Is Twunk_32 infected?

[ibenis]

I dont know if this will be any help for you...

I have tried several times to delete infected files, AVG needs a restart to delete.

When i restart the computer an run the scan again, same infected files are found.

Tried also to disable "system recovery", didnt help either.

Scan hele computeren

Mellem prioritet;"47";"0";"47"

Valgte mapper til scanning:;"Scan hele computeren"

Startet:;"13-10-2013, 16:37:30"

Afsluttet:;"13-10-2013, 16:44:50"

Objekter scannet i alt:;"51810"

Bruger, der startede scanningen:;"Iben Michelsen"

Status;"Prioritet";"Navn";"Beskrivelse";"Resultat"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_CREATE -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_DIRECTORY_CONTROL -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\atapi.sys IRP_MJ_POWER -> spnf.sys +0x42880";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_LOCK_CONTROL -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_SECURITY -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"pci.sys, hentet import ntoskrnl.exe IoAttachDeviceToDeviceStack -> spnf.sys +0x695B0";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_FILE_SYSTEM_CONTROL -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_CLEANUP -> spnf.sys +0x41FC8";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_CLEANUP -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_SHUTDOWN -> spnf.sys +0x41FC8";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_POWER -> spnf.sys +0x41FC8";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_DEVICE_CONTROL -> spnf.sys +0x41FC8";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"Indbygget krog ataport.SYS DllUnload -> spnf.sys +0x65300";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_INFORMATION -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_READ -> spnf.sys +0x41FC8";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_PNP -> spnf.sys +0x41FC8";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_INFORMATION -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\atapi.sys IRP_MJ_CREATE -> spnf.sys +0x42880";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\atapi.sys IRP_MJ_PNP -> spnf.sys +0x42880";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_EA -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"atapi.sys, hentet import ataport.SYS AtaPortReadPortBufferUshort -> spnf.sys +0x2E35C";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_VOLUME_INFORMATION -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_SYSTEM_CONTROL -> spnf.sys +0x41FC8";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_READ -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_WRITE -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\atapi.sys IRP_MJ_INTERNAL_DEVICE_CONTROL -> spnf.sys +0x42880";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"pci.sys, hentet import ntoskrnl.exe IoDetachDevice -> spnf.sys +0x6953C";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SHUTDOWN -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"atapi.sys, hentet import ataport.SYS AtaPortWritePortUchar -> spnf.sys +0x2EA24";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\atapi.sys IRP_MJ_DEVICE_CONTROL -> spnf.sys +0x42880";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"atapi.sys, hentet import ataport.SYS AtaPortWritePortBufferUshort -> spnf.sys +0x2EBA0";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_VOLUME_INFORMATION -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_FLUSH_BUFFERS -> spnf.sys +0x41FC8";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_FLUSH_BUFFERS -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_CLOSE -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_QUOTA -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_PNP -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_CREATE -> spnf.sys +0x41FC8";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"atapi.sys, hentet import ataport.SYS AtaPortReadPortUchar -> spnf.sys +0x2E224";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\atapi.sys IRP_MJ_SYSTEM_CONTROL -> spnf.sys +0x42880";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\atapi.sys IRP_MJ_CLOSE -> spnf.sys +0x42880";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_QUERY_EA -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_INTERNAL_DEVICE_CONTROL -> spnf.sys +0x41FC8";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_DEVICE_CONTROL -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_QUOTA -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\system32\drivers\volmgr.sys IRP_MJ_WRITE -> spnf.sys +0x41FC8";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

Inficeret;"Mellem";"IRP-krog, C:\Windows\System32\Drivers\Ntfs.sys IRP_MJ_SET_SECURITY -> spnf.sys +0x41034";"C:\Windows\System32\Drivers\spnf.sys";"Inficeret"

[Maniac]

Please download Malwarebytes Anti-Rootkit from here

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

[ibenis]

Hi there!

I dont get it!!! Took me several hours just to get computer running... Couldnt boot or bootet and froze after very short time...

sometimes trying to relog, but "hang".

Finally manage to run in safe mode and then make the scan - no malware found.

Then manage to get it running in normal mode and do the scan - no malware found.

How come AVG can find 47 infected files? (and not able to delete, look post above)???

Can i have a hardware issue also? And how can i check that?

Thanks for all your help so far.. please continue!

Best regards Iben

[Maniac]

I'm still investigating where the problem comes from.

Malwarebytes' Anti-Rootkit log is clean?

Please manually delete ComboFix, download a new fresh copy and run it again.

[ibenis]

Hi there

Yes Malwarebytes' Anit-Rootkit was clean, no malware found.

ComboFix does not show In remove software list In "uninstall software". How do i uninstall the right way please?

Thank you

Best regards

Iben

[Maniac]

Do not uninstall it, just manually delete ComboFix.exe , download a new fresh copy and run it.

[ibenis]

Ok thanks, Will do so and paste log file when done...

[ibenis]

ComboFix_log

ComboFix 13-10-16.02 - Iben Michelsen 17-10-2013 7:53.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.45.1030.18.4095.1546 [GMT 2:00]

Kører fra: c:\users\Iben Michelsen\Downloads\ComboFix.exe

AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\SET58D2.tmp

c:\windows\SysWow64\SET6514.tmp

c:\windows\TEMP\INS_3a79167b.TMP

D:\autorun.inf

.

.

((((((((((((((((((((((((((((( Filer skabt fra 2013-09-17 til 2013-10-17 )))))))))))))))))))))))))))))))))))

.

.

2013-10-17 06:06 . 2013-10-17 06:06 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2013-10-17 06:06 . 2013-10-17 06:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-10-17 06:06 . 2013-10-17 06:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-10-16 19:27 . 2013-10-16 19:27 -------- d-----w- c:\users\Iben Michelsen\AppData\Local\Apple Computer

2013-10-15 22:49 . 2013-10-15 22:49 -------- d-----w- c:\users\Iben Michelsen\AppData\Roaming\TeamViewer

2013-10-15 15:38 . 2013-10-15 15:39 -------- d-----w- c:\windows\LastGood

2013-10-15 15:14 . 2013-10-15 15:14 -------- d-----w- c:\program files (x86)\TeamViewer

2013-10-14 16:59 . 2013-10-14 16:59 91352 ----a-w- c:\windows\system32\drivers\6A610854.sys

2013-10-14 16:58 . 2013-10-14 16:58 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-10-14 15:41 . 2013-10-14 19:11 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-10-12 08:17 . 2013-10-14 18:48 -------- d-----r- c:\users\Iben Michelsen\Dropbox

2013-10-12 08:08 . 2013-10-15 17:11 -------- d-----w- c:\users\Iben Michelsen\AppData\Roaming\Dropbox

2013-10-10 18:33 . 2013-10-10 18:33 -------- d-----w- c:\users\Iben Michelsen\AppData\Local\Apple

2013-10-10 16:02 . 2013-10-10 16:02 -------- d-----w- c:\programdata\Kaspersky Lab

2013-10-10 16:01 . 2013-10-10 17:26 556632 ----a-w- c:\windows\system32\drivers\8009234drv.sys

2013-10-10 16:01 . 2013-10-10 17:26 460888 ----a-w- c:\windows\system32\drivers\71951647.sys

2013-10-09 17:50 . 2013-10-09 17:50 -------- d-----w- c:\program files (x86)\ESET

2013-10-08 21:08 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll

2013-10-08 21:07 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2013-10-08 21:07 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-08 21:07 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-10-08 21:07 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll

2013-10-08 21:07 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-10-08 21:07 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-10-08 21:07 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-10-08 21:07 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-10-08 21:07 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-10-08 21:07 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-10-08 21:07 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-10-08 15:00 . 2013-10-08 15:00 -------- d-----w- c:\users\Iben Michelsen\AppData\Local\ElevatedDiagnostics

2013-09-25 14:52 . 2013-09-25 14:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2014

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-09 08:58 . 2013-04-12 22:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-09 08:58 . 2013-04-12 22:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-10-08 22:56 . 2013-04-15 01:01 80541720 ----a-w- c:\windows\system32\MRT.exe

2013-09-17 20:22 . 2013-04-11 21:20 61216 ----a-w- c:\windows\system32\OpenCL.dll

2013-09-17 20:22 . 2013-04-11 21:20 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll

2013-09-17 20:22 . 2013-02-25 22:32 15901448 ----a-w- c:\windows\system32\nvwgf2umx.dll

2013-09-17 20:22 . 2013-02-25 22:32 22102304 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2013-09-17 20:22 . 2013-02-25 22:32 12947360 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2013-09-17 20:22 . 2013-02-25 22:32 2630304 ----a-w- c:\windows\SysWow64\nvapi.dll

2013-09-17 20:22 . 2013-02-25 22:32 2986672 ----a-w- c:\windows\system32\nvapi64.dll

2013-09-12 07:25 . 2009-09-27 16:22 6599968 ----a-w- c:\windows\system32\nvcpl.dll

2013-09-12 07:25 . 2009-09-27 16:22 3452192 ----a-w- c:\windows\system32\nvsvc64.dll

2013-09-12 07:25 . 2013-04-11 21:20 63776 ----a-w- c:\windows\system32\nvshext.dll

2013-09-12 07:25 . 2013-04-11 21:20 2559776 ----a-w- c:\windows\system32\nvsvcr.dll

2013-09-12 07:25 . 2009-09-27 16:22 920864 ----a-w- c:\windows\system32\nvvsvc.exe

2013-09-12 07:25 . 2009-09-27 16:22 219424 ----a-w- c:\windows\system32\nvmctray.dll

2013-09-11 23:17 . 2013-09-11 23:17 571168 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2013-08-29 01:48 . 2013-10-08 21:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-08-22 21:25 . 2013-08-22 21:25 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2013-08-22 21:08 . 2013-08-22 21:08 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys

2013-08-22 20:55 . 2013-08-22 20:55 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2013-08-22 20:54 . 2013-08-22 20:54 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2013-08-20 20:53 . 2013-08-20 20:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2013-08-15 15:31 . 2013-04-13 02:16 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-08-07 02:22 . 2013-04-11 21:47 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-08-05 02:25 . 2013-09-10 19:57 155584 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-08-02 02:14 . 2013-09-10 20:02 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-08-02 02:13 . 2013-09-10 20:02 424448 ----a-w- c:\windows\system32\KernelBase.dll

2013-08-02 02:13 . 2013-09-10 20:02 1161216 ----a-w- c:\windows\system32\kernel32.dll

2013-08-02 02:12 . 2013-09-10 20:02 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-08-02 02:12 . 2013-09-10 20:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 6656 ----a-w- c:\windows\system32\apisetschema.dll

2013-08-02 02:12 . 2013-09-10 20:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-08-02 02:12 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-08-02 01:50 . 2013-09-10 20:02 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2013-08-02 01:48 . 2013-09-10 20:02 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-08-02 01:48 . 2013-09-10 20:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2013-08-02 01:48 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2013-08-02 01:09 . 2013-09-10 20:02 338432 ----a-w- c:\windows\system32\conhost.exe

2013-08-02 00:59 . 2013-09-10 20:02 112640 ----a-w- c:\windows\system32\smss.exe

2013-08-02 00:43 . 2013-09-10 20:02 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43 . 2013-09-10 20:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43 . 2013-09-10 20:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43 . 2013-09-10 20:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2013-08-01 14:07 . 2013-08-01 14:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2013-08-01 14:06 . 2013-08-01 14:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys

2013-08-01 14:04 . 2013-08-01 14:04 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2013-07-26 02:24 . 2013-09-10 19:57 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-07-26 02:24 . 2013-09-10 19:57 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-07-25 09:25 . 2013-08-14 14:19 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-25 08:57 . 2013-08-14 14:19 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

.

.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Bemærk* tomme linier & lovlige standard linier vises ikke

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll" [2013-08-07 1561880]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\Iben Michelsen\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\Iben Michelsen\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\Iben Michelsen\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]

"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-04-05 59720]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]

"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-08-26 4851248]

"StereoLinksInstall"="c:\program files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe" [2013-09-11 1063200]

.

c:\users\Iben Michelsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Iben Michelsen\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-10-10 29768376]

Overvåg blækadvarsler - HP Deskjet 1050 J410 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1050 J410 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN0A92P4K305HW;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"Adobe_ID0EYTHM"=c:\progra~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 V0520Vid;Creative Camera VF0520 Driver;c:\windows\system32\DRIVERS\V0520Vid.sys;c:\windows\SYSNATIVE\DRIVERS\V0520Vid.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 71951647;71951647;c:\windows\system32\DRIVERS\71951647.sys;c:\windows\SYSNATIVE\DRIVERS\71951647.sys [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]

S1 8009234drv;8009234drv;c:\windows\system32\DRIVERS\8009234drv.sys;c:\windows\SYSNATIVE\DRIVERS\8009234drv.sys [x]

S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-10-05 12:23 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe

.

Indhold af mappen 'Planlagte Opgaver'

.

2013-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-12 08:58]

.

2013-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 15:01]

.

2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 15:01]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\Iben Michelsen\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\Iben Michelsen\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\Iben Michelsen\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\Iben Michelsen\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Yderligere scanning -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.dk/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: S&end til OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 212.10.10.4 212.10.24.252 212.10.10.5

.

- - - - TOMME GENVEJE FJERNET - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

BHO-{11111111-1111-1111-1111-110411161172} - (no file)

.

.

.

--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Gennemført tid: 2013-10-17 08:10:29

ComboFix-quarantined-files.txt 2013-10-17 06:10

ComboFix2.txt 2013-10-08 14:34

.

Pre-Kørsel: 37.629.214.720 byte ledig

Post-Kørsel: 37.210.509.312 byte ledig

.

- - End Of File - - 1F9EEEFE86EF330CEFA533C964FFBDC8

A36C5E4F47E84449FF07ED3517B43A31

[ibenis]

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.10.17.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16721

Iben Michelsen :: IBENMICHELSEN [administrator]

Protection: Enabled

17-10-2013 16:29:57

MBAM-log-2013-10-17 (16-38-44).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213144

Time elapsed: 8 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

c:\windows\temp\cookies (Backdoor.Agent) -> No action taken.

Files Detected: 20

c:\windows\temp\clientbar.exe (Trojan.Agent) -> No action taken.

c:\windows\temp\minihook.dll (Trojan.Agent) -> No action taken.

c:\windows\temp\windowsnw.exe (Trojan.Agent) -> No action taken.

c:\windows\temp\history\firefox.ex (Backdoor.Zapchast) -> No action taken.

c:\windows\temp\kdata (Malware.Trace) -> No action taken.

c:\windows\temp\history\firefox.exe (Trojan.Downloader) -> No action taken.

c:\windows\temp\managee.exe (Trojan.Agent) -> No action taken.

c:\windows\temp\cookies\venton.exe (Backdoor.Agent) -> No action taken.

c:\windows\temp\temporary\makeout.exe (Trojan.Agent) -> No action taken.

c:\windows\temp\as.exe (Trojan.Agent) -> No action taken.

c:\windows\temp\_ex-68.exe (Trojan.Agent) -> No action taken.

c:\windows\temp\system32.exe (Backdoor.Agent) -> No action taken.

c:\windows\temp\volume.exe (Backdoor.Agent) -> No action taken.

c:\windows\temp\xregist.exe (Trojan.Agent) -> No action taken.

c:\windows\temp\explorer.exe-min (Trojan.Agent) -> No action taken.

c:\windows\temp\internt.exe (Trojan.Agent) -> No action taken.

c:\windows\temp\adobe_update.exe (Trojan.Agent) -> No action taken.

c:\windows\temp\loadqq.exe (Trojan.ChinAd) -> No action taken.

c:\windows\temp\udpmon.txt (Backdoor.Trace) -> No action taken.

c:\windows\temp\ahnlab.exe (Trojan.Banker) -> No action taken.

(end)

[Maniac]

One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

Please read:

• When should I re-format? How should I reinstall?
• Help: I Got Hacked. Now What Do I Do?
• Where to draw the line? When to recommend a format and reinstall?

Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

Please let us know how you would like to proceed.

[ibenis]

Hi there...

I decided to format computer and make a clean install twice... Hope that Will do the job.. Changing passwords aso... If there is anything Else i should do please let me know.

Thank YOU so much for all your help!!!

Best regards

Iben

[Maniac]

Some preventions for your new clean Microsoft Windows:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing, Iben!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!