir sehn uns ;-) ! Hilsen fra København Johnrambo |
|
13.10.2012, 17:34
| #12 |
| /// the machine /// TB-Ausbilder | Avira meldet ständig Befall mit Tr/atraps.gen2 Nit schlimm. hast Du den rest der anleitung dann einfach weiter abgearbeitet? wenn ja Combofix neu laden und Uninstall Befehl nochmal durchführen .
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.10.2012, 17:54
| #13 |
| | Avira meldet ständig Befall mit Tr/atraps.gen2 Jepp..alles andre nach plan entfernt! Fertig? |
|
13.10.2012, 18:29
| #14 |
| /// the machine /// TB-Ausbilder | Avira meldet ständig Befall mit Tr/atraps.gen2 alles klar
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Avira meldet ständig Befall mit Tr/atraps.gen2 |
| 7-zip, antivir, avg, avira, bho, bonjour, desktop, error, explorer, firefox, flash player, format, helper, home, logfile, monitor, mozilla, nvidia, opera, plug-in, realtek, registry, rundll, sketchup, software, spyware, viren, virus, windows internet |
.
Linear-Darstellung
