Spywarefri Forum | Mulig infektion?

1 af 3

Mulig infektion?

[ Ignorer ] Tobinobi
12.06.2012 13:29:40 Antal indlæg: 62	Jeg har igennem en længere periode ikke haft mulighed for at hente filer ned med Internet Explorer 9. Hver gang jeg trykker run, save eller save as downloader den, og efterfølgende skriver den at filen indeholdt en virus og er blevet slettet. En meget irriterende handling, da jeg er 100% sikker på den ikke indeholder en virus hver gang. Dessuden kan den engang imellem være lidt sløv, også mere sløv en hvad der er acceptabelt i forhold til dens “normale” ydeevne. Hvad angår den manglende downlaod plejer jeg bare at hente filen i Opera, så jeg har en symptombehandling på problemet. Men jeg tænker om der kunne været noget andet galt, jeg faldt eksempelvis over en side hvor der stod at det nævnte problem, kunne skyldes en virusinfektion. Jeg vil derfor høre om i kender til problemet, eller evt. kigge om der skulle være tegn på infektion? Jeg kører Win 7 Prof, SP1 med engelsk som sprog. Og har i et halvt år haft ESET smart security installeret. Mvh Rasmus
[ Ignorer ] [ # 1 ] Magic Spyhunter
12.06.2012 14:03:14 Administrator Supporter Emeritus Antal indlæg: 32075	Hej eller evt. kigge om der skulle være tegn på infektion? Klart vi vil…......... Download OTL af Oldtimer, gem den på dit skrivebord: http://oldtimer.geekstogo.com/OTL.exe Luk alle åbne vinduer. Klik på OTL ikonet (for Vista/win7, skal du højreklikke på ikonet og Kør som Administrator) for at starte programmet. Når vinduet vises, under Output i toppen skift til Minimal Output. Marker felterne ud for LOP check og Purity Check. • ICustom Scan boxen, kopierer du nedestående ind netsvcs drivers32 msconfig safebootminimal safebootnetwork activex set /c /md5start iexplore.exe explorer.exe winlogon.exe userinit.exe svchost.exe volsnap.sys wininit.exe sfc.dll /md5stop %SYSTEMDRIVE%\. %SYSTEMDRIVE%\*. %CREATERESTOREPOINT hklm\software\clients\startmenuinternet\|command /rs hklm\software\clients\startmenuinternet\|command /64 /rs HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\|LastSuccessTime /rs Klik så på Quick Scan. • Det vil give to (2) logfiler på skrivebordet, en kaldet OTL.txt, den anden vil blive navngivet Extras.txt. Husk, hvor du har gemt disse 2 filer. Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg. Signatur Sund Computer fornuft
[ Ignorer ] [ # 2 ] Tobinobi
12.06.2012 17:09:22 Antal indlæg: 62	Den giver mig en fejl: List index out of bounds (21) Kan derpå kun trykke OK, og derefter trykke på krydset af programmet og lukke det ned, alt andet giver ikke respons.
[ Ignorer ] [ # 3 ] Tobinobi
13.06.2012 00:17:08 Antal indlæg: 62	Dumt at jeg ikke så der var en nyere post med samme navn. Jeg har lige set at den på trods af fejlen gav mig lidt output: ______________________________________________ OTL logfile created on: 12-06-2012 17:03:11 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Rasmus\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 4,00 Gb Total Physical Memory \| 2,42 Gb Available Physical Memory \| 60,52% Memory free 8,00 Gb Paging File \| 6,48 Gb Available in Paging File \| 81,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 465,75 Gb Total Space \| 299,06 Gb Free Space \| 64,21% Space Free \| Partition Type: NTFS Drive D: \| 232,83 Gb Total Space \| 86,26 Gb Free Space \| 37,05% Space Free \| Partition Type: FAT32 Computer Name: RASMUS-PC \| User Name: Rasmus \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Quick Scan \| Include 64bit Scans Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rasmus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET) PRC - C:\Program Files (x86)\Razer\Lycosa\razertra.exe () PRC - C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Razer\Lycosa\razertra.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (appdrvrem01) Application Driver Auto Removal Service (01)—C:\Windows\SysNative\appdrvrem01.exe (Protection Technology) SRV:64bit: - (ekrn)—C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET) SRV:64bit: - (WinDefend)—C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt)—C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc)—C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate)—C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PnkBstrA)—C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice)—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (GSService)—C:\Windows\SysWOW64\GSService.exe () SRV - (SMServer)—C:\Windows\SysWOW64\snmvtsvc.exe (SMServer) SRV - (nvUpdatusService)—C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service)—C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32)—C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32)—C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec)—C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64)—C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (appdrv01) Application Driver (01)—C:\Windows\SysNative\drivers\appdrv01.sys (Protection Technology) DRV:64bit: - (SndTAudio)—C:\Windows\SysNative\drivers\SndTAudio.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (eamonm)—C:\Windows\SysNative\drivers\eamonm.sys (ESET) DRV:64bit: - (epfw)—C:\Windows\SysNative\drivers\epfw.sys (ESET) DRV:64bit: - (ehdrv)—C:\Windows\SysNative\drivers\ehdrv.sys (ESET) DRV:64bit: - (epfwwfp)—C:\Windows\SysNative\drivers\epfwwfp.sys (ESET) DRV:64bit: - (EpfwLWF)—C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET) DRV:64bit: - (amdsata)—C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata)—C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt)—C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc)—C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD)—C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD)—C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (npf)—C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (amdsbs)—C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2)—C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor)—C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam)—C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (RTL8167)—C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv)—C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv)—C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a)—C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir)—C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM)—C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Lycosa)—C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.) DRV - (WIMMount)—C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC F8 9D 90 5C A2 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {7626B558-6F88-4CF2-8E47-45BC584DF152} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{7626B558-6F88-4CF2-8E47-45BC584DF152}: “URL” = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie;={inputEncoding?}&oe;={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = .local ========== FireFox ========== FF:64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012-02-16 01:59:30 \| 000,000,000 \|—-D \| M] O1 HOSTS File: ([2009-06-10 23:00:26 \| 000,000,824 \|——\| M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (CutePDF Editor Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (CutePDF Editor Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll () O9 - Extra ‘Tools’ menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dll () O9 - Extra Button: Danske Spil Poker - {831FA997-206D-433e-9D9D-9F629D61ECA1} - C:\Users\Rasmus\Desktop\Danske Spil Poker.lnk () O9 - Extra ‘Tools’ menuitem : Danske Spil Poker - {831FA997-206D-433e-9D9D-9F629D61ECA1} - C:\Users\Rasmus\Desktop\Danske Spil Poker.lnk () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.162.153.164 194.239.134.83 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C96AB6F-5E09-4983-83F4-947D4AB2C4A5}: DhcpNameServer = 193.162.153.164 194.239.134.83 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-05-23 13:23:22 \| 000,000,000 \|——\| M] () - C:\AUTOEXEC.BAT—[ NTFS ] O32 - AutoRun File - [2007-07-17 08:50:16 \| 000,000,043 \|——\| M] () - D:\autorun.inf—[ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open]—“%1” %* O35:64bit: - HKLM\..exefile [open]—“%1” %* O35 - HKLM\..comfile [open]—“%1” %* O35 - HKLM\..exefile [open]—“%1” %* O37:64bit: - HKLM\...com [@ = comfile]—“%1” %* O37:64bit: - HKLM\...exe [@ = exefile]—“%1” %* O37 - HKLM\...com [@ = comfile]—“%1” %* O37 - HKLM\...exe [@ = exefile]—“%1” %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - “%ProgramFiles%\Windows Mail\WinMail.exe” OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - “C:\Windows\System32\rundll32.exe” “C:\Windows\System32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - “%ProgramFiles(x86)%\Windows Mail\WinMail.exe” OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - “C:\Windows\SysWOW64\rundll32.exe” “C:\Windows\SysWOW64\iedkcs32.dll”,BrandIEActiveSetup SIGNUP %CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012-06-12 15:30:08 \| 000,596,480 \|——\| C] (OldTimer Tools)—C:\Users\Rasmus\Desktop\OTL.exe [2012-06-12 13:21:08 \| 000,000,000 \|—-D \| C]—C:\Users\Rasmus\AppData\Local\CutePDF Writer [2012-06-12 13:20:29 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\GPLGS [2012-06-12 13:19:56 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF [2012-06-12 13:19:54 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Acro Software [2012-06-12 13:19:24 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Ask.com [2012-06-11 20:45:21 \| 000,000,000 \|—-D \| C]—C:\Users\Rasmus\Desktop\Bryllup ========== Files - Modified Within 30 Days ========== [2012-06-12 17:02:10 \| 000,000,932 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012-06-12 17:02:08 \| 000,067,584 \|—S- \| M] ()—C:\Windows\bootstat.dat [2012-06-12 17:02:08 \| 000,000,830 \|——\| M] ()—C:\Windows\tasks\Adobe Flash Player Updater.job [2012-06-12 15:45:00 \| 000,000,928 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012-06-12 15:30:08 \| 000,596,480 \|——\| M] (OldTimer Tools)—C:\Users\Rasmus\Desktop\OTL.exe [2012-06-12 14:22:29 \| 000,022,032 \| -H—\| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-06-12 14:22:29 \| 000,022,032 \| -H—\| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-06-12 13:16:40 \| 000,726,444 \|——\| M] ()—C:\Windows\SysNative\PerfStringBackup.INI [2012-06-12 13:16:40 \| 000,616,032 \|——\| M] ()—C:\Windows\SysNative\perfh009.dat [2012-06-12 13:16:40 \| 000,106,412 \|——\| M] ()—C:\Windows\SysNative\perfc009.dat [2012-06-12 13:10:09 \| 3220,578,304 \| -HS- \| M] ()—C:\hiberfil.sys [2012-06-10 01:12:36 \| 000,283,304 \|——\| M] ()—C:\Windows\SysWow64\PnkBstrB.xtr [2012-06-10 01:12:36 \| 000,283,304 \|——\| M] ()—C:\Windows\SysWow64\PnkBstrB.exe [2012-06-10 01:12:16 \| 000,280,904 \|——\| M] ()—C:\Windows\SysWow64\PnkBstrB.ex0 [2012-05-13 23:08:31 \| 000,734,578 \|——\| M] ()—C:\Users\Rasmus\Desktop\Klassiske pulssekvenser.pdf [2012-05-13 22:30:40 \| 000,433,312 \|——\| M] ()—C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012-06-12 13:19:56 \| 000,086,608 \|——\| C] ()—C:\Windows\SysNative\cpwmon64.dll [2012-05-13 23:08:31 \| 000,734,578 \|——\| C] ()—C:\Users\Rasmus\Desktop\Klassiske pulssekvenser.pdf [2012-04-17 14:23:02 \| 000,005,632 \|——\| C] ()—C:\Users\Rasmus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-11-24 02:38:30 \| 000,464,384 \|——\| C] ()—C:\Windows\SysWow64\GSService.exe [2011-11-14 20:06:12 \| 000,283,304 \|——\| C] ()—C:\Windows\SysWow64\PnkBstrB.exe [2011-11-14 20:06:07 \| 000,076,888 \|——\| C] ()—C:\Windows\SysWow64\PnkBstrA.exe [2011-10-15 01:54:52 \| 000,321,856 \|——\| C] ()—C:\Windows\SysWow64\nvStreaming.exe [2010-07-16 02:45:44 \| 000,053,299 \|——\| C] ()—C:\Windows\SysWow64\pthreadVC.dll ========== LOP Check ========== [2012-02-16 02:02:50 \| 000,000,000 \|—-D \| M]—C:\Users\Rasmus\AppData\Roaming\ESET [2011-11-14 02:25:25 \| 000,000,000 \|—-D \| M]—C:\Users\Rasmus\AppData\Roaming\Opera [2011-11-14 19:28:02 \| 000,000,000 \|—-D \| M]—C:\Users\Rasmus\AppData\Roaming\Origin [2011-11-17 19:07:24 \| 000,000,000 \|—-D \| M]—C:\Users\Rasmus\AppData\Roaming\Pro Cycling Manager 2011 [2012-01-21 00:34:57 \| 000,000,000 \|—-D \| M]—C:\Users\Rasmus\AppData\Roaming\Sony [2012-02-12 14:58:20 \| 000,032,636 \|——\| M] ()—C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < set /c > ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\Rasmus\AppData\Roaming asl.log=Destination=file CommonProgramFiles=C:\Program Files (x86)\Common Files CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files CommonProgramW6432=C:\Program Files\Common Files COMPUTERNAME=RASMUS-PC ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\Rasmus KMP_DUPLICATE_LIB_OK=TRUE LOCALAPPDATA=C:\Users\Rasmus\AppData\Local LOGONSERVER=\\RASMUS-PC NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_ARCHITEW6432=AMD64 PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=170a ProgramData=C:\ProgramData ProgramFiles=C:\Program Files (x86) ProgramFiles(x86)=C:\Program Files (x86) ProgramW6432=C:\Program Files PROMPT=$P$G PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ PUBLIC=C:\Users\Public SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\Rasmus\AppData\Local\Temp TMP=C:\Users\Rasmus\AppData\Local\Temp USERDOMAIN=Rasmus-PC USERNAME=Rasmus USERPROFILE=C:\Users\Rasmus windir=C:\Windows windows_tracing_flags=3 windows_tracing_logfile=C:\BVTBin\Tests\installpackage\csilogfile.log < MD5 for: EXPLORER.EXE > [2011-02-26 07:19:21 \| 002,616,320 \|——\| M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746—C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2008-04-15 14:00:00 \| 001,034,752 \|——\| M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D—C:\Windows.old\Windows\explorer.exe [2008-04-15 14:00:00 \| 001,034,752 \|——\| M] (Microsoft Corporation) MD5=1D9BD1CAA1E4CF63370F201DF742DC7D—C:\Windows.old\Windows\system32\dllcache\explorer.exe [2011-02-25 08:19:30 \| 002,871,808 \|——\| M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3—C:\Windows\explorer.exe [2011-02-25 08:19:30 \| 002,871,808 \|——\| M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3—C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011-02-26 08:14:34 \| 002,871,808 \|——\| M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48—C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010-11-21 05:24:25 \| 002,616,320 \|——\| M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493—C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011-02-25 07:30:54 \| 002,616,320 \|——\| M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E—C:\Windows\SysWOW64\explorer.exe [2011-02-25 07:30:54 \| 002,616,320 \|——\| M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E—C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010-11-21 05:24:11 \| 002,872,320 \|——\| M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24—C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IEXPLORE.EXE > [2010-11-21 05:24:43 \| 000,695,056 \|——\| M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634—C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe [2011-11-14 17:11:14 \| 000,748,336 \|——\| M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639—C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011-11-14 17:11:14 \| 000,748,336 \|——\| M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639—C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe [2009-03-08 14:09:26 \| 000,638,816 \|——\| M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E—C:\Windows.old\Windows\system32\dllcache\iexplore.exe [2010-11-21 05:25:08 \| 000,673,040 \|——\| M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024—C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe [2008-04-15 14:00:00 \| 000,093,184 \|——\| M] (Microsoft Corporation) MD5=C7B06A4ABC2D4DDE7486C207B45CECD9—C:\Windows.old\Windows\ie8\iexplore.exe [2011-11-14 17:11:14 \| 000,754,480 \|——\| M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A—C:\Program Files\Internet Explorer\iexplore.exe [2011-11-14 17:11:14 \| 000,754,480 \|——\| M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A—C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe < MD5 for: SFC.DLL > [2008-04-15 14:00:00 \| 000,005,120 \|——\| M] (Microsoft Corporation) MD5=2EE3F794D81AA928C689E1827EB4B88D—C:\Windows.old\Windows\system32\dllcache\sfc.dll [2008-04-15 14:00:00 \| 000,005,120 \|——\| M] (Microsoft Corporation) MD5=2EE3F794D81AA928C689E1827EB4B88D—C:\Windows.old\Windows\system32\sfc.dll [2009-07-14 03:10:22 \| 000,002,560 \|——\| M] (Microsoft Corporation) MD5=40CAEEE0EAF1B8569F7C8DF6420F2CB9—C:\Windows\SysWOW64\sfc.dll [2009-07-14 03:10:22 \| 000,002,560 \|——\| M] (Microsoft Corporation) MD5=40CAEEE0EAF1B8569F7C8DF6420F2CB9—C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll [2009-07-14 03:33:06 \| 000,003,072 \|——\| M] (Microsoft Corporation) MD5=C6DCD1D11ED6827F05C00773C3E7053C—C:\Windows\SysNative\sfc.dll [2009-07-14 03:33:06 \| 000,003,072 \|——\| M] (Microsoft Corporation) MD5=C6DCD1D11ED6827F05C00773C3E7053C—C:\Windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll < MD5 for: SVCHOST.EXE > [2009-07-14 03:14:41 \| 000,020,992 \|——\| M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866—C:\Windows\SysWOW64\svchost.exe [2009-07-14 03:14:41 \| 000,020,992 \|——\| M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866—C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2008-04-15 14:00:00 \| 000,014,336 \|——\| M] (Microsoft Corporation) MD5=555F8F4CB284FE94059DCACF6074F9EC—C:\Windows.old\Windows\system32\dllcache\svchost.exe [2008-04-15 14:00:00 \| 000,014,336 \|——\| M] (Microsoft Corporation) MD5=555F8F4CB284FE94059DCACF6074F9EC—C:\Windows.old\Windows\system32\svchost.exe [2009-07-14 03:39:46 \| 000,027,136 \|——\| M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D—C:\Windows\SysNative\svchost.exe [2009-07-14 03:39:46 \| 000,027,136 \|——\| M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D—C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010-11-21 05:23:55 \| 000,026,624 \|——\| M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223—C:\Windows\SysWOW64\userinit.exe [2010-11-21 05:23:55 \| 000,026,624 \|——\| M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223—C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2008-04-15 14:00:00 \| 000,026,112 \|——\| M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772—C:\Windows.old\Windows\system32\dllcache\userinit.exe [2008-04-15 14:00:00 \| 000,026,112 \|——\| M] (Microsoft Corporation) MD5=7B3770DB760FBBA068454EAFCAA89772—C:\Windows.old\Windows\system32\userinit.exe [2010-11-21 05:24:28 \| 000,030,720 \|——\| M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53—C:\Windows\SysNative\userinit.exe [2010-11-21 05:24:28 \| 000,030,720 \|——\| M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53—C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: VOLSNAP.SYS > [2010-11-21 05:23:47 \| 000,295,808 \|——\| M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639—C:\Windows\SysNative\drivers\volsnap.sys [2010-11-21 05:23:47 \| 000,295,808 \|——\| M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639—C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys [2010-11-21 05:23:47 \| 000,295,808 \|——\| M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639—C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys [2008-04-15 14:00:00 \| 000,053,504 \|——\| M] (Microsoft Corporation) MD5=69D9E1DE5F897580F8B1D1957528B0B2—C:\Windows.old\Windows\system32\dllcache\volsnap.sys [2008-04-15 14:00:00 \| 000,053,504 \|——\| M] (Microsoft Corporation) MD5=69D9E1DE5F897580F8B1D1957528B0B2—C:\Windows.old\Windows\system32\drivers\volsnap.sys < MD5 for: WININIT.EXE > [2009-07-14 03:39:52 \| 000,129,024 \|——\| M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA—C:\Windows\SysNative\wininit.exe [2009-07-14 03:39:52 \| 000,129,024 \|——\| M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA—C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009-07-14 03:14:45 \| 000,096,256 \|——\| M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665—C:\Windows\SysWOW64\wininit.exe [2009-07-14 03:14:45 \| 000,096,256 \|——\| M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665—C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010-11-21 05:24:29 \| 000,390,656 \|——\| M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457—C:\Windows\SysNative\winlogon.exe [2010-11-21 05:24:29 \| 000,390,656 \|——\| M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457—C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2008-04-15 14:00:00 \| 000,507,904 \|——\| M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B—C:\Windows.old\Windows\system32\dllcache\winlogon.exe [2008-04-15 14:00:00 \| 000,507,904 \|——\| M] (Microsoft Corporation) MD5=E0339362391BF6AC04D1622EF8E3A61B—C:\Windows.old\Windows\system32\winlogon.exe < %SYSTEMDRIVE%\. > [2009-05-23 13:23:22 \| 000,000,000 \|——\| M] ()—C:\AUTOEXEC.BAT [2011-06-26 22:24:33 \| 000,000,211 \| -H—\| M] ()—C:\Boot.BAK [2011-11-14 10:07:59 \| 000,000,355 \| RHS- \| M] ()—C:\Boot.ini.saved [2008-04-15 14:00:00 \| 000,004,952 \| RHS- \| M] ()—C:\Bootfont.bin [2010-11-21 05:23:51 \| 000,383,786 \| RHS- \| M] ()—C:\bootmgr [2011-11-14 10:08:00 \| 000,008,192 \| RHS- \| M] ()—C:\BOOTSECT.BAK [2009-05-23 13:23:22 \| 000,000,000 \|——\| M] ()—C:\CONFIG.SYS [2012-06-12 13:10:09 \| 3220,578,304 \| -HS- \| M] ()—C:\hiberfil.sys [2009-05-23 13:23:22 \| 000,000,000 \| RHS- \| M] ()—C:\IO.SYS [2006-12-02 00:37:14 \| 000,904,704 \|——\| M] (Microsoft Corporation)—C:\msdia80.dll [2009-05-23 13:23:22 \| 000,000,000 \| RHS- \| M] ()—C:\MSDOS.SYS [2008-04-15 14:00:00 \| 000,047,564 \| RHS- \| M] ()—C:\NTDETECT.COM [2008-04-15 14:00:00 \| 000,250,576 \| RHS- \| M] ()—C:\ntldr [2012-06-12 13:10:10 \| 4294,107,136 \| -HS- \| M] ()—C:\pagefile.sys [2012-01-19 05:46:13 \| 000,010,012 \|——\| M] ()—C:\shared.log < %SYSTEMDRIVE%\*. > [2012-01-19 04:03:41 \| 000,000,000 \| -HSD \| M]—C:\$Recycle.Bin [2009-07-28 10:57:05 \| 000,000,000 \|—-D \| M]—C:\47ca4d7d19abc1af657e0b3db745b31b [2011-11-14 10:07:59 \| 000,000,000 \| -HSD \| M]—C:\Boot [2011-11-20 02:12:03 \| 000,000,000 \|—-D \| M]—C:\Converted [2009-07-14 07:08:56 \| 000,000,000 \| -HSD \| M]—C:\Documents and Settings [2010-11-10 03:30:40 \| 000,000,000 \|—-D \| M]—C:\Downloads [2011-05-30 02:35:05 \| 000,000,000 \|—-D \| M]—C:\Filer [2011-03-29 00:55:30 \| 000,000,000 \| -HSD \| M]—C:\found.000 [2009-05-24 19:40:00 \| 000,000,000 \|—-D \| M]—C:\Intel [2012-04-12 14:12:49 \| 000,000,000 \|—-D \| M]—C:\iTunes [2009-10-20 14:36:53 \| 000,000,000 \| RH-D \| M]—C:\MSOCache [2011-11-14 16:24:40 \| 000,000,000 \|—-D \| M]—C:\NVIDIA [2012-04-12 14:12:26 \| 000,000,000 \| R—D \| M]—C:\Program Files [2012-06-12 13:20:29 \| 000,000,000 \| R—D \| M]—C:\Program Files (x86) [2012-03-27 17:20:28 \| 000,000,000 \| -H-D \| M]—C:\ProgramData [2011-11-14 04:28:59 \| 000,000,000 \| R—D \| M]—C:\Programmer [2012-01-01 05:22:47 \| 000,000,000 \|—-D \| M]—C:\Programs [2011-11-14 01:31:22 \| 000,000,000 \| -HSD \| M]—C:\Recovery [2009-05-24 19:46:21 \| 000,000,000 \| -HSD \| M]—C:\RECYCLER [2011-11-17 19:22:22 \| 000,000,000 \|—-D \| M]—C:\Spil [2012-06-12 17:04:01 \| 000,000,000 \| -HSD \| M]—C:\System Volume Information [2012-05-13 01:22:24 \| 000,000,000 \|—-D \| M]—C:\TDC Play [2012-03-22 15:20:10 \| 000,000,000 \|—-D \| M]—C:\UNI [2011-11-14 16:27:40 \| 000,000,000 \| R—D \| M]—C:\Users [2012-02-16 01:52:46 \| 000,000,000 \|—-D \| M]—C:\Windows [2011-11-14 10:00:35 \| 000,000,000 \|—-D \| M]—C:\Windows.old [2011-11-14 18:02:48 \| 000,000,000 \|—-D \| M]—C:\XP - Spil < hklm\software\clients\startmenuinternet\|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: “C:\Windows\System32\ie4uinit.exe” -show [2011-11-14 17:11:14 \| 000,074,240 \|——\| M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: “C:\Windows\System32\ie4uinit.exe” -reinstall [2011-11-14 17:11:14 \| 000,074,240 \|——\| M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: “C:\Windows\System32\ie4uinit.exe” -hide [2011-11-14 17:11:14 \| 000,074,240 \|——\| M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: “C:\Program Files (x86)\Internet Explorer\iexplore.exe” -extoff [2011-11-14 17:11:14 \| 000,748,336 \|——\| M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011-11-14 17:11:14 \| 000,748,336 \|——\| M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: “C:\Program Files (x86)\Opera\Opera.exe” /ShowIconsCommand [2012-05-20 16:52:42 \| 000,949,104 \|——\| M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: “C:\Program Files (x86)\Opera\Opera.exe” /HideIconsCommand [2012-05-20 16:52:42 \| 000,949,104 \|——\| M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: “C:\Program Files (x86)\Opera\Opera.exe” /ReInstallBrowser [2012-05-20 16:52:42 \| 000,949,104 \|——\| M] (Opera Software) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: “C:\Program Files (x86)\Opera\Opera.exe” [2012-05-20 16:52:42 \| 000,949,104 \|——\| M] (Opera Software) < hklm\software\clients\startmenuinternet\|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: “C:\WINDOWS\SYSTEM32\IE4UINIT.EXE” -SHOW [2011-11-14 17:11:14 \| 000,089,088 \|——\| M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: “C:\WINDOWS\SYSTEM32\IE4UINIT.EXE” -REINSTALL [2011-11-14 17:11:14 \| 000,089,088 \|——\| M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: “C:\WINDOWS\SYSTEM32\IE4UINIT.EXE” -HIDE [2011-11-14 17:11:14 \| 000,089,088 \|——\| M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: “C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE” -EXTOFF [2011-11-14 17:11:14 \| 000,748,336 \|——\| M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011-11-14 17:11:14 \| 000,748,336 \|——\| M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: “C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE” /SHOWICONSCOMMAND [2012-05-20 16:52:42 \| 000,949,104 \|——\| M] (Opera Software) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: “C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE” /HIDEICONSCOMMAND [2012-05-20 16:52:42 \| 000,949,104 \|——\| M] (Opera Software) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: “C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE” /REINSTALLBROWSER [2012-05-20 16:52:42 \| 000,949,104 \|——\| M] (Opera Software) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: “C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE” [2012-05-20 16:52:42 \| 000,949,104 \|——\| M] (Opera Software) < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\|LastSuccessTime /rs > < End of report >
[ Ignorer ] [ # 4 ] Magic Spyhunter
13.06.2012 10:32:43 Administrator Supporter Emeritus Antal indlæg: 32075	• Start OTL • Kopier nedenstånde med fed skrift ind i Custom Scan feltet :OTL :files ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash] [resethosts] [CLEARALLRESTOREPOINTS] • Klik på Run Fix - Knappen • Hvis OTL spørger om at genstarte, så sig ja. • Klik på OK. • En log vil åbne, kopier den herind i dit næste svar, sammen med en combollog. • • Ellers kan den findes her: • C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss Hent Combofix, og gem den på dit skrivebord: Her NB -> Deaktiver dit antivirus/antispyware program. Da det/de kan ”forstyrre” og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse. Kør så combofix.exe, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt Indholdet af denne fil må du gerne lægge herind. Den kan også findes her - > C: combofix txt Signatur Sund Computer fornuft
[ Ignorer ] [ # 5 ] Tobinobi
13.06.2012 13:58:47 Antal indlæg: 62	Kørte uden problemer. __________________________________________________ All processes killed ========== OTL ========== File rity] not found. File ptytemp] not found. File ptyflash] not found. File sethosts] not found. File EARALLRESTOREPOINTS] not found. OTL by OldTimer - Version 3.2.48.0 log created on 06132012_133701 Files\Folders moved on Reboot… Registry entries deleted on Reboot… __________________________________________________ ComboFix 12-06-13.01 - Rasmus 13-06-2012 13:45:06.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.45.1033.18.4095.2587 [GMT 2:00] Kører fra: c:\users\Rasmus\Desktop\ComboFix.exe AV: ESET Smart Security 5.0 Disabled/Updated {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personlig firewall Enabled {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.0 Disabled/Updated {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll D:\Autorun.inf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . . ———-\Legacy_NPF ———-\Service_npf . . ((((((((((((((((((((((((((((( Filer skabt fra 2012-05-13 til 2012-06-13 ))))))))))))))))))))))))))))))))))) . . 2012-06-13 11:37 . 2012-06-13 11:37 ———— d——-w- C:\_OTL 2012-06-12 12:29 . 2012-05-08 17:02 8955792 ——a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18DA3C52-223D-4C22-9EC7-BA5C707EC916}\mpengine.dll 2012-06-12 11:21 . 2012-06-12 11:21 ———— d——-w- c:\users\Rasmus\AppData\Local\CutePDF Writer 2012-06-12 11:20 . 2012-06-12 11:20 ———— d——-w- c:\program files (x86)\GPLGS 2012-06-12 11:19 . 2012-03-11 12:56 86608 ——a-w- c:\windows\system32\cpwmon64.dll 2012-06-12 11:19 . 2012-06-12 11:19 ———— d——-w- c:\program files (x86)\Acro Software 2012-06-12 11:19 . 2012-06-12 11:19 ———— d——-w- c:\program files (x86)\Ask.com . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-12 23:23 . 2011-11-14 18:17 283304 ——a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-06-12 23:23 . 2011-11-14 18:06 283304 ——a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-06-12 23:22 . 2011-11-14 18:06 280904 ——a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-06-11 20:42 . 2012-04-22 13:32 426184 ——a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-11 20:42 . 2011-11-13 23:33 70344 ——a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-08 14:15 . 2012-04-22 14:15 8744608 ——a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-31 06:05 . 2012-05-12 22:21 5559664 ——a-w- c:\windows\system32\ntoskrnl.exe 2012-03-31 04:39 . 2012-05-12 22:21 3968368 ——a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-12 22:21 3913072 ——a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-31 03:10 . 2012-05-12 22:21 3146240 ——a-w- c:\windows\system32\win32k.sys 2012-03-30 11:35 . 2012-05-12 22:21 1918320 ——a-w- c:\windows\system32\drivers\tcpip.sys 2012-03-17 07:58 . 2012-05-12 22:21 75120 ——a-w- c:\windows\system32\drivers\partmgr.sys . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-06-06 19:33 1519304 ——a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] “{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files (x86)\Ask.com\GenericAskToolbar.dll” [2012-06-06 1519304] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Skype”=“c:\program files (x86)\Skype\Phone\Skype.exe” [2012-02-29 17148552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2011-06-09 254696] “GrooveMonitor”=“c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe” [2009-02-26 30040] “HP Software Update”=“c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe” [2010-03-12 49208] “Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2012-01-03 843712] “Lycosa”=“c:\program files (x86)\Razer\Lycosa\razerhid.exe” [2007-11-20 147456] “APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe” [2012-02-20 59240] “iTunesHelper”=“c:\itunes\iTunesHelper.exe” [2012-03-27 421736] “ApnUpdater”=“c:\program files (x86)\Ask.com\Updater\Updater.exe” [2012-06-06 1564872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”= 5 (0x5) “ConsentPromptBehaviorUser”= 3 (0x3) “EnableUIADesktopToggle”= 0 (0x0) . R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Tjeneste (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 257224] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2011-11-12 464384] R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14 136176] R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe [2011-11-12 244736] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x] S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x] . . —- Andre Services/Drivers i Hukommelsen—- . NewlyCreated - WS2IFSL . Indhold af mappen ‘Planlagte Opgaver’ . 2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 20:42] . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14 14:30] . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14 14:30] . . ————- X64 Entries—————- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “egui”=“c:\program files\ESET\ESET Smart Security\egui.exe” [2011-09-22 4035152] “combofix”=“c:\combofix\CF1875.3XE” [2010-11-21 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “LoadAppInit_DLLs”=0x0 . ———- Yderligere scanning———- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.dk/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = .local IE: E&ksporter; til Microsoft Excel - c:\progra~3\MICROS~1\Office12\EXCEL.EXE/3000 IE: {{831FA997-206D-433e-9D9D-9F629D61ECA1} - c:\users\Rasmus\Desktop\Danske Spil Poker.lnk TCP: DhcpNameServer = 193.162.153.164 194.239.134.83 . - - - - TOMME GENVEJE FJERNET - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe . . . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @=“FlashBroker” “LocalizedString”=”@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] “Enabled”=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @=“Shockwave Flash Object” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx” “ThreadingModel”=“Apartment” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @=“0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @=“ShockwaveFlash.ShockwaveFlash.11” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @=”{D27CDB6B-AE6D-11cf-96B8-444553540000}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @=“ShockwaveFlash.ShockwaveFlash” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @=“Macromedia Flash Factory Object” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx” “ThreadingModel”=“Apartment” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @=“FlashFactory.FlashFactory.1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @=”{D27CDB6B-AE6D-11cf-96B8-444553540000}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @=“FlashFactory.FlashFactory” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @=“IFlashBroker4” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @=”{00020424-0000-0000-C000-000000000046}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}” “Version”=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] “SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ————————————Andre kørende processer———————————— . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Razer\Lycosa\razertra.exe . ************************************************************************* . Gennemført tid: 2012-06-13 13:56:43 - maskinen blev genstartet ComboFix-quarantined-files.txt 2012-06-13 11:56 . Pre-Kørsel: 320.435.433.472 bytes free Post-Kørsel: 324.800.385.024 bytes free . - - End Of File - - E304F2157527C4710110787565D9751E
[ Ignorer ] [ # 6 ] Magic Spyhunter
15.06.2012 17:28:40 Administrator Supporter Emeritus Antal indlæg: 32075	Venligst, giv lige en update ang. hvordan computeren kører nu ? Signatur Sund Computer fornuft
[ Ignorer ] [ # 7 ] Tobinobi
15.06.2012 23:51:54 Antal indlæg: 62	Explorer vil stadig ikke lade mig hente filer. Men har ikke oplevet sløvhed, dog skal det siges jeg heller ikke har følt det som værende ofte før. Vigtigst er bare at få den behandlet hvis den er/var inficiret, sløvheden er ikke et problem. Og Explorers download problemer klarer Opera for mig.
[ Ignorer ] [ # 8 ] Magic Spyhunter
16.06.2012 10:22:58 Administrator Supporter Emeritus Antal indlæg: 32075	Lad os se om den ikke kan komme til at opføre sig ordentligt Kopiér indholdet mellem de bølgede linier ind i et notepad/notesblok-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript. ~~~~~~~~~~~~~~~~~~~~~~~~~~ Snapshot:: Folder:: c:\program files (x86)\Ask.com ClearJavaCache:: ~~~~~~~~~~~~~~~~~~~~~~~~~~ Tag så fat i den CFScript filen med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen, som vist her -> http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Send så en ny combofix log herind. Den kan findes her - C:\combofix Signatur Sund Computer fornuft
[ Ignorer ] [ # 9 ] Tobinobi
17.06.2012 00:25:39 Antal indlæg: 62	Efter en opdatering af Combofix kørte sacanningen problemløst: ComboFix 12-06-15.06 - Rasmus 17-06-2012 0:14.2.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.45.1033.18.4095.2812 [GMT 2:00] Kører fra: c:\users\Rasmus\Desktop\ComboFix.exe Kommandoer benyttet :: c:\users\Rasmus\Desktop\CFScript.txt AV: ESET Smart Security 5.0 Disabled/Updated {77DEAFED-8149-104B-25A1-21771CA47CD1} FW: ESET Personlig firewall Enabled {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} SP: ESET Smart Security 5.0 Disabled/Updated {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Dannede nyt systemgendannelsespunkt . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Ask.com c:\program files (x86)\Ask.com\assets\oobe\b.png c:\program files (x86)\Ask.com\assets\oobe\bl.png c:\program files (x86)\Ask.com\assets\oobe\br.png c:\program files (x86)\Ask.com\assets\oobe\l.png c:\program files (x86)\Ask.com\assets\oobe\pointer.png c:\program files (x86)\Ask.com\assets\oobe\r.png c:\program files (x86)\Ask.com\assets\oobe\t.png c:\program files (x86)\Ask.com\assets\oobe\tl.png c:\program files (x86)\Ask.com\assets\oobe\tr.png c:\program files (x86)\Ask.com\cb_adfb.ico c:\program files (x86)\Ask.com\cobrand.ico c:\program files (x86)\Ask.com\config.xml c:\program files (x86)\Ask.com\favicon.ico c:\program files (x86)\Ask.com\fv_aade.ico c:\program files (x86)\Ask.com\GenericAskToolbar.dll c:\program files (x86)\Ask.com\mupcfg.xml c:\program files (x86)\Ask.com\precache.exe c:\program files (x86)\Ask.com\SaUpdate.exe c:\program files (x86)\Ask.com\Updater\config.xml c:\program files (x86)\Ask.com\Updater\Updater.exe c:\program files (x86)\Ask.com\UpdateTask.exe . . ((((((((((((((((((((((((((((( Filer skabt fra 2012-05-16 til 2012-06-16 ))))))))))))))))))))))))))))))))))) . . 2012-06-16 22:18 . 2012-06-16 22:18 ———— d——-w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-16 22:18 . 2012-06-16 22:18 ———— d——-w- c:\users\Default\AppData\Local\temp 2012-06-15 21:48 . 2012-06-15 21:48 ———— d——-w- c:\windows\Sun 2012-06-15 13:45 . 2012-05-08 17:02 8955792 ——a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EC1863D-4D64-49E2-9D1B-EC63D5416ED8}\mpengine.dll 2012-06-14 09:06 . 2012-05-15 01:32 3146752 ——a-w- c:\windows\system32\win32k.sys 2012-06-13 11:58 . 2012-04-26 05:41 77312 ——a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 11:58 . 2012-04-26 05:41 149504 ——a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 11:58 . 2012-04-26 05:34 9216 ——a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 11:37 . 2012-06-13 11:37 ———— d——-w- C:\_OTL 2012-06-12 11:21 . 2012-06-12 11:21 ———— d——-w- c:\users\Rasmus\AppData\Local\CutePDF Writer 2012-06-12 11:20 . 2012-06-12 11:20 ———— d——-w- c:\program files (x86)\GPLGS 2012-06-12 11:19 . 2012-03-11 12:56 86608 ——a-w- c:\windows\system32\cpwmon64.dll 2012-06-12 11:19 . 2012-06-12 11:19 ———— d——-w- c:\program files (x86)\Acro Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-15 23:04 . 2011-11-14 18:17 283304 ——a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-06-15 23:04 . 2011-11-14 18:06 283304 ——a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-06-15 23:03 . 2011-11-14 18:06 280904 ——a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-06-11 20:42 . 2012-04-22 13:32 426184 ——a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-11 20:42 . 2011-11-13 23:33 70344 ——a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-08 14:15 . 2012-04-22 14:15 8744608 ——a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-30 11:35 . 2012-05-12 22:21 1918320 ——a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Skype”=“c:\program files (x86)\Skype\Phone\Skype.exe” [2012-02-29 17148552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] “SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2011-06-09 254696] “GrooveMonitor”=“c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe” [2009-02-26 30040] “HP Software Update”=“c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe” [2010-03-12 49208] “Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2012-01-03 843712] “Lycosa”=“c:\program files (x86)\Razer\Lycosa\razerhid.exe” [2007-11-20 147456] “APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe” [2012-02-20 59240] “iTunesHelper”=“c:\itunes\iTunesHelper.exe” [2012-03-27 421736] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”= 5 (0x5) “ConsentPromptBehaviorUser”= 3 (0x3) “EnableUIADesktopToggle”= 0 (0x0) . R2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Tjeneste (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 257224] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2011-11-12 464384] R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14 136176] R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe [2011-11-12 244736] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x] S1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [x] . . Indhold af mappen ‘Planlagte Opgaver’ . 2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 20:42] . 2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14 14:30] . 2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-14 14:30] . . ————- X64 Entries—————- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “egui”=“c:\program files\ESET\ESET Smart Security\egui.exe” [2011-09-22 4035152] . ———- Yderligere scanning———- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.dk/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = .local IE: E&ksporter; til Microsoft Excel - c:\progra~3\MICROS~1\Office12\EXCEL.EXE/3000 IE: {{831FA997-206D-433e-9D9D-9F629D61ECA1} - c:\users\Rasmus\Desktop\Danske Spil Poker.lnk TCP: DhcpNameServer = 193.162.153.164 194.239.134.83 . - - - - TOMME GENVEJE FJERNET - - - - . BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe . . . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @=“FlashBroker” “LocalizedString”=”@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] “Enabled”=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @=“Shockwave Flash Object” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx” “ThreadingModel”=“Apartment” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @=“0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @=“ShockwaveFlash.ShockwaveFlash.11” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @=”{D27CDB6B-AE6D-11cf-96B8-444553540000}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @=“ShockwaveFlash.ShockwaveFlash” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @=“Macromedia Flash Factory Object” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx” “ThreadingModel”=“Apartment” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @=“FlashFactory.FlashFactory.1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @=”{D27CDB6B-AE6D-11cf-96B8-444553540000}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @=“FlashFactory.FlashFactory” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @=“IFlashBroker4” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @=”{00020424-0000-0000-C000-000000000046}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}” “Version”=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] “SymbolicLinkValue”=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ————————————Andre kørende processer———————————— . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Razer\Lycosa\razertra.exe . ************************************************************************* . Gennemført tid: 2012-06-17 00:24:33 - maskinen blev genstartet ComboFix-quarantined-files.txt 2012-06-16 22:24 ComboFix2.txt 2012-06-13 11:56 . Pre-Kørsel: 324.802.490.368 bytes free Post-Kørsel: 324.655.263.744 bytes free . - - End Of File - - CA0116B6E246F6BE44E04C1711A446BC
[ Ignorer ] [ # 10 ] Magic Spyhunter
18.06.2012 12:37:58 Administrator Supporter Emeritus Antal indlæg: 32075	Hvordan kører tingene nu ? Signatur Sund Computer fornuft
[ Ignorer ] [ # 11 ] Tobinobi
18.06.2012 23:16:00 Antal indlæg: 62	Stadig problemer med download i Explorer, både hvad angår .exe,docx og .WMA filer. og en række andre filtyper. Alt andet fungerer fint.
[ Ignorer ] [ # 12 ] Tobinobi
18.06.2012 23:25:50 Antal indlæg: 62	Har netop fundet lidt information på: http://www.sevenforums.com/system-security/188630-file-contained-virus-deleted-2.html Sidst i tråden snakker de om Avast, og jeg har neop haft avast installeret, men afinstalleret da jeg købte ESET. De snakker om noget på AVG’s utility site. Skal jeg forsøge at køre det program der bliver nævnt i det første indlæg på side 2? Det skulle vidst klare Avast problemet, hvis det er det der er årsagen?
[ Ignorer ] [ # 13 ] Magic Spyhunter
20.06.2012 16:50:26 Administrator Supporter Emeritus Antal indlæg: 32075	Skal jeg forsøge at køre det program der bliver nævnt i det første indlæg på side Beklager, men jeg er ikke helt klar over - hvilket program ? Signatur Sund Computer fornuft
[ Ignorer ] [ # 14 ] Tobinobi
20.06.2012 23:11:08 Antal indlæg: 62	My bad, det andet indlæg.. # 12 Britton30 skriver: Sorry, I misread that. Run SFC /SCANNOW Command - System File Checker this has been taking care of the Avast issues.
[ Ignorer ] [ # 15 ] Magic Spyhunter
21.06.2012 17:32:27 Administrator Supporter Emeritus Antal indlæg: 32075	Ahh ok. Det lyder som en god idé, her får du en vejledning på Dansk: http://support.microsoft.com/kb/929833/da Signatur Sund Computer fornuft

1 af 3

Næste