Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Avira meldet ständig Befall mit Tr/atraps.gen2

Avira meldet ständig Befall mit Tr/atraps.gen2


Plagegeister aller Art und deren Bekämpfung: Avira meldet ständig Befall mit Tr/atraps.gen2

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 10.10.2012, 19:23   #1
Johnrambo
 
Avira meldet ständig Befall mit Tr/atraps.gen2 - Standard

Avira meldet ständig Befall mit Tr/atraps.gen2


Hallo
Wie im Titel beschrieben meldete Avira ständig neuen Befall mit TR/ATRAPS.GEN2.

Habe dann Malwarebyes Antiwalmare einmal im schnell-scan-modus laufen lassen, wo 4 viren entdeckt wurden. Dannach nur noch sporadischer Befall. Im Vollscan-modus wurde dann noche ein Virus gefunden. Dannach keine Alarme mehr von Avira.

Ein Schnellscan und ein Vollscan mit Malware danach ohne Fund.

Habe dann auf eure Seite geschaut. Und dann steht immer wieder: Selbst beim ausbleiben der Fehlermeldungen kann der Rechner immer noch befallen sein.

Poste also die von euch geforderten OTL und GMER logs.

TL logfile created on: 09-10-2012 22:54:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Lars\Dokumenter\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,75 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 77,41% Memory free
4,59 Gb Paging File | 4,04 Gb Available in Paging File | 87,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 298,08 Gb Total Space | 217,51 Gb Free Space | 72,97% Space Free | Partition Type: NTFS
Drive D: | 596,16 Gb Total Space | 516,34 Gb Free Space | 86,61% Space Free | Partition Type: NTFS

Computer Name: ANTECE8400 | User Name:johnrambo| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\johnrambo\Dokumenter\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programmer\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programmer\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Programmer\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmer\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmer\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmer\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\Programmer\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programmer\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Programmer\Fælles filer\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmer\GIGABYTE\ET6\GUI.exe ()
PRC - C:\Programmer\WD\WD Anywhere Backup\MemeoBackup.exe (Memeo Inc.)
PRC - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe (Linksys)
PRC - C:\Programmer\Fælles filer\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe (GEMTEKS)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Programmer\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Programmer\Logitech\Video\FxSvr2.exe (Logitech Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Programmer\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359fd69eb60e9844ffd497e92345178c\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Programmer\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programmer\Fælles filer\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programmer\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Programmer\GIGABYTE\ET6\MFCCPU.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\GVTunner.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\Normal.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\OCK.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\work.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\HM.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\SF.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\ycc.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\CIAMIB.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\GUI.exe ()
MOD - C:\WINDOWS\system32\ssp2ml3.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - C:\Programmer\WD\WD Anywhere Backup\sqlite3.dll ()
MOD - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\Security.dll ()
MOD - C:\Programmer\GIGABYTE\ET6\Sound.dll ()
MOD - C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\GEMWEP.DLL ()


========== Services (SafeList) ==========

SRV - (WMP54Gv4SVC) -- C:\Programmer\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe WMP54Gv4.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Programmer\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programmer\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Programmer\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Programmer\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programmer\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Apple Mobile Device) -- C:\Programmer\Fælles filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Fabs) -- C:\Programmer\Fælles filer\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programmer\Fælles filer\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (IDriverT) -- C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SSPORT) -- C:\WINDOWS\system32\Drivers\SSPORT.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (Changer) -- File not found
DRV - (GVTDrv) -- C:\WINDOWS\system32\drivers\GVTDrv.sys ()
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (RT61) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_da
IE - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programmer\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programmer\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Programmer\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmer\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programmer\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programmer\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programmer\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmer\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmer\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Programmer\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmer\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programmer\Mozilla Firefox\components [2012-09-19 17:19:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programmer\Mozilla Firefox\plugins

[2012-09-19 17:20:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lars\Application Data\Mozilla\Extensions
[2012-09-22 20:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnrambo\Application Data\Mozilla\Firefox\Profiles\28s6n179.default\extensions
[2011-03-11 20:41:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\johnrambo\Application Data\Mozilla\Firefox\Profiles\3fm2ldce.default\extensions
[2011-03-11 20:41:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\johnrambo\Application Data\Mozilla\Firefox\Profiles\3fm2ldce.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2012-09-19 17:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programmer\Mozilla Firefox\extensions
[2012-09-06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programmer\mozilla firefox\components\browsercomps.dll
[2012-09-06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012-09-06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\bing.xml
[2012-09-06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\eBay-de.xml
[2012-09-06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\leo_ende_de.xml
[2012-09-06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\wikipedia-de.xml
[2012-09-06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Programmer\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011-03-05 00:14:03 | 000,430,605 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14825 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programmer\Fælles filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE File not found
O4 - HKLM..\Run: [avgnt] C:\Programmer\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EasyTuneVI] C:\Programmer\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [ISUSPM] C:\Programmer\Fælles filer\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [TrayServer] C:\Programmer\MAGIX\Video_deluxe_16_Premium\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004..\Run: [fsm] File not found
O4 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\OpenOffice.org 3.1.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Gemeinsames\Menuen Start\Programmer\Start\OpenOffice.org 3.1.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\OpenOffice.org 3.1.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\WD Anywhere Backup Launcher.lnk = C:\Documents and Settings\Lars\Application Data\Microsoft\Installer\{B9A81070-616D-4E93-BE02-CEE651343204}\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Programmer\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2000478354-1957994488-839522115-1004\..Trusted Domains: danid.dk ([]https in Trusted sites)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.145.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab (e-Safekey)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A09AC428-9126-49A4-ABB0-142D3DF7D1B7}: DhcpNameServer = 10.0.0.1 212.242.40.3 212.242.40.51
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmer\Fælles filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmer\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - No CLSID value found.
O24 - Desktop Components:0 (Min aktuelle startside) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Landskab.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-19 11:09:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3f1bc4c2-d0b7-11df-affb-00241d143f7c}\Shell - "" = AutoRun
O33 - MountPoints2\{3f1bc4c2-d0b7-11df-affb-00241d143f7c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5d1ebb40-ac03-11e1-b3fb-00241d143f7c}\Shell - "" = AutoRun
O33 - MountPoints2\{5d1ebb40-ac03-11e1-b3fb-00241d143f7c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8e3a4274-a8db-11e1-b3e5-00241d143f7c}\Shell - "" = AutoRun
O33 - MountPoints2\{8e3a4274-a8db-11e1-b3e5-00241d143f7c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8e3a4277-a8db-11e1-b3e5-00241d143f7c}\Shell - "" = AutoRun
O33 - MountPoints2\{8e3a4277-a8db-11e1-b3e5-00241d143f7c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fd541bd2-6d63-11de-acbc-00241d143f7c}\Shell - "" = AutoRun
O33 - MountPoints2\{fd541bd2-6d63-11de-acbc-00241d143f7c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-10-09 22:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\Sun
[2012-10-09 22:42:12 | 000,000,000 | ---D | C] -- C:\Programmer\Fælles filer\Java
[2012-10-09 22:41:47 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012-10-09 22:41:47 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-10-09 22:41:42 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012-10-08 21:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Malwarebytes' Anti-Malware
[2012-10-08 21:48:22 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-10-08 21:48:22 | 000,000,000 | ---D | C] -- C:\Programmer\Malwarebytes' Anti-Malware
[2012-09-22 23:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2012-09-19 23:41:07 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-09-19 17:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lars\Dokumenter\Downloads
[2012-09-19 17:19:56 | 000,000,000 | ---D | C] -- C:\Programmer\Mozilla Maintenance Service
[2012-09-19 17:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012-09-19 17:19:54 | 000,000,000 | ---D | C] -- C:\Programmer\Mozilla Firefox
[2011-04-30 18:03:57 | 000,638,816 | ---- | C] (Microsoft Corporation) -- C:\Programmer\iexplore.exe
[2005-12-13 17:12:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\stdole.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-10-09 22:50:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-10-09 22:41:32 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012-10-09 22:41:31 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012-10-09 22:41:31 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012-10-09 22:41:31 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012-10-09 22:41:31 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012-10-09 22:41:31 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012-10-09 22:41:31 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012-10-09 22:38:23 | 000,448,032 | ---- | M] () -- C:\WINDOWS\System32\perfh006.dat
[2012-10-09 22:38:23 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-10-09 22:38:23 | 000,078,430 | ---- | M] () -- C:\WINDOWS\System32\perfc006.dat
[2012-10-09 22:38:23 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-10-09 22:34:45 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2012-10-09 22:34:45 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2012-10-09 22:34:12 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2012-10-09 22:34:12 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\johnrambo\Menuen Start\Programmer\Start\WD Anywhere Backup Launcher.lnk
[2012-10-09 22:34:11 | 000,201,044 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012-10-09 22:34:11 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-10-09 22:34:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-10-09 22:30:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-10-09 22:28:29 | 000,001,719 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Adobe Reader X.lnk
[2012-10-09 22:16:00 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1957994488-839522115-1008UA.job
[2012-10-09 20:16:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-1957994488-839522115-1008Core.job
[2012-10-09 18:50:15 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-10-09 18:50:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-10-08 21:48:25 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\ Malwarebytes Anti-Malware .lnk
[2012-10-08 21:43:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-10-07 10:59:49 | 000,139,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012-10-07 10:59:44 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2012-10-06 22:41:17 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2012-10-06 19:26:46 | 000,000,009 | ---- | M] () -- C:\END
[2012-09-19 17:19:56 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\johnrambo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-09-19 17:19:56 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2012-09-18 23:58:09 | 000,007,633 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\publikationer.odt
[2012-09-18 23:45:38 | 000,017,995 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\motiveret ansøgning lektor.odt
[2012-09-18 21:14:37 | 000,137,885 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\anbefaling.pdf
[2012-09-18 19:33:23 | 000,002,248 | ---- | M] () -- C:\Documents and Settings\johnrambo\Skrivebord\kvittering.pdf
[2012-09-13 20:27:47 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-10-09 22:28:29 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Adobe Reader X.lnk
[2012-10-09 22:28:29 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Adobe Reader X.lnk
[2012-10-08 21:48:25 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\ Malwarebytes Anti-Malware .lnk
[2012-10-07 22:08:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2012-10-06 19:26:38 | 000,000,009 | ---- | C] () -- C:\END
[2012-09-19 23:41:07 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-09-19 17:19:56 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\johnrambo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-09-19 17:19:56 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Mozilla Firefox.lnk
[2012-09-19 17:19:56 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivebord\Mozilla Firefox.lnk
[2012-09-18 23:58:09 | 000,007,633 | ---- | C] () -- C:\Documents and Settings\johnrambo\Skrivebord\publikationer.odt
[2012-09-18 23:40:29 | 000,017,995 | ---- | C] () -- C:\Documents and Settings\johnramboSkrivebord\motiveret ansøgning lektor.odt
[2012-09-18 21:14:37 | 000,137,885 | ---- | C] () -- C:\Documents and Settings\johnrambo\Skrivebord\anbefaling.pdf
[2012-09-18 19:33:23 | 000,002,248 | ---- | C] () -- C:\Documents and Settings\johnrambo\Skrivebord\kvittering.pdf
[2012-08-02 17:46:05 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012-08-02 17:46:01 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012-08-02 17:45:29 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012-02-19 13:01:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011-11-25 22:12:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011-09-11 20:12:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011-09-11 20:12:13 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011-08-11 23:08:06 | 000,000,073 | ---- | C] () -- C:\WINDOWS\PRIVAT~1.INI
[2011-07-02 13:51:24 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Speed.INI
[2011-07-02 12:29:40 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2011-03-09 19:03:20 | 000,031,768 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-03-09 18:26:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011-03-04 15:16:45 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Lars\.recently-used.xbel
[2010-11-04 18:24:37 | 019,657,194 | ---- | C] () -- C:\Programmer\vlc-1.1.4-win32.exe
[2010-10-17 10:46:13 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-03-25 00:35:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\johnrambo\temp.dat
[2009-07-08 15:57:40 | 000,007,775 | ---- | C] () -- C:\Documents and Settings\johnrambo\Application Data\.civclientrc
[2009-06-20 21:38:28 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-08-02 14:20:28 | 000,220,184 | ---- | C] ( ) -- C:\Documents and Settings\johnrambo\Lokale indstillinger\Application Data\Interop.Microsoft.Office.Core.dll

========== ZeroAccess Check ==========

[2009-12-14 23:29:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009-04-29 06:34:54 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009-02-09 12:53:27 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-14 18:05:37 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011-11-25 22:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009-06-19 16:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey
[2009-09-24 18:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IVANOFF
[2010-01-05 22:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010-07-06 17:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2012-05-22 18:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010-05-24 18:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010-05-31 20:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012-05-21 22:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tivola
[2010-05-26 16:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualDecor
[2010-07-06 17:23:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\WD
[2010-02-10 18:13:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{237893C1-591F-47E9-9771-FF1BC748C7F6}
[2010-11-10 12:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009-08-16 10:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012-06-09 16:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\.minecraft
[2011-11-25 22:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Babylon
[2011-11-25 22:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\BabylonToolbar
[2010-12-09 14:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\LEGO Company
[2011-12-04 17:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Minecrafter
[2011-05-15 18:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Octoshape
[2010-03-06 10:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\OpenOffice.org
[2012-10-09 21:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\PriceGong
[2011-05-15 13:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Unity
[2012-04-23 08:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gast\Application Data\BabylonToolbar
[2012-04-23 08:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gast\Application Data\PriceGong
[2011-12-06 11:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemeinsames\Application Data\BabylonToolbar
[2010-04-15 13:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemeinsames\Application Data\Canon
[2010-04-10 11:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gemeinsames\Application Data\OpenOffice.org
[2009-07-08 15:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\.freeciv
[2011-11-26 10:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\BabylonToolbar
[2012-02-02 14:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Canon
[2010-02-10 18:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Cryptomathic
[2010-03-14 23:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\DeepBurner
[2011-01-28 15:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\gtk-2.0
[2010-03-23 18:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\innoPlus
[2010-01-05 22:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\MAGIX
[2012-07-24 04:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\My Games
[2009-06-23 22:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\OpenOffice.org
[2011-03-09 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\Opera
[2012-10-09 22:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\johnrambo\Application Data\PriceGong

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:404800E7

< End of report >

OTL Extras logfile created on: 09-10-2012 22:54:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\johnrambo\Dokumenter\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

2,75 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 77,41% Memory free
4,59 Gb Paging File | 4,04 Gb Available in Paging File | 87,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 298,08 Gb Total Space | 217,51 Gb Free Space | 72,97% Space Free | Partition Type: NTFS
Drive D: | 596,16 Gb Total Space | 516,34 Gb Free Space | 86,61% Space Free | Partition Type: NTFS

Computer Name: ANTECE8400 | User Name:johnrambo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmer\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programmer\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programmer\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{350C9406-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B8.0717.01
"{41779D63-3B63-438A-A137-BE528E505E2F}" = Den Store Danske Encyklopædi
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1009.1
"{47985AEA-2CA2-3344-851E-BA4DC9101C68}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DAN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BADD53C-3A6D-4D22-B8C5-56ACD699C17D}" = Digital Signatur
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.03
"{B69349AE-2D41-3708-8BA4-4DC22645CA04}" = Microsoft .NET Framework 3.5 Language Pack SP1 - dan
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoPlus
"{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142BEFF-D093-46FA-BBD7-79994DB4EE82}" = En Verden med Matematik
"{DFCB15E0-969C-3E74-8654-F5978478E876}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DAN
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 9.20
"adgangforalle.dk 2.1" = adgangforalle.dk 2.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AudibleManager" = AudibleManager
"AudioCon" = AudioCon
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANONBJ_Deinstall_CNMCP3k.DLL" = Canon S820
"CASAnova_is1" = CASAnova Version 3.3
"CCleaner" = CCleaner
"Digital Editions" = Adobe Digital Editions
"Digital Signatur" = Digital Signatur
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Furnish Pro" = Furnish Pro
"ie8" = Windows Internet Explorer 8
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B08.1009.1
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video deluxe 16 Premium D" = MAGIX Video deluxe 16 Premium 9.0.0.54 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - dan" = Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Nykredit Privatbudget" = Nykredit Privatbudget
"Picasa 3" = Picasa 3
"Pixie_is1" = Pixie 1.7.6
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera-driver
"Room328Designer" = Room328Designer
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"UnityWebPlayer" = Unity Web Player (All users)
"VLC media player" = VLC media player 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000478354-1957994488-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08-10-2012 14:26:42 | Computer Name = ANTECE8400 | Source = Application Error | ID = 1000
Description = Fejlagtigt program spywareterminatorupdate.exe, version 3.0.0.39,
fejlagtigt modul torrentdll.dll, version 3.0.0.1, fejlagtig adresse 0x00132780.

[ System Events ]
Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126

Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126

Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126

Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126

Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126

Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126

Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126

Error - 09-10-2012 16:44:07 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126

Error - 09-10-2012 16:44:08 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126

Error - 09-10-2012 16:44:08 | Computer Name = ANTECE8400 | Source = Service Control Manager | ID = 7023
Description = Tjenesten Programadministration blev afbrudt med følgende fejl: %%126


< End of report >


GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-10 06:30:58
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Scsi\nvgts1Port2Path3Target3Lun0 SAMSUNG_ rev.1AG0
Running: 7docgel7.exe; Driver: C:\DOCUME~1\johnrambo\LOKALE~1\Temp\pwdirfow.sys


---- System - GMER 1.0.15 ----

SSDT A29CF72E ZwCreateKey
SSDT A29CF724 ZwCreateThread
SSDT A29CF733 ZwDeleteKey
SSDT A29CF73D ZwDeleteValueKey
SSDT A29CF742 ZwLoadKey
SSDT A29CF710 ZwOpenProcess
SSDT A29CF715 ZwOpenThread
SSDT A29CF74C ZwReplaceKey
SSDT A29CF747 ZwRestoreKey
SSDT A29CF738 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8A57360, 0x32DEFD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Programmer\Mozilla Firefox\firefox.exe[2900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01210C00 C:\Programmer\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programmer\Mozilla Firefox\firefox.exe[2900] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01447B4C C:\Programmer\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programmer\Mozilla Firefox\firefox.exe[2900] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01447B29 C:\Programmer\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programmer\Mozilla Firefox\firefox.exe[2900] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 01213FAC C:\Programmer\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programmer\Mozilla Firefox\firefox.exe[2900] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01447AAA C:\Programmer\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- EOF - GMER 1.0.15 ----


Ups.
Habe gerade bemerkt dass einiges auf dänisch geschrieben ist. Denke aber die wesentlichen Informationen sind auf englisch.
Skrivebord = Schreibtisch
Alter Kieler, wohne jetzt in DK.

Hoffe Ihr könnt mir helfen.

Med venlig hilsen
Johnrambo

 

Themen zu Avira meldet ständig Befall mit Tr/atraps.gen2
7-zip, antivir, avg, avira, bho, bonjour, desktop, error, explorer, firefox, flash player, format, helper, home, logfile, monitor, mozilla, nvidia, opera, plug-in, realtek, registry, rundll, sketchup, software, spyware, viren, virus, windows internet


« Österreiche Polizei-Virus, Ihr Computer wurde gesperrt.... | Computer gesperrt - System der automatischen Informationskontrolle »


Ähnliche Themen: Avira meldet ständig Befall mit Tr/atraps.gen2


  1. Avira meldet TR/Jorik.Totem.vz, TR/ATRAPS.Gen2, T/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (50)
  2. Avira AntiVir meldet Atraps/Gen und Gen2
    Log-Analyse und Auswertung - 09.08.2013 (3)
  3. Avira meldet TR/ZAccess.H , TR/Sirefef.A.37 , TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (2)
  4. AVIRA Echtzeit-Scanner meldet ständig einen TR/ATRAPS.Gen2 Virus
    Log-Analyse und Auswertung - 14.09.2012 (1)
  5. Avira meldet(e) regelmäßig TR/ATRAPS.Gen2 Virus/Trojaner
    Log-Analyse und Auswertung - 07.09.2012 (38)
  6. Avira meldet TR/ATRAPS.Gen, ...Gen2, W32/Patched.UA und TR/Jorik.Totem.vz
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  7. Avira meldet TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.wjr
    Log-Analyse und Auswertung - 01.08.2012 (1)
  8. Avira meldet ganze Zeit TR/ATRAPS.Gen2 fund
    Log-Analyse und Auswertung - 21.07.2012 (2)
  9. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  10. Antivir meldet ständig Probleme mit TR/ATRAPS.Gen2 und TR/Sirefef.AG.35
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (23)
  11. Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35
    Plagegeister aller Art und deren Bekämpfung - 27.06.2012 (14)
  12. Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI
    Log-Analyse und Auswertung - 27.06.2012 (29)
  13. Avira meldet Trojaner: TR/Sirefef.GC.1; TR/Small.FI und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (3)
  14. Avira meldet Trojaner ATRAPS.GEN2 und Sirefef.AG.35
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (27)
  15. Antivir meldet ständig wiederholten Fund von TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  16. Avira findet ständig TR/Atraps.Gen2
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (7)
  17. AVIRA meldet TR/sirefef.J.615 , TR/ATRAPS.Gen2 und TR/Offend.kdv.488489
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Avira meldet ständig Befall mit Tr/atraps.gen2 - Hallo Wie im Titel beschrieben meldete Avira ständig neuen Befall mit TR/ATRAPS.GEN2. Habe dann Malwarebyes Antiwalmare einmal im schnell-scan-modus laufen lassen, wo 4 viren entdeckt wurden. Dannach nur noch sporadischer - Avira meldet ständig Befall mit Tr/atraps.gen2...
Archiv
Du betrachtest: Avira meldet ständig Befall mit Tr/atraps.gen2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129