CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede tyfon Nybegynder
01. november 2011 - 17:52 Der er 67 kommentarer og
1 løsning

ping.exe

Hej
Jeg har fået ping.exe 3740 (full dump)
og ping.exe 3740 (memory dump)
Bullguard siger, jeg skal gå i system32(i fejlsikret tilstand)og slette de pågældende filer. Hvad jeg her kan finde, er en der benævnes ping, og en anden der hedder ping 6.Jeg mener ikke, at det er dem der skal slettes, da en scanning af disse to filer heller ikke advarer om noget.Jeg har også markeret "vis skjulte filer" i mappeindstillinger.Hvordan finder jeg de to filer så jeg kan få dem slettet? Jeg har xp.
På forhånd tak
Avatar billede 220661 Ekspert
01. november 2011 - 18:59 #1
Jeg har også disse i min system 32, så det tror jeg heller ikke.
Men du kan prøve at køre en tur med denne:

Hent Malwarebytes Anti-Malware herfra:
http://www.filehippo.com/download_malwarebytes_anti_malware/download/c4ad40bd8c9c8bb8547419e98b8861e4/

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen. Kopier loggen herind.
Avatar billede tyfon Nybegynder
02. november 2011 - 01:54 #2
Malwarebytes fandt ingenting; jeg har lige scannet med bullg. igen, og den fandt de samme, bortset fra, at der nu står 1272 i stedet for 3740. Kan stadig ikke fjerne dem.
Avatar billede 220661 Ekspert
02. november 2011 - 16:34 #3
Tror du så ikke det er et falsk positiv at bullguard har fundet?
Har du søgt oplysninger om filerne?
Evt lade en online scanner scanne filerene (ikke Bullguard hvis de har online scanner).
Avatar billede tyfon Nybegynder
02. november 2011 - 17:29 #4
Det er muligt, du har ret i, at det er falsk virus.
Jeg ved at mens jeg var på nettet kom der en popup, 2 gange, hvor der blev spurgt om jeg ville tillade ping adgang.Jeg klikkede ja, da jeg ikke vidste hvad det var.
Jeg scannede online med housecall i går også, og den fandt heller ingenting. Men hvad skal man tro? Tage chancen og håbe det intet betyder?
Avatar billede 220661 Ekspert
02. november 2011 - 17:35 #5
Hvis du vælger dette skal du i hverfald holde øje med at din pc ikke arbejder på nettet mere end den plejer.
Er det en fejl i filerne det udløser det, kunne du jo tjekke dit system for fejl.
Windows har to værktøjer, og det er chkdsk og sfc /scannow.

Må indrømme jeg ikke selv har været i din situation, så kan ikke lige råde yderligere. Men måske der kommer en forbi der ved noget om dette.
Avatar billede tyfon Nybegynder
03. november 2011 - 16:14 #6
Jeg har prøvet med chkdisk og ikke fået nogen meldinger derfra.
Prøver nok lige med nogen andre online scannere også.Har tidligere prøvet med housecall som intet fandt, men mit virusprogram  gjorde, og efterfølgende blev noget rettet via hijackthis. Måske skal den analyseres igen derigennem?
Avatar billede 220661 Ekspert
03. november 2011 - 16:24 #7
Jeg snuste lidt rundt i går og fandt en side med Remove Ping.exe virus, men jeg fik ikke undersøgt den nærmere, så jeg ville ikke sende den til dig.
Bruger du bittorrent programmer?
Avatar billede tyfon Nybegynder
03. november 2011 - 17:40 #8
Nej i disse programmer er der vist meget virus, så det bruger jeg ikke.
Avatar billede tyfon Nybegynder
03. november 2011 - 18:18 #9
Jeg har scannet med pc safe doctor som fandt en backdoor win 32og 2 suspicious files win 32. Efter scanningen ser det ud til, at man skal betale for at få dem fjernet, så måske er dette program ikke troværdigt.
Avatar billede 220661 Ekspert
03. november 2011 - 18:48 #10
Nej sikkert ikke.
var det herfra du hentede den?
http://www.removefakesoftware.com/file-errors/ping.exe.html
Avatar billede 220661 Ekspert
03. november 2011 - 18:59 #11
Jeg havde prøvet dette i stedet:
http://sikkerhed.tdc.dk/publish.php?id=1095
http://www.f-secure.com/en/web/labs_global/removal-tools
Avatar billede tyfon Nybegynder
03. november 2011 - 19:44 #12
Ja, jeg prøvede det første link du henviser til.Jeg vil prøve de to andre senere i aften når jeg får tid;takker så langt.
Avatar billede tyfon Nybegynder
04. november 2011 - 19:58 #13
Jeg har lige scannet med f-secure onlinescanner(hurtig scanning.)
Under scanningen popper bullguard op da den finder gen.variant.renos.37 dmband.dll som den flytter til karantæne. F-secure finder ingen fejl.
Avatar billede 220661 Ekspert
05. november 2011 - 00:45 #14
Prøv at smide en log fra Hijackthis herind, så prøver vi at kigge på den.
Avatar billede tyfon Nybegynder
05. november 2011 - 23:21 #15
Her er så endelig logfilen;
håber meget du kan finde fejlene.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:05:06, on 5-11-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\carsten\lmsxqcbysw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmer\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.søndagsavisen.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programmer\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll
R3 - URLSearchHook: SFT_eng7 Toolbar - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - C:\Programmer\SFT_eng7\prxtbSFT_.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
O2 - BHO: SFT_eng7 - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - C:\Programmer\SFT_eng7\prxtbSFT_.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmer\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - (no file)
O2 - BHO: MyAshampoo - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programmer\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll
O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O3 - Toolbar: SFT_eng7 Toolbar - {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - C:\Programmer\SFT_eng7\prxtbSFT_.dll
O3 - Toolbar: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programmer\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programmer\YouTube Downloader Toolbar\IE\4.7\youtubedownloaderToolbarIE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Fælles filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BullGuard] "c:\programmer\bullguard ltd\bullguard\BullGuard.exe" -boot
O4 - HKLM\..\Run: [Ask and Record FLV Service] "E:\programmer\Replay Media Catcher-2\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [{96A38DCF-F6A2-AD40-4408-2A4B7F820959}] "C:\Documents and Settings\carsten\Application Data\Vyepvu\cana.exe"
O4 - HKCU\..\Run: [lmsxqcbysw] C:\Documents and Settings\carsten\lmsxqcbysw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: igviwe.exe (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\programmer\bullguard ltd\bullguard\Antiphishing\IE\BGAntiphishingIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll  c:\PROGRA~1\BULLGU~2\BULLGU~1\BgAgent.dll BgGamingMonitor.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BullGuard behavioural detection service (BsBhvScan) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 7610 bytes
Avatar billede Computer Hjælp (Gratis) Mester
05. november 2011 - 23:39 #16
Yffer Pyffer!!!


O4 - HKCU\..\Run: [{96A38DCF-F6A2-AD40-4408-2A4B7F820959}] "C:\Documents and Settings\carsten\Application Data\Vyepvu\cana.exe"
O4 - HKCU\..\Run: [lmsxqcbysw] C:\Documents and Settings\carsten\lmsxqcbysw.exe
O4 - .DEFAULT User Startup: igviwe.exe (User 'Default user')

(Dette er bare de umiddelbart synlige 'snavs' elementer!!!)

Må vi lige få en OPDATERET FULD SCANNING med Malwarebytes ? Og loggen derfra her i tråden !!!

---

PS: Afinstall alle de Toolbar som du ikke bruger - eller elsker du dem til at fylde op i din IE ?
Avatar billede tyfon Nybegynder
06. november 2011 - 11:37 #17
Jeg har fixet de ovenstående du har beskrevet og slettet/deaktiveret hvad jeg kunne finde af toolbars.
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8095

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6-11-2011 11:10:57
mbam-log-2011-11-06 (11-10-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 203846
Time elapsed: 1 hour(s), 8 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{96A38DCF-F6A2-AD40-4408-2A4B7F820959} (Rootkit.0Access) -> Value: {96A38DCF-F6A2-AD40-4408-2A4B7F820959} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\carsten\application data\Vyepvu\cana.exe (Rootkit.0Access) -> No action taken.
c:\documents and settings\administrator\menuen start\programmer\start\gayt.exe (Rootkit.0Access) -> No action taken.
c:\documents and settings\carsten\lmsxqcbysw.exe (Backdoor.Bot) -> No action taken.
c:\documents and settings\default user\menuen start\programmer\start\igviwe.exe (Rootkit.0Access) -> No action taken.
c:\system volume information\_restore{e330ee8b-947a-4097-8ea1-464fd3aa94e6}\RP144\A0024721.rbf (Adware.WidgiToolbar) -> No action taken.
c:\system volume information\_restore{e330ee8b-947a-4097-8ea1-464fd3aa94e6}\rp144\a0024765.exe (Rootkit.0Access) -> No action taken.
c:\system volume information\_restore{e330ee8b-947a-4097-8ea1-464fd3aa94e6}\rp144\a0024766.exe (Backdoor.Bot) -> No action taken.
c:\system volume information\_restore{e330ee8b-947a-4097-8ea1-464fd3aa94e6}\rp144\a0024767.exe (Rootkit.0Access) -> No action taken.
Avatar billede 220661 Ekspert
06. november 2011 - 11:42 #18
hvad tror du selv no aktion taken betyder?
Avatar billede Flemming63 Juniormester
06. november 2011 - 12:12 #19
"Rootkit.0Access" synes jeg da er bekymrende!
Avatar billede 220661 Ekspert
06. november 2011 - 12:23 #20
Ja og det er også derfor jeg reagerer på at der ikke er valgt at fjerne disse. (No aktion taken)
Avatar billede Computer Hjælp (Gratis) Mester
06. november 2011 - 12:26 #21
OM igen med MalwareBytes !!

Du 'glemte' [Fjern det valgte] knappen til sidst...
Avatar billede 220661 Ekspert
06. november 2011 - 12:34 #22
#21 Ja. Du må ikke have læst #1 ordentligt igennem.
Avatar billede Flemming63 Juniormester
06. november 2011 - 12:38 #23
Det var nu "Rootkit.0Access" der var bekymrende - ikke "No action taken." *S*
Avatar billede 220661 Ekspert
06. november 2011 - 12:42 #24
Jo for han har ikke fjernet det, når der står no aktion taken.
Og det er det der er bekymrende.
Avatar billede Flemming63 Juniormester
06. november 2011 - 13:15 #25
"Jo for han har ikke fjernet det, når der står no aktion taken.
Og det er det der er bekymrende"
Nej - det er Rootkit.0Access der er bekymrende.
Avatar billede 220661 Ekspert
06. november 2011 - 13:42 #26
Det er jo hvordan man fortolker det?
Havde han fjernet filerne som Malwarebytes fandt, havde det jo ikke været et problem længere.
Avatar billede Flemming63 Juniormester
06. november 2011 - 13:55 #27
"Havde han fjernet filerne som Malwarebytes fandt, havde det jo ikke været et problem længere."

Jo, for jeg betvivler Malwarebytes evne til at fjerne (Rootkit.0Access) effektivt.
Avatar billede 220661 Ekspert
06. november 2011 - 14:04 #28
Så må du jo komme med et bedre forslag (hvis du har det)?
Avatar billede Flemming63 Juniormester
06. november 2011 - 14:22 #29
Prøv lige at erstatte 0Access med Zero Access.
Prøv så at Google det.

Du skal kunne bruge combofix for at klare den!
Avatar billede 220661 Ekspert
06. november 2011 - 14:42 #30
Har prøvet at kigge på nogle tråde om det, og der anbefaler de combofix til at fjerne denne type rootkit. Har ikke erfaring med dete program desværre. Men lære kan man hele livet, og måske skal vi den vej for at løse det.
Hvad med TDSSkiller fra Kaspersky? Er det en god rootkit scanner at have som ekstra værktøj, i denne sammenhæng?
Avatar billede tyfon Nybegynder
06. november 2011 - 17:48 #31
Jeg havde nu prøvet at fjerne efter scanningen, men programmet ville ikke(no action taken.)Men jeg prøver igen med malw.b.
Avatar billede tyfon Nybegynder
06. november 2011 - 19:56 #32
Jeg har nu lavet en fuld scanning igen med malwareb.;og nu finder den intet.(Skal jeg prøve at scanne med et andet program?) Jeg bemærkede, at under scanningen siger bullguard adskillige gange, at den registrerer variant gen.renos og trojan generic.kd som den sætter i karæntæne.
(Kan man slette karantænerne, eller skal man lade dem være hvor de er?)
Avatar billede f-arn Guru
07. november 2011 - 06:47 #33
Inden vi bruger ComboFix, vil jeg gerne ha' du gør dette:

Hent og kør DDS

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af begge  herind.

OBS - DDS skal gemmes på computeren og ikke køres fra nettet.
Avatar billede 220661 Ekspert
07. november 2011 - 08:41 #34
Tak f-arn.
Jeg kigger med på sidelinien (for måske at lære dette, hvis det kan lade sig gøre *G*)
Avatar billede tyfon Nybegynder
07. november 2011 - 20:00 #35
Jeg har prøvet at scanne med dds 3 gange. Den stopper efter ca. et minut og alt fryser.Passer den med xp? Jeg kører den over GEM.
Avatar billede f-arn Guru
08. november 2011 - 08:05 #36
Ja - den kan fint køres på XP. Prøv at deaktivere Bullguard først.
Avatar billede tyfon Nybegynder
08. november 2011 - 16:23 #37
Jeg har prøvet at lukke af både på ikonet på proceslinien og alt med bullguard og ad-aware i msconfig.Når den ikke vil scanne mere, og jeg bruger musen, fryser det hele, så jeg må slukke og genstarte.
Avatar billede tyfon Nybegynder
08. november 2011 - 16:44 #38
Ved ikke, om der kan være noget der blokerer, da jeg længe har haft en opdatering hængende, som jeg ikke kan installere:Sikkerh.opdatering net framework 2.0 winserver2003 til xp x86 kb2572073.(Den installerer kun halvejs.)
Desuden kan jeg ikke aktivere bullg. firewall. selvom jeg har slået windows firewall fra
Avatar billede f-arn Guru
09. november 2011 - 10:55 #39
Download OTL af OldTimer og gem den på dit skrivebord.

Start OTL

Øverst sætter du flueben i "Scan All Users"

I nederste højre hjørne af det øverste panel, sæt fluben ved "LOP Check" og "Purity Check".

I boksen "Custom Scans/Fixes" kopierer du det fremhævede ind.


netsvcs
drivers32
msconfig
safebootminimal
safebootnetwork
set /c
/md5start
iexplore.exe
explorer.exe
winlogon.exe
userinit.exe
svchost.exe
volsnap.sys
wininit.exe
sfc.dll
ping.exe
/md5stop
%SYSTEMDRIVE%\*.*
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%programfiles%\*.
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


Luk alle åbne vinduer og klik på "Run Scan" øverst til venstre og lad programmet køre. Scanningen kan tage 5-10 minutter.

Det vil give to logfiler på skrivebordet, OTL.txt og Extras.txt.

Så kopier følgende ind i dit indlæg (i rækkefølge):

indholdet af OTL.txt
indholdet af Extras.txt

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.
Avatar billede tyfon Nybegynder
09. november 2011 - 18:27 #40
Her er så den komplette log
OTL logfile created on: 9-11-2011 17:40:09 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Documents and Settings\carsten\Dokumenter\Hentede filer
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: d-MM-yyyy

1023,36 Mb Total Physical Memory | 421,70 Mb Available Physical Memory | 41,21% Memory free
2,40 Gb Paging File | 1,99 Gb Available in Paging File | 82,87% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 55,89 Gb Total Space | 42,47 Gb Free Space | 75,99% Space Free | Partition Type: NTFS

Computer Name: MYPC | User Name: carsten | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-11-09 15:39:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\carsten\Dokumenter\Hentede filer\OTL.exe
PRC - [2011-10-28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011-10-28 19:35:26 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011-06-09 12:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
PRC - [2008-04-14 17:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-06-19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (No Company Name) ==========

MOD - [2011-10-28 19:35:28 | 000,430,568 | ---- | M] () -- C:\Programmer\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011-10-28 19:35:28 | 000,308,560 | ---- | M] () -- C:\Programmer\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011-10-28 19:35:26 | 000,591,232 | ---- | M] () -- C:\Programmer\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011-10-11 13:50:10 | 000,193,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2011-10-11 13:50:08 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011-09-24 15:20:01 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011-09-05 18:05:00 | 000,300,544 | ---- | M] () -- C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\PDFShell.DAN


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] --  -- (HidServ) Adgang til brugerstyrede inputenheder (HID)
SRV - [2011-11-04 16:17:06 | 000,375,648 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programmer\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2011-11-01 21:41:43 | 000,166,752 | ---- | M] (BullGuard Ltd.) [On_Demand | Running] -- C:\Programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2011-11-01 21:41:42 | 000,218,976 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programmer\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2011-11-01 21:41:41 | 000,292,192 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programmer\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV - [2011-11-01 21:38:07 | 000,275,808 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2011-10-28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011-10-27 21:33:23 | 000,447,328 | ---- | M] (BullGuard Ltd.) [Auto | Stopped] -- C:\Programmer\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV - [2011-10-14 12:22:18 | 000,188,256 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programmer\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2011-10-14 12:22:16 | 000,058,720 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programmer\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup)
SRV - [2011-04-19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Programmer\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011-04-19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Programmer\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010-12-09 13:08:10 | 000,305,600 | ---- | M] () [Disabled | Stopped] -- C:\Programmer\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe -- (Cleaner_Validator)
SRV - [2003-06-19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2011-10-28 19:35:26 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programmer\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011-10-14 09:15:08 | 000,789,448 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV - [2011-10-14 09:15:08 | 000,304,712 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2011-10-14 09:15:08 | 000,019,272 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV - [2011-10-14 09:15:06 | 000,064,608 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2011-08-19 16:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011-06-26 01:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2011-06-26 01:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliand)
DRV - [2010-09-01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008-04-14 09:43:44 | 000,606,812 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004-04-14 13:52:54 | 000,020,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MosIrUsb.sys -- (MosIrUsb)
DRV - [2003-03-30 19:22:32 | 000,624,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-343818398-492894223-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.søndagsavisen.dk/
IE - HKU\S-1-5-21-343818398-492894223-1957994488-1004\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKU\S-1-5-21-343818398-492894223-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmer\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmer\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programmer\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmer\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: c:\programmer\bullguard ltd\bullguard\Antiphishing\FF\antiphishing@bullguard\ [2011-10-27 21:30:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2011-10-19 15:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins [2011-10-10 14:09:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\programmer\bullguard ltd\bullguard\backup\thunderbirdbkplugin [2011-10-27 21:30:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\programmer\bullguard ltd\bullguard\Spamfilter\TbSpamfilter [2011-10-27 21:30:36 | 000,000,000 | ---D | M]

[2011-08-29 19:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\carsten\Application Data\Mozilla\Extensions
[2011-10-16 10:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\carsten\Application Data\Mozilla\Firefox\Profiles\dq9aq50z.default\extensions
[2011-09-24 12:43:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\carsten\Application Data\Mozilla\Firefox\Profiles\dq9aq50z.default\extensions\engine@conduit.com
[2011-08-04 08:30:44 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\carsten\Application Data\Mozilla\Firefox\Profiles\dq9aq50z.default\searchplugins\conduit.xml
[2011-10-16 09:40:49 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\carsten\Application Data\Mozilla\Firefox\Profiles\dq9aq50z.default\searchplugins\SearchResults.xml
[2011-11-06 09:33:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2011-10-09 18:42:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmer\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011-10-21 14:28:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmer\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011-10-27 21:30:57 | 000,000,000 | ---D | M] (BullGuard Safe Browsing) -- C:\PROGRAMMER\BULLGUARD LTD\BULLGUARD\ANTIPHISHING\FF\ANTIPHISHING@BULLGUARD
[2011-10-09 18:41:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMER\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-09-29 08:07:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programmer\mozilla firefox\components\browsercomps.dll
[2011-10-03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmer\mozilla firefox\plugins\npdeployJava1.dll
[2011-09-29 02:36:16 | 000,001,525 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\amazon-co-uk.xml
[2011-07-17 08:59:13 | 000,002,287 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\babylon.xml
[2011-09-29 01:48:01 | 000,002,252 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\bing.xml
[2011-10-16 09:40:49 | 000,002,520 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\SearchResults.xml
[2011-09-29 02:36:16 | 000,001,178 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\wikipedia-da.xml

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O2 - BHO: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-492894223-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O4 - HKLM..\Run: [BullGuard] c:\programmer\bullguard ltd\bullguard\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmer\Fælles filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-492894223-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-492894223-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\Programmer\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O15 - HKU\S-1-5-21-343818398-492894223-1957994488-1004\..Trusted Domains: appliantechnologies.com ([]https in Websteder, du har tillid til)
O15 - HKU\S-1-5-21-343818398-492894223-1957994488-1004\..Trusted Domains: danskebank.dk ([]https in Websteder, du har tillid til)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (c:\PROGRA~1\BULLGU~2\BULLGU~1\BgAgent.dll) -c:\Programmer\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) -C:\WINDOWS\System32\BgGamingMonitor.dll (BullGuard Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programmer\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-07-01 10:26:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{82ca3323-dd5b-11e0-8ef6-00080267e7fd}\Shell\Open\command - "" = C:\Programmer\VideoLAN\VLC\vlc.exe -- [2011-07-14 13:21:10 | 000,108,032 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (cnat)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

MsConfig - Services: "Schedule"
MsConfig - Services: "Cleaner_Validator"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "W32Time"
MsConfig - Services: "WebClient"
MsConfig - Services: "TrkWks"
MsConfig - Services: "RemoteRegistry"
MsConfig - Services: "RDSessMgr"
MsConfig - Services: "RasMan"
MsConfig - Services: "CryptSvc"
MsConfig - Services: "COMSysApp"
MsConfig - Services: "CiSvc"
MsConfig - Services: "SysmonLog"
MsConfig - Services: "SSDPSRV"
MsConfig - Services: "Secunia Update Agent"
MsConfig - Services: "Secunia PSI Agent"
MsConfig - Services: "seclogon"
MsConfig - Services: "mnmsrvc"
MsConfig - Services: "LanmanServer"
MsConfig - Services: "WmiApSrv"
MsConfig - Services: "SharedAccess"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Secunia PSI Tray.lnk - C:\Programmer\Secunia\PSI\psi_tray.exe - (Secunia)
MsConfig - StartUpReg: AnyDVD - hkey= - key= -  File not found
MsConfig - StartUpReg: Ask and Record FLV Service - hkey= - key= -  File not found
MsConfig - StartUpReg: ATIModeChange - hkey= - key= -  File not found
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - StartUpReg: DriverFinder - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Programmer\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Share-to-Web Namespace Daemon - hkey= - key= - C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
MsConfig - StartUpReg: VoipBuster - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 1
MsConfig - State: "win.ini" - 1
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsMain - C:\Programmer\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SafeBootMin: BsScanner - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: BsMain - C:\Programmer\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SafeBootNet: BsScanner - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
SafeBootNet: BsUpdate - C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011-11-09 17:03:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\carsten\Recent
[2011-11-09 15:02:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011-11-07 19:20:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\carsten\Menuen Start\Programmer\Administration
[2011-11-05 22:34:19 | 000,000,000 | ---D | C] -- C:\Programmer\Trend Micro
[2011-11-05 16:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Dokumenter\ConvertXToDVD
[2011-11-05 16:06:03 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2011-11-05 09:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Application Data\Vyepvu
[2011-11-05 09:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Application Data\Peiwoc
[2011-11-01 21:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-10-31 16:06:43 | 000,000,000 | ---D | C] -- C:\e2fcbaac3662a2552c18ec
[2011-10-31 15:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Application Data\f-secure
[2011-10-31 15:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011-10-30 21:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Application Data\Windows Search
[2011-10-30 20:26:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011-10-28 22:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\ApplicationHistory
[2011-10-28 21:09:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011-10-28 21:09:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011-10-28 21:09:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011-10-28 21:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Application Data\Windows Desktop Search
[2011-10-28 21:04:18 | 000,000,000 | ---D | C] -- C:\Programmer\Windows Desktop Search
[2011-10-28 21:04:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011-10-28 21:02:31 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011-10-28 21:02:30 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011-10-28 21:02:30 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011-10-28 20:59:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011-10-28 20:51:10 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2011-10-28 20:37:45 | 000,000,000 | ---D | C] -- C:\Programmer\Microsoft.NET
[2011-10-27 21:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\BullGuard
[2011-10-27 21:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\BullGuard
[2011-10-27 21:29:38 | 000,000,000 | ---D | C] -- C:\Programmer\Fælles filer\BullGuard Ltd
[2011-10-27 21:29:33 | 000,000,000 | ---D | C] -- C:\Programmer\BullGuard Ltd
[2011-10-26 22:04:48 | 000,000,000 | ---D | C] -- C:\Programmer\Fælles filer\Symantec Shared
[2011-10-26 22:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011-10-26 22:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011-10-23 21:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\Jaksta_Technologies_Pty_L
[2011-10-21 14:27:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011-10-21 14:27:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011-10-21 14:27:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011-10-20 17:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\K-Lite Codec Pack
[2011-10-20 17:25:08 | 000,000,000 | ---D | C] -- C:\Programmer\K-Lite Codec Pack
[2011-10-20 16:14:06 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011-10-17 14:35:29 | 000,000,000 | ---D | C] -- C:\Swsetup
[2011-10-16 09:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\Ilivid Player
[2011-10-16 09:40:59 | 000,000,000 | ---D | C] -- C:\Programmer\Windows iLivid Toolbar
[2011-10-16 09:40:48 | 000,000,000 | ---D | C] -- C:\Programmer\SearchCore for Browsers
[2011-10-16 09:37:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\carsten\Dokumenter\Videoer
[2011-10-16 09:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Application Data\DivX
[2011-10-16 09:29:10 | 000,000,000 | ---D | C] -- C:\Programmer\DivX
[2011-10-16 09:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011-10-14 09:15:08 | 000,789,448 | ---- | C] (NovaShield, Inc.) -- C:\WINDOWS\System32\drivers\NSKernel.sys
[2011-10-14 09:15:08 | 000,304,712 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2011-10-14 09:15:08 | 000,019,272 | ---- | C] (NovaShield, Inc.) -- C:\WINDOWS\System32\drivers\NSNetmon.sys
[2011-10-14 09:15:06 | 000,064,608 | ---- | C] (BullGuard Ltd.) -- C:\WINDOWS\System32\drivers\BdSpy.sys
[2011-09-12 17:16:59 | 019,837,950 | ---- | C] (VSO-Software                                                ) -- C:\Programmer\vsoConvertXtoDVD4_setup_4.1.19.365c.exe
[2011-08-18 22:12:04 | 016,937,312 | ---- | C] (Microsoft Corporation) -- C:\Programmer\IE8-WindowsXP-x86-DAN.exe
[2011-07-05 17:03:54 | 013,988,808 | ---- | C] (Mozilla) -- C:\Programmer\Firefox Setup 5.0.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[48 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-11-09 17:04:54 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\carsten\Application Data\vso_ts_preview.xml
[2011-11-09 15:11:36 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-11-09 14:57:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-11-09 05:44:50 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011-11-09 05:44:50 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-11-08 17:11:31 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-11-08 16:09:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011-11-08 15:47:52 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2011-11-08 15:47:37 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011-11-05 20:56:01 | 000,095,608 | ---- | M] () -- C:\Documents and Settings\carsten\Dokumenter\My DVD.XtoDVD
[2011-11-04 22:26:07 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2011-11-04 22:26:06 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2011-11-03 17:58:26 | 000,000,021 | ---- | M] () -- C:\WINDOWS\tpcsd
[2011-11-01 18:27:19 | 000,520,300 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
[2011-11-01 18:27:19 | 000,481,344 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-11-01 18:27:19 | 000,100,438 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
[2011-11-01 18:27:19 | 000,079,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-11-01 16:26:58 | 000,133,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-10-31 17:40:52 | 000,173,502 | ---- | M] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\census.cache
[2011-10-31 17:40:32 | 000,164,156 | ---- | M] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\ars.cache
[2011-10-31 17:25:22 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\housecall.guid.cache
[2011-10-28 22:45:20 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\fusioncache.dat
[2011-10-27 21:31:02 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\BullGuard.lnk
[2011-10-20 16:22:57 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\carsten\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-10-20 16:18:35 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011-10-20 16:18:34 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011-10-20 16:12:17 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011-10-19 15:07:35 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\carsten\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-10-19 15:07:35 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2011-10-15 08:41:18 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011-10-14 09:15:08 | 000,789,448 | ---- | M] (NovaShield, Inc.) -- C:\WINDOWS\System32\drivers\NSKernel.sys
[2011-10-14 09:15:08 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2011-10-14 09:15:08 | 000,019,272 | ---- | M] (NovaShield, Inc.) -- C:\WINDOWS\System32\drivers\NSNetmon.sys
[2011-10-14 09:15:06 | 000,064,608 | ---- | M] (BullGuard Ltd.) -- C:\WINDOWS\System32\drivers\BdSpy.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[48 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-11-05 20:55:55 | 000,095,608 | ---- | C] () -- C:\Documents and Settings\carsten\Dokumenter\My DVD.XtoDVD
[2011-11-03 17:58:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\tpcsd
[2011-10-31 17:40:52 | 000,173,502 | ---- | C] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\census.cache
[2011-10-31 17:40:32 | 000,164,156 | ---- | C] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\ars.cache
[2011-10-31 17:25:22 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\housecall.guid.cache
[2011-10-31 17:18:31 | 000,074,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
[2011-10-28 22:45:20 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\fusioncache.dat
[2011-10-28 20:55:44 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011-10-27 21:31:02 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\BullGuard.lnk
[2011-10-20 17:25:17 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011-10-20 16:13:55 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\carsten\Menuen Start\Programmer\Windows Media Player.lnk
[2011-10-19 15:07:35 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\carsten\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-10-19 15:07:35 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2011-10-19 15:07:34 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Mozilla Firefox.lnk
[2011-10-15 17:53:08 | 000,000,303 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Polar Precision Performance SW.lnk
[2011-09-26 18:02:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2011-09-12 17:24:11 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\carsten\Application Data\vso_ts_preview.xml
[2011-08-29 22:21:39 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-08-14 00:57:43 | 000,019,351 | ---- | C] () -- C:\WINDOWS\cscmondump.bin
[2011-08-14 00:57:27 | 000,196,048 | ---- | C] () -- C:\WINDOWS\CSC_ServiceDump.dat
[2011-08-14 00:57:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
[2011-08-07 07:17:14 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011-08-01 07:03:16 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011-08-01 07:03:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-07-06 14:49:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-07-05 23:05:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-07-05 17:06:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-07-05 16:05:44 | 000,092,296 | ---- | C] () -- C:\Programmer\BullGuardDownloader.exe
[2011-07-01 12:17:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-07-01 11:58:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-07-01 11:57:02 | 000,133,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-07-01 10:30:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-07-01 10:22:19 | 000,022,732 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011-01-19 09:55:54 | 002,992,640 | ---- | C] () -- C:\Programmer\openofficeorg33.msi
[2011-01-19 09:54:20 | 000,475,016 | ---- | C] () -- C:\Programmer\setup.exe
[2011-01-19 09:51:30 | 127,599,615 | ---- | C] () -- C:\Programmer\openofficeorg1.cab
[2011-01-19 09:02:46 | 000,000,290 | ---- | C] () -- C:\Programmer\setup.ini
[2008-05-26 21:23:18 | 000,016,130 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 21:23:16 | 000,021,898 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 21:23:14 | 000,016,012 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-05-26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008-05-26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008-04-15 04:00:00 | 000,520,300 | ---- | C] () -- C:\WINDOWS\System32\perfh006.dat
[2008-04-15 04:00:00 | 000,481,344 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008-04-15 04:00:00 | 000,100,438 | ---- | C] () -- C:\WINDOWS\System32\perfc006.dat
[2008-04-15 04:00:00 | 000,079,800 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008-04-15 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004-08-26 18:03:16 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-04-14 13:52:54 | 000,020,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\MosIrUsb.sys
[2003-03-30 19:13:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003-03-30 19:13:06 | 000,249,941 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2001-10-09 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-10-09 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-10-09 13:00:00 | 000,284,912 | ---- | C] () -- C:\WINDOWS\System32\perfi006.dat
[2001-10-09 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-10-09 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-10-09 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-10-09 13:00:00 | 000,034,026 | ---- | C] () -- C:\WINDOWS\System32\perfd006.dat
[2001-10-09 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-10-09 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-08-07 17:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2001-01-24 00:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000-04-14 15:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998-06-11 13:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== LOP Check ==========

[2011-09-26 16:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applian
[2011-10-16 10:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011-11-09 17:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BullGuard
[2011-10-31 15:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011-08-07 07:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011-11-05 10:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-09-12 17:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011-11-02 21:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011-08-29 15:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\BullGuard
[2011-10-31 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\f-secure
[2011-09-12 17:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\GetRightToGo
[2011-08-29 21:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\OpenOffice.org
[2011-11-05 23:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\Peiwoc
[2011-09-24 15:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\PriceGong
[2011-10-23 21:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\Replay Media Catcher 4
[2011-08-29 19:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\searchquband
[2011-08-29 15:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\Software Inspection Library
[2011-11-09 17:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\Vso
[2011-11-06 11:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\Vyepvu
[2011-10-28 21:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\Windows Desktop Search
[2011-10-30 21:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\Windows Search
[2011-10-27 21:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\BullGuard
[2011-11-08 15:47:37 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< set /c >
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\carsten\Application Data
CommonProgramFiles=C:\Programmer\F‘lles filer
COMPUTERNAME=MYPC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\carsten
LOGONSERVER=\\MYPC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Programmer\Internet Explorer;C:\WINDOWS\system32\WindowsPowerShell\v1.0
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Programmer
PROMPT=$P$G
PSModulePath=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\carsten\LOKALE~1\Temp
TMP=C:\DOCUME~1\carsten\LOKALE~1\Temp
USERDOMAIN=MYPC
USERNAME=carsten
USERPROFILE=C:\Documents and Settings\carsten
windir=C:\WINDOWS


< MD5 for: EXPLORER.EXE  >
[2008-04-14 17:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D -- C:\WINDOWS\explorer.exe
[2008-04-14 17:05:49 | 001,034,752 | ---- | M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004-08-26 17:53:50 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=DA77B9561CC9AC54584C86CAB36EBF25 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: IEXPLORE.EXE  >
[2011-04-21 11:34:43 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=3E23DBEBE1020D52C63235E4189FAC03 -- C:\WINDOWS\$hf_mig$\KB2530548-IE7\SP3QFE\iexplore.exe
[2010-04-16 12:08:29 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B24A4E23A2FEDB6976EB04D334AD82B2 -- C:\WINDOWS\$hf_mig$\KB982381-IE7\SP3QFE\iexplore.exe
[2010-04-16 12:08:29 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B24A4E23A2FEDB6976EB04D334AD82B2 -- C:\WINDOWS\SoftwareDistribution\Download\1d08afe1ff78adbfaeb1f89ee29bcac5\SP3QFE\iexplore.exe
[2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Programmer\Internet Explorer\iexplore.exe
[2009-03-08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2011-04-21 11:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=B6E13F9C120C776A89D783E26D6C15C5 -- C:\WINDOWS\ie7updates\KB2559049-IE7\iexplore.exe
[2004-08-26 17:53:52 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=B9275D2D89720ECE7A7FFC07F62C5234 -- C:\WINDOWS\ie7\iexplore.exe
[2010-04-16 12:43:25 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=C4BA5E36FB57F547117305BF1E0FE454 -- C:\WINDOWS\ie8\iexplore.exe
[2010-04-16 12:43:25 | 000,634,656 | ---- | M] (Microsoft Corporation) MD5=C4BA5E36FB57F547117305BF1E0FE454 -- C:\WINDOWS\SoftwareDistribution\Download\1d08afe1ff78adbfaeb1f89ee29bcac5\SP3GDR\iexplore.exe
[2008-04-15 04:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=C7B06A4ABC2D4DDE7486C207B45CECD9 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2011-06-20 11:38:09 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=DE0F15DD275A36C3E67DC1E36F958F3A -- C:\WINDOWS\$hf_mig$\KB2559049-IE7\SP3QFE\iexplore.exe
[2007-08-13 17:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB2530548-IE7\iexplore.exe
[2007-08-13 17:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB982381-IE7\iexplore.exe

< MD5 for: PING.EXE  >
[2008-04-14 17:05:59 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=46915538D3F10D0BA96E096C87B73AF2 -- C:\WINDOWS\ServicePackFiles\i386\ping.exe
[2008-04-14 17:05:59 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=46915538D3F10D0BA96E096C87B73AF2 -- C:\WINDOWS\system32\ping.exe
[2004-08-26 17:53:54 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=4C8AD1C6E32F05B3B8915570E189531F -- C:\WINDOWS\$NtServicePackUninstall$\ping.exe

< MD5 for: SFC.DLL  >
[2008-04-14 17:05:31 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=2EE3F794D81AA928C689E1827EB4B88D -- C:\WINDOWS\ServicePackFiles\i386\sfc.dll
[2008-04-14 17:05:31 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=2EE3F794D81AA928C689E1827EB4B88D -- C:\WINDOWS\system32\sfc.dll
[2004-08-26 17:53:44 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=620CC849AC9D58874CA1946BEB9E441E -- C:\WINDOWS\$NtServicePackUninstall$\sfc.dll

< MD5 for: SVCHOST.EXE  >
[2004-08-26 17:53:56 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=46FE2ED518FDFBFD289F014A3078575C -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008-04-14 17:06:03 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=555F8F4CB284FE94059DCACF6074F9EC -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008-04-14 17:06:03 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=555F8F4CB284FE94059DCACF6074F9EC -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE  >
[2004-08-26 17:53:56 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=3A03D6433E4E5FD3430DD3431FC6AC54 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008-04-14 17:06:05 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2011-11-08 15:47:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS  >
[2008-04-14 16:37:03 | 000,053,504 | ---- | M] (Microsoft Corporation) MD5=69D9E1DE5F897580F8B1D1957528B0B2 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008-04-14 16:37:03 | 000,053,504 | ---- | M] (Microsoft Corporation) MD5=69D9E1DE5F897580F8B1D1957528B0B2 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004-08-26 17:48:58 | 000,053,504 | ---- | M] (Microsoft Corporation) MD5=D52A1B9898B1E52E9E592DBAA1CF358B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE  >
[2004-08-26 17:53:56 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=713AD65B9FF9CEE0A43181B442D846EB -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008-04-14 17:06:06 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 17:06:06 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B -- C:\WINDOWS\system32\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2011-11-05 09:37:24 | 000,019,733 | ---- | M] () -- C:\aaw7boot.log
[2011-07-01 10:26:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011-11-08 16:09:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2001-10-09 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin
[2011-07-01 10:26:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011-09-24 17:15:36 | 000,000,043 | ---- | M] () -- C:\END
[2011-07-01 10:26:39 | 000,000,000 | -HS- | M] () -- C:\IO.SYS
[2011-10-30 20:54:28 | 000,000,000 | ---- | M] () -- C:\Log.txt
[2011-07-01 10:26:39 | 000,000,000 | -HS- | M] () -- C:\MSDOS.SYS
[2008-04-15 04:00:00 | 000,047,564 | -HS- | M] () -- C:\NTDETECT.COM
[2008-04-15 04:00:00 | 000,250,576 | -HS- | M] () -- C:\ntldr
[2011-11-09 14:57:06 | 1609,605,120 | -HS- | M] () -- C:\pagefile.sys
[2011-11-09 14:57:40 | 000,000,071 | ---- | M] () -- C:\Pollog.txt
[2011-11-09 14:57:40 | 000,058,500 | ---- | M] () -- C:\PollSt.txt

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2011-08-29 16:18:52 | 000,524,288 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011-08-27 22:51:36 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2011-08-29 16:18:52 | 020,185,088 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011-08-29 16:18:52 | 003,670,016 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %programfiles%\*. >
[2011-07-18 21:21:12 | 000,000,000 | ---D | M] -- C:\Programmer\Adobe
[2011-09-26 21:47:42 | 000,000,000 | ---D | M] -- C:\Programmer\Applian Technologies
[2011-07-05 15:41:30 | 000,000,000 | ---D | M] -- C:\Programmer\BullGuard
[2011-10-27 21:29:33 | 000,000,000 | ---D | M] -- C:\Programmer\BullGuard Ltd
[2011-10-26 20:19:30 | 000,000,000 | ---D | M] -- C:\Programmer\CCleaner
[2011-08-13 22:41:20 | 000,000,000 | ---D | M] -- C:\Programmer\COMODO
[2011-07-01 10:22:06 | 000,000,000 | ---D | M] -- C:\Programmer\ComPlus Applications
[2011-09-25 09:53:21 | 000,000,000 | ---D | M] -- C:\Programmer\Defraggler
[2011-10-16 09:57:24 | 000,000,000 | ---D | M] -- C:\Programmer\DivX
[2011-09-25 09:19:52 | 000,000,000 | ---D | M] -- C:\Programmer\FileHippo.com
[2011-11-06 09:33:30 | 000,000,000 | ---D | M] -- C:\Programmer\Fælles filer
[2011-07-28 21:30:00 | 000,000,000 | ---D | M] -- C:\Programmer\Google
[2011-08-02 23:22:18 | 000,000,000 | ---D | M] -- C:\Programmer\Hewlett-Packard
[2011-10-17 16:28:52 | 000,000,000 | -H-D | M] -- C:\Programmer\InstallShield Installation Information
[2011-10-28 22:25:50 | 000,000,000 | ---D | M] -- C:\Programmer\Internet Explorer
[2011-10-21 14:27:45 | 000,000,000 | ---D | M] -- C:\Programmer\Java
[2011-10-20 17:26:26 | 000,000,000 | ---D | M] -- C:\Programmer\K-Lite Codec Pack
[2011-09-24 15:17:04 | 000,000,000 | ---D | M] -- C:\Programmer\Lavasoft
[2011-07-05 20:22:13 | 000,000,000 | ---D | M] -- C:\Programmer\licenses
[2011-08-29 20:23:55 | 000,000,000 | ---D | M] -- C:\Programmer\Messenger
[2011-10-06 21:49:16 | 000,000,000 | ---D | M] -- C:\Programmer\Microsoft
[2011-07-01 10:27:09 | 000,000,000 | ---D | M] -- C:\Programmer\microsoft frontpage
[2011-10-13 19:58:32 | 000,000,000 | ---D | M] -- C:\Programmer\Microsoft Silverlight
[2011-07-01 12:14:36 | 000,000,000 | ---D | M] -- C:\Programmer\Microsoft Visual Studio
[2011-10-28 20:37:45 | 000,000,000 | ---D | M] -- C:\Programmer\Microsoft.NET
[2011-08-29 21:11:13 | 000,000,000 | ---D | M] -- C:\Programmer\Movie Maker
[2011-11-09 16:45:55 | 000,000,000 | ---D | M] -- C:\Programmer\Mozilla Firefox
[2011-07-06 13:43:54 | 000,000,000 | ---D | M] -- C:\Programmer\MSBuild
[2011-09-20 20:12:27 | 000,000,000 | ---D | M] -- C:\Programmer\MSECACHE
[2011-08-29 14:46:06 | 000,000,000 | ---D | M] -- C:\Programmer\msn gaming zone
[2011-08-29 20:12:16 | 000,000,000 | ---D | M] -- C:\Programmer\NetMeeting
[2011-09-24 12:47:56 | 000,000,000 | ---D | M] -- C:\Programmer\NKProds
[2011-08-01 22:14:37 | 000,000,000 | ---D | M] -- C:\Programmer\Ny mappe
[2011-07-01 10:24:29 | 000,000,000 | ---D | M] -- C:\Programmer\Onlinetjenester
[2011-08-31 21:54:39 | 000,000,000 | ---D | M] -- C:\Programmer\OpenOffice.org 3
[2011-08-29 21:15:09 | 000,000,000 | ---D | M] -- C:\Programmer\Outlook Express
[2011-08-31 21:49:13 | 000,000,000 | ---D | M] -- C:\Programmer\readmes
[2011-07-05 20:22:18 | 000,000,000 | ---D | M] -- C:\Programmer\redist
[2011-07-06 13:43:30 | 000,000,000 | ---D | M] -- C:\Programmer\Reference Assemblies
[2011-10-16 09:41:55 | 000,000,000 | ---D | M] -- C:\Programmer\SearchCore for Browsers
[2011-07-29 06:25:08 | 000,000,000 | ---D | M] -- C:\Programmer\Secunia
[2011-11-05 10:03:24 | 000,000,000 | ---D | M] -- C:\Programmer\SpywareBlaster
[2011-11-05 22:34:19 | 000,000,000 | ---D | M] -- C:\Programmer\Trend Micro
[2011-07-01 11:44:18 | 000,000,000 | -H-D | M] -- C:\Programmer\Uninstall Information
[2011-07-13 21:05:10 | 000,000,000 | ---D | M] -- C:\Programmer\VideoLAN
[2011-09-30 11:32:16 | 000,000,000 | ---D | M] -- C:\Programmer\VS Revo Group
[2011-09-12 17:22:48 | 000,000,000 | ---D | M] -- C:\Programmer\vso
[2011-10-28 23:12:27 | 000,000,000 | ---D | M] -- C:\Programmer\Windows Desktop Search
[2011-10-16 09:40:59 | 000,000,000 | ---D | M] -- C:\Programmer\Windows iLivid Toolbar
[2011-09-20 20:12:57 | 000,000,000 | ---D | M] -- C:\Programmer\Windows Installer Clean Up
[2011-10-06 21:49:43 | 000,000,000 | ---D | M] -- C:\Programmer\Windows Live
[2011-10-06 21:48:49 | 000,000,000 | ---D | M] -- C:\Programmer\Windows Live SkyDrive
[2011-10-20 16:13:30 | 000,000,000 | ---D | M] -- C:\Programmer\Windows Media Connect 2
[2011-10-20 16:15:51 | 000,000,000 | ---D | M] -- C:\Programmer\Windows Media Player
[2011-08-16 19:42:44 | 000,000,000 | ---D | M] -- C:\Programmer\Windows NT
[2011-07-01 10:24:35 | 000,000,000 | -H-D | M] -- C:\Programmer\WindowsUpdate
[2011-07-01 10:27:09 | 000,000,000 | ---D | M] -- C:\Programmer\xerox
[2011-09-10 17:03:11 | 000,000,000 | ---D | M] -- C:\Programmer\YouTube Downloader

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-09 15:05:39

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
Avatar billede f-arn Guru
09. november 2011 - 19:43 #41
Jeg kan se du tidligere har kørt OTL. Fik du nogern hjælp?

Det lader også til du har noget liggende fra Bitdefender?

------

Hent og gem ComboFix på dit skrivebord.

Kør så ComboFix.exe og følg anvisningerne.

Vigtigt--> Da ComboFix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan findes her:  C:\ComboFix.txt
Avatar billede tyfon Nybegynder
09. november 2011 - 20:12 #42
Ja jeg havde kørt otl 2 gange, lidt efter hinanden. Jeg troede jeg havde glemt en indstilling, så derfor gjorde jeg det om igen.
Bitdefender siger mig ikke lige noget, men det er en computer der har en hel del år på bagen, som jeg ikke har haft fra ny, men som jeg har fået, da den anden brændte sammen. Måske er det gamle efterladenskaber som jeg har overtaget.
Jeg kan desværre først afse tid i morgen aften igen til at sætte mig ind i programmet og få den kørt, men tak indtil nu.
Avatar billede f-arn Guru
09. november 2011 - 20:25 #43
Så må du også ha' en Extras.txt. Vil du godt kopiere den herind. Den laver den kun første gang!
Avatar billede tyfon Nybegynder
10. november 2011 - 18:56 #44
Jeg har ledt efter Extras.txt og kan ikke finde den.Jeg har prøvet at genstallere og lave en ny scanning, men den går kun ind med otl.txt.
Skal der være en bestemt markering i rubrikken "Extra Registry"?
Den har stået ved "none".
Avatar billede f-arn Guru
10. november 2011 - 19:23 #45
Skal der være en bestemt markering i rubrikken "Extra Registry"

Det kan gøres på den måde, men la' os lige glemme OTL lidt.

Vil du godt køre ComboFix som beskrevet her.

Den skal ligge på Skrivebordet.

Du skal også flytte OTL derud. Den skal ikke ligge i C:\Documents and Settings\carsten\Dokumenter\Hentede filer\.
Avatar billede tyfon Nybegynder
10. november 2011 - 22:33 #46
Jeg kan slå automatiske opdat. og firewall fra, men ikke bullguards realtime antivirus. Jeg kan ikke flytte punktet til "FRA" Det er ikke nok at nedlukke ikonet på proceslinien. (På nuværende har jeg combofix på skrivebordet, men den kræver bullg. nedlukket.)
Avatar billede f-arn Guru
11. november 2011 - 10:41 #47
Da Bullguard ikke virker rigtigt, bør du afinstatllere den.

1. Hent en ny ComboFix.

2. Afbryd internettet.

3. Afinstaller Bullguard.

4. Kør ComboFix.

5. Geninstaller Bullguard.

6. Aktiver internettet og kopier ComboFix loggen herind.

PS Hvis du ikke kan Afistallerer Bullguard, eller ikke kan geninstalerer den (manglende install fil), så stop og lad mig det vide.
Avatar billede tyfon Nybegynder
11. november 2011 - 17:44 #48
Jeg fulgte de 3 første som gik fint;ved kørsel med combofix stopper den under scanningen og siger windows mangler genoprettelseskonsol, og at jeg skal have den. Kører jeg blot videre stopper den lidt efter og fryser.Så prøvede jeg at installere bullg. igen, da jeg gik på nettet for hente konsolen, men den kan ikke finde stien, og stopper så igen. Jeg kan godt fra-og tilkoble Bullg. nu, og jeg kan også køre dens firewall. Men scanningen stopper, også selvom den er deaktiveret.
Avatar billede f-arn Guru
11. november 2011 - 18:11 #49
Prøv at køre ComboFix i fejlsikret tilstand.

Det ligner en Dansk Windows XP Pro. Er det korrekt?

Har du en Windows installation CD, med den Windows der ligger på PCen?

Grunden til mine spørgsmål er, at vi kan blive nødt til at installere Genoprettelseskonsolen manuelt.
Avatar billede tyfon Nybegynder
11. november 2011 - 21:54 #50
Fejlsikret giver det samme.(Bullg.er slået fra.)
Det er xp pro. Om det er en dansk kan jeg ikke finde noget om, men den har været genstalleret p.g.a. fejlkørsel med comodosystemcleaner, der slettede det hele.
Jeg har ikke cd-en mere.
Avatar billede tyfon Nybegynder
11. november 2011 - 21:56 #51
(Jeg havde forinden kørt en fuld scanning med Bullg. som intet fandt.)
Avatar billede f-arn Guru
12. november 2011 - 05:48 #52
Vil du godt nøjes med at gøre det jeg skriver, for elles kommer vi aldrig videre.

Jeg tror du har installeret Bullguard oven i Zero Acces, så den er nok ikke pålidelig.

Vil du godt køre OTL Igen. Du skal ikke kopire noget ind i "Custom Scans/Fixes"

Kopier OTL.txt herind.
Avatar billede tyfon Nybegynder
12. november 2011 - 08:58 #53
Her er ny log, men jeg har stadig ikke fået "Extras"
OTL logfile created on: 12-11-2011 08:30:38 - Run 5
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Documents and Settings\carsten\Skrivebord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: d-MM-yyyy

1023,36 Mb Total Physical Memory | 505,45 Mb Available Physical Memory | 49,39% Memory free
2,40 Gb Paging File | 2,05 Gb Available in Paging File | 85,24% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 55,89 Gb Total Space | 42,41 Gb Free Space | 75,88% Space Free | Partition Type: NTFS

Computer Name: MYPC | User Name: carsten | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\carsten\Skrivebord\OTL.exe (OldTimer Tools)
PRC - C:\Programmer\BullGuard Ltd\BullGuard Antivirus\BullGuard.exe (BullGuard Ltd.)
PRC - C:\Programmer\BullGuard Ltd\BullGuard Antivirus\BullGuardBhvScanner.exe (BullGuard Ltd.)
PRC - C:\Programmer\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe (BullGuard Ltd.)
PRC - C:\Programmer\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe (BullGuard Ltd.)
PRC - C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programmer\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programmer\Fælles filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programmer\Lavasoft\Ad-Aware\Viprebridge.dll ()
MOD - C:\Programmer\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\Programmer\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
MOD - C:\Programmer\BullGuard Ltd\BullGuard Antivirus\res\dk\BullGuardBhvScannerRes.dll ()
MOD - C:\Programmer\BullGuard Ltd\BullGuard Antivirus\res\dk\BpMainRes.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
MOD - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\PDFShell.DAN ()
MOD - C:\Programmer\BullGuard Ltd\BullGuard Antivirus\GuiPiele.dll ()
MOD - c:\Programmer\BullGuard Ltd\BullGuard Antivirus\SQLite.dll ()
MOD - c:\Programmer\BullGuard Ltd\BullGuard Antivirus\LibXml2.dll ()
MOD - c:\Programmer\BullGuard Ltd\BullGuard Antivirus\zlib1.dll ()
MOD - C:\Programmer\BullGuard Ltd\BullGuard Antivirus\libbz2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) Adgang til brugerstyrede inputenheder (HID) --  File not found
SRV - (BsMain) -- C:\Programmer\BullGuard Ltd\BullGuard Antivirus\BsMain.dll (BullGuard Ltd.)
SRV - (BsBhvScan) -- C:\Programmer\BullGuard Ltd\BullGuard Antivirus\BullGuardBhvScanner.exe (BullGuard Ltd.)
SRV - (BsFileScan) -- C:\Programmer\BullGuard Ltd\BullGuard Antivirus\BsFileScan.dll (BullGuard Ltd.)
SRV - (BsScanner) -- C:\Programmer\BullGuard Ltd\BullGuard Antivirus\BullGuardScanner.exe (BullGuard Ltd.)
SRV - (BsMailProxy) -- C:\Programmer\BullGuard Ltd\BullGuard Antivirus\BsMailProxy\BsMailProxy.dll (BullGuard Ltd.)
SRV - (BsUpdate) -- C:\Programmer\BullGuard Ltd\BullGuard Antivirus\BullGuardUpdate.exe (BullGuard Ltd.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Programmer\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (Secunia PSI Agent) -- C:\Programmer\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programmer\Secunia\PSI\sua.exe (Secunia)
SRV - (Cleaner_Validator) -- C:\Programmer\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe ()
SRV - (MDM) -- C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NovaShieldFilterDriver) -- C:\WINDOWS\system32\drivers\NSKernel.sys (NovaShield, Inc.)
DRV - (NovaShieldTDIDriver) -- C:\WINDOWS\system32\drivers\NSNetmon.sys (NovaShield, Inc.)
DRV - (Trufos) -- C:\WINDOWS\system32\drivers\Trufos.sys (BitDefender S.R.L.)
DRV - (BdSpy) -- C:\WINDOWS\system32\drivers\BdSpy.sys (BullGuard Ltd.)
DRV - (Lavasoft Kernexplorer) -- C:\Programmer\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (appliandMP) -- C:\WINDOWS\system32\drivers\appliand.sys (Applian Technologies Inc.)
DRV - (appliand) -- C:\WINDOWS\system32\drivers\appliand.sys (Applian Technologies Inc.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (MosIrUsb) -- C:\WINDOWS\system32\drivers\MosIrUsb.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-343818398-492894223-1957994488-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.søndagsavisen.dk/
IE - HKU\S-1-5-21-343818398-492894223-1957994488-1004\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKU\S-1-5-21-343818398-492894223-1957994488-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmer\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmer\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programmer\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmer\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: c:\programmer\bullguard ltd\bullguard antivirus\Antiphishing\FF\antiphishing@bullguard\ [2011-11-11 17:04:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2011-10-19 15:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins [2011-10-10 14:09:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Programmer\BullGuard Ltd\BullGuard Antivirus\Spamfilter\TbSpamfilter [2011-11-11 17:04:25 | 000,000,000 | ---D | M]

[2011-08-29 19:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\carsten\Application Data\Mozilla\Extensions
[2011-10-16 10:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\carsten\Application Data\Mozilla\Firefox\Profiles\dq9aq50z.default\extensions
[2011-09-24 12:43:03 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\carsten\Application Data\Mozilla\Firefox\Profiles\dq9aq50z.default\extensions\engine@conduit.com
[2011-08-04 08:30:44 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\carsten\Application Data\Mozilla\Firefox\Profiles\dq9aq50z.default\searchplugins\conduit.xml
[2011-10-16 09:40:49 | 000,002,520 | ---- | M] () -- C:\Documents and Settings\carsten\Application Data\Mozilla\Firefox\Profiles\dq9aq50z.default\searchplugins\SearchResults.xml
[2011-11-06 09:33:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2011-10-09 18:42:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmer\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011-10-21 14:28:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmer\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011-11-11 17:04:53 | 000,000,000 | ---D | M] (BullGuard Safe Browsing) -- C:\PROGRAMMER\BULLGUARD LTD\BULLGUARD ANTIVIRUS\ANTIPHISHING\FF\ANTIPHISHING@BULLGUARD
[2011-10-09 18:41:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMMER\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011-09-29 08:07:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programmer\mozilla firefox\components\browsercomps.dll
[2011-10-03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmer\mozilla firefox\plugins\npdeployJava1.dll
[2011-09-29 02:36:16 | 000,001,525 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\amazon-co-uk.xml
[2011-07-17 08:59:13 | 000,002,287 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\babylon.xml
[2011-09-29 01:48:01 | 000,002,252 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\bing.xml
[2011-10-16 09:40:49 | 000,002,520 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\SearchResults.xml
[2011-09-29 02:36:16 | 000,001,178 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\wikipedia-da.xml

Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Hjælp til tilmelding til Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O2 - BHO: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-492894223-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O4 - HKLM..\Run: [BullGuard] C:\Programmer\BullGuard Ltd\BullGuard Antivirus\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmer\Fælles filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-492894223-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-492894223-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-343818398-492894223-1957994488-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\Programmer\BullGuard Ltd\BullGuard Antivirus\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\BGLsp.dll (BullGuard Ltd.)
O15 - HKU\S-1-5-21-343818398-492894223-1957994488-1004\..Trusted Domains: appliantechnologies.com ([]https in Websteder, du har tillid til)
O15 - HKU\S-1-5-21-343818398-492894223-1957994488-1004\..Trusted Domains: danskebank.dk ([]https in Websteder, du har tillid til)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programmer\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-07-01 10:26:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{82ca3323-dd5b-11e0-8ef6-00080267e7fd}\Shell\Open\command - "" = C:\Programmer\VideoLAN\VLC\vlc.exe -- [2011-07-14 13:21:10 | 000,108,032 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (cnat)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-11-12 08:28:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\carsten\Skrivebord\OTL.exe
[2011-11-12 00:17:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\carsten\Recent
[2011-11-11 21:40:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011-11-11 17:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\BullGuard
[2011-11-11 17:03:45 | 000,000,000 | ---D | C] -- C:\Programmer\Fælles filer\BullGuard Ltd
[2011-11-11 17:03:33 | 000,000,000 | ---D | C] -- C:\Programmer\BullGuard Ltd
[2011-11-11 16:40:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-11-11 16:40:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-11-11 16:40:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-11-11 16:40:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-11-11 16:40:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-11-11 16:27:56 | 004,289,973 | R--- | C] (Swearware) -- C:\Documents and Settings\carsten\Skrivebord\ComboFix.exe
[2011-11-10 22:06:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-11-07 19:20:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\carsten\Menuen Start\Programmer\Administration
[2011-11-05 22:34:19 | 000,000,000 | ---D | C] -- C:\Programmer\Trend Micro
[2011-11-05 16:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Dokumenter\ConvertXToDVD
[2011-11-05 16:06:03 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i8042prt.sys
[2011-11-05 09:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Application Data\Vyepvu
[2011-11-05 09:48:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Application Data\Peiwoc
[2011-11-02 11:45:28 | 000,789,448 | ---- | C] (NovaShield, Inc.) -- C:\WINDOWS\System32\drivers\NSKernel.sys
[2011-11-02 11:45:28 | 000,019,272 | ---- | C] (NovaShield, Inc.) -- C:\WINDOWS\System32\drivers\NSNetmon.sys
[2011-11-02 11:45:12 | 000,304,712 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2011-11-02 11:44:58 | 000,064,608 | ---- | C] (BullGuard Ltd.) -- C:\WINDOWS\System32\drivers\BdSpy.sys
[2011-11-01 21:38:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-10-31 16:06:43 | 000,000,000 | ---D | C] -- C:\e2fcbaac3662a2552c18ec
[2011-10-31 15:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Application Data\f-secure
[2011-10-31 15:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011-10-30 21:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Application Data\Windows Search
[2011-10-30 20:26:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011-10-28 22:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\ApplicationHistory
[2011-10-28 21:09:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2011-10-28 21:09:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2011-10-28 21:09:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2011-10-28 21:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Application Data\Windows Desktop Search
[2011-10-28 21:04:18 | 000,000,000 | ---D | C] -- C:\Programmer\Windows Desktop Search
[2011-10-28 21:04:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011-10-28 21:02:31 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2011-10-28 21:02:30 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2011-10-28 21:02:30 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2011-10-28 20:59:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011-10-28 20:51:10 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2011-10-28 20:37:45 | 000,000,000 | ---D | C] -- C:\Programmer\Microsoft.NET
[2011-10-27 21:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\BullGuard
[2011-10-26 22:04:48 | 000,000,000 | ---D | C] -- C:\Programmer\Fælles filer\Symantec Shared
[2011-10-26 22:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011-10-26 22:04:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2011-10-23 21:41:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\Jaksta_Technologies_Pty_L
[2011-10-21 14:27:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011-10-21 14:27:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011-10-21 14:27:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011-10-20 17:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\K-Lite Codec Pack
[2011-10-20 17:25:08 | 000,000,000 | ---D | C] -- C:\Programmer\K-Lite Codec Pack
[2011-10-20 16:14:06 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011-10-17 14:35:29 | 000,000,000 | ---D | C] -- C:\Swsetup
[2011-10-16 09:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\Ilivid Player
[2011-10-16 09:40:59 | 000,000,000 | ---D | C] -- C:\Programmer\Windows iLivid Toolbar
[2011-10-16 09:40:48 | 000,000,000 | ---D | C] -- C:\Programmer\SearchCore for Browsers
[2011-10-16 09:37:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\carsten\Dokumenter\Videoer
[2011-10-16 09:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\carsten\Application Data\DivX
[2011-10-16 09:29:10 | 000,000,000 | ---D | C] -- C:\Programmer\DivX
[2011-10-16 09:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2011-09-12 17:16:59 | 019,837,950 | ---- | C] (VSO-Software                                                ) -- C:\Programmer\vsoConvertXtoDVD4_setup_4.1.19.365c.exe
[2011-08-18 22:12:04 | 016,937,312 | ---- | C] (Microsoft Corporation) -- C:\Programmer\IE8-WindowsXP-x86-DAN.exe
[2011-07-05 17:03:54 | 013,988,808 | ---- | C] (Mozilla) -- C:\Programmer\Firefox Setup 5.0.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[48 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-11-12 08:28:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\carsten\Skrivebord\OTL.exe
[2011-11-12 08:24:03 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-11-12 08:18:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-11-11 21:36:43 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011-11-11 21:36:43 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-11-11 17:04:55 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\BullGuard Antivirus.lnk
[2011-11-11 16:28:52 | 004,289,973 | R--- | M] (Swearware) -- C:\Documents and Settings\carsten\Skrivebord\ComboFix.exe
[2011-11-11 16:24:13 | 021,693,808 | ---- | M] () -- C:\Documents and Settings\carsten\Skrivebord\BullGuard Antivirus 12 Install.exe
[2011-11-11 16:20:23 | 000,333,960 | ---- | M] () -- C:\Documents and Settings\carsten\Skrivebord\BullGuardDownloaderAV.exe
[2011-11-09 17:04:54 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\carsten\Application Data\vso_ts_preview.xml
[2011-11-08 17:11:31 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-11-08 16:09:06 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011-11-08 15:47:52 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2011-11-08 15:47:37 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011-11-05 20:56:01 | 000,095,608 | ---- | M] () -- C:\Documents and Settings\carsten\Dokumenter\My DVD.XtoDVD
[2011-11-04 22:26:07 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2011-11-04 22:26:06 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2011-11-03 17:58:26 | 000,000,021 | ---- | M] () -- C:\WINDOWS\tpcsd
[2011-11-02 11:45:28 | 000,789,448 | ---- | M] (NovaShield, Inc.) -- C:\WINDOWS\System32\drivers\NSKernel.sys
[2011-11-02 11:45:28 | 000,019,272 | ---- | M] (NovaShield, Inc.) -- C:\WINDOWS\System32\drivers\NSNetmon.sys
[2011-11-02 11:45:12 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2011-11-02 11:44:58 | 000,064,608 | ---- | M] (BullGuard Ltd.) -- C:\WINDOWS\System32\drivers\BdSpy.sys
[2011-11-01 18:27:19 | 000,520,300 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
[2011-11-01 18:27:19 | 000,481,344 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-11-01 18:27:19 | 000,100,438 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
[2011-11-01 18:27:19 | 000,079,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-11-01 16:26:58 | 000,133,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-10-31 17:40:52 | 000,173,502 | ---- | M] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\census.cache
[2011-10-31 17:40:32 | 000,164,156 | ---- | M] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\ars.cache
[2011-10-31 17:25:22 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\housecall.guid.cache
[2011-10-28 22:45:20 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\fusioncache.dat
[2011-10-20 16:22:57 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\carsten\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-10-20 16:18:35 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011-10-20 16:18:34 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011-10-20 16:12:17 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011-10-19 15:07:35 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\carsten\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-10-19 15:07:35 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2011-10-15 08:41:18 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[48 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-11-11 18:06:02 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\carsten\Menuen Start\Programmer\Internet Explorer (2).lnk
[2011-11-11 17:04:55 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\BullGuard Antivirus.lnk
[2011-11-11 16:40:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-11-11 16:40:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-11-11 16:40:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-11-11 16:40:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-11-11 16:40:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-11-11 16:23:44 | 021,693,808 | ---- | C] () -- C:\Documents and Settings\carsten\Skrivebord\BullGuard Antivirus 12 Install.exe
[2011-11-11 16:20:19 | 000,333,960 | ---- | C] () -- C:\Documents and Settings\carsten\Skrivebord\BullGuardDownloaderAV.exe
[2011-11-05 20:55:55 | 000,095,608 | ---- | C] () -- C:\Documents and Settings\carsten\Dokumenter\My DVD.XtoDVD
[2011-11-03 17:58:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\tpcsd
[2011-10-31 17:40:52 | 000,173,502 | ---- | C] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\census.cache
[2011-10-31 17:40:32 | 000,164,156 | ---- | C] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\ars.cache
[2011-10-31 17:25:22 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\housecall.guid.cache
[2011-10-31 17:18:31 | 000,074,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
[2011-10-28 22:45:20 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\fusioncache.dat
[2011-10-28 20:55:44 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011-10-20 17:25:17 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011-10-20 16:13:55 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\carsten\Menuen Start\Programmer\Windows Media Player.lnk
[2011-10-19 15:07:35 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\carsten\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-10-19 15:07:35 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2011-10-19 15:07:34 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Mozilla Firefox.lnk
[2011-10-15 17:53:08 | 000,000,303 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Polar Precision Performance SW.lnk
[2011-09-26 18:02:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2011-09-12 17:24:11 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\carsten\Application Data\vso_ts_preview.xml
[2011-08-29 22:21:39 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\carsten\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-08-14 00:57:43 | 000,019,351 | ---- | C] () -- C:\WINDOWS\cscmondump.bin
[2011-08-14 00:57:27 | 000,196,048 | ---- | C] () -- C:\WINDOWS\CSC_ServiceDump.dat
[2011-08-14 00:57:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
[2011-08-07 07:17:14 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011-08-01 07:03:16 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011-08-01 07:03:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-07-06 14:49:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-07-05 23:05:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-07-05 17:06:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-07-05 16:05:44 | 000,092,296 | ---- | C] () -- C:\Programmer\BullGuardDownloader.exe
[2011-07-01 12:17:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011-07-01 11:58:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-07-01 11:57:02 | 000,133,280 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-07-01 10:30:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-07-01 10:22:19 | 000,022,732 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011-01-19 09:55:54 | 002,992,640 | ---- | C] () -- C:\Programmer\openofficeorg33.msi
[2011-01-19 09:54:20 | 000,475,016 | ---- | C] () -- C:\Programmer\setup.exe
[2011-01-19 09:51:30 | 127,599,615 | ---- | C] () -- C:\Programmer\openofficeorg1.cab
[2011-01-19 09:02:46 | 000,000,290 | ---- | C] () -- C:\Programmer\setup.ini
[2008-05-26 21:23:18 | 000,016,130 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 21:23:16 | 000,021,898 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 21:23:14 | 000,016,012 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008-05-26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008-05-26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008-04-15 04:00:00 | 000,520,300 | ---- | C] () -- C:\WINDOWS\System32\perfh006.dat
[2008-04-15 04:00:00 | 000,481,344 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008-04-15 04:00:00 | 000,100,438 | ---- | C] () -- C:\WINDOWS\System32\perfc006.dat
[2008-04-15 04:00:00 | 000,079,800 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008-04-15 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004-08-26 18:03:16 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004-08-02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004-04-14 13:52:54 | 000,020,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\MosIrUsb.sys
[2003-03-30 19:13:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003-03-30 19:13:06 | 000,249,941 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2001-10-09 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001-10-09 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001-10-09 13:00:00 | 000,284,912 | ---- | C] () -- C:\WINDOWS\System32\perfi006.dat
[2001-10-09 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001-10-09 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001-10-09 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001-10-09 13:00:00 | 000,034,026 | ---- | C] () -- C:\WINDOWS\System32\perfd006.dat
[2001-10-09 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001-10-09 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001-08-07 17:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2001-01-24 00:31:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000-04-14 15:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998-06-11 13:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== LOP Check ==========

[2011-09-26 16:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applian
[2011-10-16 10:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011-11-12 08:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BullGuard
[2011-10-31 15:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011-08-07 07:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011-11-10 19:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-09-12 17:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011-11-02 21:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011-11-10 22:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\BullGuard
[2011-10-31 15:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\f-secure
[2011-09-12 17:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\GetRightToGo
[2011-08-29 21:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\OpenOffice.org
[2011-11-05 23:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\Peiwoc
[2011-09-24 15:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\PriceGong
[2011-10-23 21:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\Replay Media Catcher 4
[2011-08-29 19:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\searchquband
[2011-08-29 15:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\Software Inspection Library
[2011-11-09 17:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\Vso
[2011-11-06 11:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\Vyepvu
[2011-10-28 21:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\Windows Desktop Search
[2011-10-30 21:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\carsten\Application Data\Windows Search
[2011-10-27 21:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\BullGuard
[2011-11-08 15:47:37 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
Avatar billede f-arn Guru
12. november 2011 - 11:19 #54
...men jeg har stadig ikke fået "Extras"

Nej - det får du heller ikke, med de indstillinger jeg har bedt om.

Det ser ikke ud som om Zero Acces er væk  :(

Den Bitdefender jeg nævte tidligere, stammer fra 2/11 2011.

Vil du godt afinstallere Ad-Aware. Den skal du ikke bruge sammen med Bullguard.

------

Hent og installer ERUNT: http://www.derfisch.de/lars/erunt-setup.exe

Start den og lad den lave en Backup af Registreringsdatabasen.

------

Deaktiver Bullguard.

Start OTL

Kopier nedenstånde med fed skrift ind i feltet "Custom Scans/Fixes"


:OTL
SRV - (Cleaner_Validator) -- C:\Programmer\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe ()
DRV - (Trufos) -- C:\WINDOWS\system32\drivers\Trufos.sys (BitDefender S.R.L.)
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O2 - BHO: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found
O3 - HKU\S-1-5-21-343818398-492894223-1957994488-1004\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found

:files
ipconfig /flushdns /c

:Commands
[purity]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[emptytemp]
[Reboot]

Luk alle andre åbne vinduer og klik på "Run Fix"

Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd.

Ellers ligger den her: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log
Avatar billede tyfon Nybegynder
12. november 2011 - 12:58 #55
All processes killed
========== OTL ==========
Service Cleaner_Validator stopped successfully!
Service Cleaner_Validator deleted successfully!
C:\Programmer\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe moved successfully.
Service Trufos stopped successfully!
Service Trufos deleted successfully!
C:\WINDOWS\system32\drivers\Trufos.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-492894223-1957994488-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev tømt.
C:\Documents and Settings\carsten\Skrivebord\cmd.bat deleted successfully.
C:\Documents and Settings\carsten\Skrivebord\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: Administrator

User: All Users

User: carsten
->Flash cache emptied: 1410 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Administrator

User: All Users

User: carsten
->Temp folder emptied: 713 bytes
->Temporary Internet Files folder emptied: 1504381 bytes
->Java cache emptied: 1153986 bytes
->FireFox cache emptied: 40823224 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 32913 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4485197 bytes
%systemroot%\System32 .tmp files removed: 5630976 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 51,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11122011_124713

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Avatar billede f-arn Guru
12. november 2011 - 17:19 #56
Vil du godt prøve DDS igen. Deaktiver Bullguard imens.

Hen den her

eller her

Den laver to logs,(DDS.txt og Attach.txt) gem dem på skrivebordet og kopier indholdet af begge  herind.

PS Det er den samme fil i begge links, men "Efternavnet" er forskelligt. Hvis den første ikke virker, prøv den anden.
Avatar billede tyfon Nybegynder
12. november 2011 - 19:34 #57
Jeg har lige kørt den,med bullg. deaktiveret, den stopper samme sted som tidligere;lidt efter jeg har kørt med cursoren fryser det hele.
Avatar billede f-arn Guru
12. november 2011 - 20:06 #58
Fik du afinstalleret Ad-Avare ?

------

Hent http://download.sysinternals.com/Files/Junction.zip
Pak den ud, og flyt Junction.exe til C:\Windows.

Klik Start -> Kør og kopier dette ind.
cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

Klik OK.

Efter lidt tid vil der åbnes en log.
Kopier den herind.
Avatar billede tyfon Nybegynder
12. november 2011 - 20:34 #59
Ja, jeg fik tidligere afstalleret ad-aware

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: Processen kan ikke få adgang til filen, da den bruges af en anden proces.



Failed to open \\?\c:\\System Volume Information: Adgang nægtet.



Failed to open \\?\c:\\Documents and Settings\Administrator: Adgang nægtet.


...
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\WLSetup\CabLogs\Logs.CAB: Adgang nægtet.



   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
...
   
..\\?\c:\\WINDOWS\$NtUninstallKB18951$\433308426: SYMBOLIC LINK
  Print Name    : c:\windows\system32\config
  Substitute Name: \systemroot\system32\config

.
   
...\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
  Print Name    : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
  Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
  Print Name    : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
  Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e


   
...
   
...
   
...
   
\\?\c:\\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a: JUNCTION
  Print Name    : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492
  Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492

...
   
...
   
...
   
...
   
...
   
...
   
..
Avatar billede f-arn Guru
13. november 2011 - 11:27 #60
Hent http://download.bleepingcomputer.com/farbar/GrantPerms.zip og gem den på dit Skrivebord.

Unzip GrantPerms.exe og kopier følgende ind i GrantPerms.exe.

c:\Documents and Settings\Administrator\
c:\Documents and Settings\All Users\Application Data\Microsoft\WLSetup\CabLogs\Logs.CAB

Klik Unlock. Når den er færdig klikker du på OK

Klik så på List Permissions og kopier resultatet (Perms.txt) herind.
Avatar billede tyfon Nybegynder
15. november 2011 - 16:13 #61
Jeg skriver nu fra en anden pc, da den gamle åbenbart er brudt ned;jeg har ikke kunnet starte den op og har smidt den ud.Den var også omkring 10 år. Har kikket på en ny med windows 7 i stedet.
Men tak for hjælp henad vejen.Sender du svar sender jeg pointene, når jeg kan komme på igen.
Mvh.
Avatar billede f-arn Guru
16. november 2011 - 17:32 #62
Hvad skete der?

Har du, rent fysisk, smidt den ud?
Avatar billede tyfon Nybegynder
17. november 2011 - 14:57 #63
Ja, jeg har tidligere haft en med samme symptom, og fik at vide det ikke kunne betale sig at reparere; det var vist bundkortet. Strømforsyningen fejlede ikke noget.
Avatar billede f-arn Guru
18. november 2011 - 13:27 #64
Det var ærgeligt. Vi kunne ha' prøvet med en CD.
Avatar billede tyfon Nybegynder
18. november 2011 - 13:59 #65
Men den ville ikke engang tænde, så jeg regnede ikke med at der var noget at gøre.
Avatar billede f-arn Guru
18. november 2011 - 15:50 #66
Det har du nok desværre ret i :(
Avatar billede tyfon Nybegynder
25. november 2011 - 14:12 #67
Tak for svar.Jeg sender point engang når du har skrevet.
Avatar billede 220661 Ekspert
21. januar 2012 - 13:10 #68
Er det kun hos mig at dette indlæg fucker helt op???
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Google ser ud til at være malware, lyder advarsel på alle vore mobiler! Af vbr i Virus 9 30/10/202312:12 15/12/202310:17
Jeg får en fejl på Enhedssikkerhed Af pouls i Virus 8 04/06/202321:28 05/06/202316:28
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:30 Finde gentagne Instruktioner i ASSEMBER-lister Af snestrup2000 i Andet software
I går 16:17 Dato opslag Af Klaus W i Excel
I går 15:37 Disable button efter 1. klik Af nemlig i JavaScript
I går 12:42 pc hakker og lagger Af Gabi i Windows
I går 09:22 Slet automatisk indehol i felt så det blivet tomt Af gylling i Excel
White papers
Flere white papers »


Premium
Teaser billede
Microsoft på vej redningskrans til brugere af gammel version af SQL Server
Læs mere »
62 procent af statslige it-projekter med Netcompany er gået over budget: Vil kalde minister i samråd
Så mange af de statslige it-projekter er gået over budget siden 2018: Se hele listen her
Efter kæmpe-nedbrud i april: Statens It vil for første gang bygge testmiljø
Se alle »
Computerworld
Teaser billede
Apotekskæde lukker alle butikker efter "cybersikkerhedshændelse"
Læs mere »
Test: Vi vil altså virkeligt gerne beholde HP's nye pc - men den koster 360.000 kroner
Hypet browser bliver nu lanceret til Windows: Skal blive til et styresystem for internettet
Test: Disse små højttalere til 44.000 kroner per sæt vil blæse dig bagover - både visuelt og lydmæssigt
Se alle »
CIO
Teaser billede
Top-CIO Anne Nørklit færdig hos Tryg: “Jeg vil bruge sommeren på at overveje, hvad fremtiden skal bringe”
Læs mere »
Her er Trygs nye CIO - afløser Anne Nørklit Lønborg
Her er Danmarks fem bedste CIO’er lige nu: Se de fem nominerede til prisen som Årets CIO 2024
Tre måneder efter exit fra Scandiavian Tobacco: Top-CIO Kenneth Messerschmidt har landet nyt job
Se alle »
Job & Karriere
Teaser billede
Her er Danmarks fem bedste CIO’er lige nu: Se de fem nominerede til prisen som Årets CIO 2024
Læs mere »
Knap 40 procent af disse it-folk tjener tjener mindst 57.000 kroner om måneden
Medarbejderne fik udleveret badetøfler ved indflytningen: Kom med inden for i IBM Danmarks nye topmoderne hovedkontor
Så meget tjener dine kollegaer: Her er alle data fra Computerworlds store it-lønstatistik for 2024
Se alle »
White paper
Teaser billede
MDR: Transparent sikkerhed og overvågning i realtid
Læs mere »
Unbreakable - sådan sikrer du dig vedvarende og uafbrudt adgang til dine data
Sæt turbo på din cloudperformance og minimér risikoen for DDoS-angreb
Cybersikkerhed: Skær antallet af alarmer ned fra tusindvis til blot en håndfuld
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »