HJT Log - Tror der er noget snavs

(1)
Deaktiver systemgendannelse, ved at Højreklikke på "Denne Computer" på skrivebordet -> egenskaber -> Systemgendannelse -> sæt flueben i "Deaktiver systemgendannelse" -> Klik OK.

(2)
Hent http://downloads.stevengould.org/cleanup/CleanUp40.exe
Læs vejledningen til Cleanup her: http://www.bleepingcomputer.com/forums/tutorial93.html

Hent scannereren http://www.spywareinfo.dk/download/mwav.exe.

Hent og udpak Killbox http://www.bleepingcomputer.com/files/spyware/KillBox.zip

Hent http://www.cexx.org/LSPFix.exe.
Hvis du senere ikke kan komme på internettet, skal du køre lspfix.exe, marker "I know what I am doing" og klik på finish.

(3)
Genstart computeren i fejlsikret tilstand (tryk F8 når Windows starter op), og fix følgende linjer med HijackThis:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programmer\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [Windowsz] rwnt.exe
O4 - HKLM\..\Run: [mousepad] C:\\mousepad.exe
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames12.exe
O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\k4pm0e71eh.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2ViYXN0aWFu\command.exe

(4)
Tast CTRL+ALT+DEL, vælg faneblade Processer og find denne fil(er):
command.exe
Højreklik på filen og vælg Afslut.

(5)
Åbn en tilfældig mappe, i menuen skal du klikke på Funktioner -> Mappeindstillinger -> Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler" og ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

søg efter og slet følgende fil(er):
C:\WINDOWS\System32\winamp.exe
C:\keyboard.exe
rwnt.exe
C:\mousepad.exe
C:\gimmygames12.exe
C:\WINDOWS\web\related.htm
C:\WINDOWS\system32\k4pm0e71eh.dll
… og følgende mappe(r):
C:\Programmer\TheSearchAccelerator\
C:\WINDOWS\U2ViYXN0aWFu\

(6)
Kør scanneren mwav.exe, og sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende: All local drives og Scan all files. Tryk på Scan Clean.
Scanningen kan godt nogen tid.

(7)
Kør Cleanup. Gå til option og sæt flueben ved cookies, prefetch, temp og all users. Tryk på “cleanup”.

(8)
Start KillBox, sæt prik i "Delete on reboot", kopier nedenstående filnavn(e) til tekstfeltet i Killbox og klik herefter på den røde knap med det hvide kryds. Gentag det for alle filerne, men sig først ja til at genstarte, når du kommer til den sidste fil. Du skal genstarte i fejlsikret tilstand.

C:\WINDOWS\U2ViYXN0aWFu\command.exe

(9)
Start -> kør -> skriv "cleanmgr" -> Slet Temporary internet files, papirkurv og midlertidige filer. Gentag for alle dine drev.

(10)
Genstart computeren normalt. Lav en ny log med HijackThis, og send den herind.

(11)
Når vi er helt færdige, så husk at aktiver systemgendannelse igen.

Logfile of HijackThis v1.99.1
Scan saved at 15:55:53, on 16-03-2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\FSGUI\fsguiexe.exe
C:\Programmer\Telia\Telias Sakerhetstjanster\backweb\7836882\Program\fspex.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sebastian\Skrivebord\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tweak.dk/forum
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\Telia\Telias Sakerhetstjanster\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programmer\Telia\Telias Sakerhetstjanster\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Programmer\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Xfire.lnk = C:\Programmer\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\g0040adqed0e0.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Telias säkerhetstjänster (BackWeb Plug-in - 7836882) - Unknown owner - C:\PROGRA~1\Telia\TELIAS~1\backweb\7836882\Program\SERVIC~1.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U2ViYXN0aWFu\command.exe (file missing)
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programmer\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programmer\Telia\Telias Sakerhetstjanster\backweb\7836882\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programmer\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

Hent L2mfix.exe fra et af disse steder: http://www.atribune.org/downloads/l2mfix.exe eller http://www.downloads.subratam.org/l2mfix.exe
Dobbeltklik på l2mfix.exe, vælg install og følg instruktionerne. Åben herefter den nye mappe der er dannet på dit Skrivebord (l2mfix). Dobbeltklik på l2mfix.bat og vælg option 1 (Run Find log) ved at taste "1" og "Enter". Din computer bliver nu scannet - efter et par minutter åbnes en tekstfil i Notesblok. Kopier indholdet herind.
NB: Du må ikke køre option 2 eller andre af filerne i l2mfix mappen, før du er blevet bedt om det.

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DateTime]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\h82olif3182.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{2D8E96C0-23AF-8D27-03EE-ECA2A9BB1DBE}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Egenskabsark for multimediefiler"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-scannerstyring"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Sikkerhedsside"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Egenskabsside for OLE-dokumentfil"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmkort"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rm"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Kontrolpanel-udvidelse til sk‘rmpanorering"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security-side"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilitetsside"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Udvidelsen Diskcopy"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Gr‘nsefladeudvidelser til Microsoft Windows-netv‘rksobjekter"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-sk‘rmstyring"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-printerstyring"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Gr‘nsefladeudvidelser til filkomprimering"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Gr‘nsefladeudvidelse til webudskrift"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontekstmenu til kryptering"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Rejsetaske"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal-ikon"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Sikkerhedsside"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Gr‘nsefladeudvidelse til deling"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO-filtype"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto signeringsfiltype"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netv‘rksforbindelser"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netv‘rksforbindelser"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scannere og kameraer"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scannere og kameraer"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scannere og kameraer"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scannere og kameraer"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scannere og kameraer"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell-udvidelser til Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft-dataforbindelse"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Planlagte opgaver"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Proceslinje og menuen Start"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="S›g"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hj‘lp og support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="K›r..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internettet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="V‘rkt›jslinje til Microsoft Internet"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Webs›gning"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Redigeringsboks til adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-oversigtstjeneste"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Oversigt"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Velkomstbillede til Internet Explorer 4-suiten"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internettet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-cachemappe"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Programstyring"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Opt‘lling af installerede programmer"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Udpakning af miniaturer til GDI+-filer"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Dokumentinfo om miniaturehandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Udpakning af HTML-miniaturer"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Guiden Webudgivelse"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestil billedudskrift over World Wide Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objekt til guiden Webudgivelse"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Guiden F† et Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Brugerkonti"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanalfil"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Genvej til kanal"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Mappen Offlinefiler"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Efter &personer..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B66AC48A-492A-4270-975A-CE3C27E80A6B}"=""
"{B24E2A4B-F7B1-4676-9A85-B59EAFB6120F}"=""
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5E2121EE-0300-11D4-8D3B-444553540000}"="Catalyst Context Menu extension"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B66AC48A-492A-4270-975A-CE3C27E80A6B}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{B66AC48A-492A-4270-975A-CE3C27E80A6B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B66AC48A-492A-4270-975A-CE3C27E80A6B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B66AC48A-492A-4270-975A-CE3C27E80A6B}\InprocServer32]
@="C:\\WINDOWS\\system32\\mri.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B24E2A4B-F7B1-4676-9A85-B59EAFB6120F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B24E2A4B-F7B1-4676-9A85-B59EAFB6120F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B24E2A4B-F7B1-4676-9A85-B59EAFB6120F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B24E2A4B-F7B1-4676-9A85-B59EAFB6120F}\InprocServer32]
@="C:\\WINDOWS\\system32\\wqiprop.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
  ati2cqag.dll  Wed 25 Jan 2006  4.10.38  A....        258.048  252,00 K
  ati2dvag.dll  Wed 25 Jan 2006  4.52.48  A....        255.488  249,50 K
  ati2edxx.dll  Wed 25 Jan 2006  4.46.50  A....        41.472    40,50 K
  ati2evxx.dll  Wed 25 Jan 2006  4.46.38  A....        61.440    60,00 K
  ati3duag.dll  Wed 25 Jan 2006  4.36.50  A....      2.604.128    2,48 M
  atiddc.dll    Wed 25 Jan 2006  4.44.58  A....        53.248    52,00 K
  atidemgr.dll  Wed 25 Jan 2006  3.29.40  A....        282.624  276,00 K
  atiiiexx.dll  Wed 25 Jan 2006  4.28.12  A....        307.200  300,00 K
  atikvmag.dll  Wed 25 Jan 2006  4.16.50  A....        151.552  148,00 K
  atioglx1.dll  Wed 25 Jan 2006  4.30.28  A....      6.684.672    6,38 M
  atioglxx.dll  Wed 25 Jan 2006  4.13.54  A....      5.115.904    4,88 M
  atipdlxx.dll  Wed 25 Jan 2006  4.47.18  A....        114.688  112,00 K
  atitvo32.dll  Wed 25 Jan 2006  4.16.08  A....        17.408    17,00 K
  ativvaxx.dll  Wed 25 Jan 2006  4.30.18  A....        860.192  840,03 K
  atmtd.dll      Thu  2 Mar 2006  12.29.40  A....        687.592  671,48 K
  d00mla~1.dll  Sat  4 Mar 2006  16.40.16  ..S.R        233.798  228,32 K
  dn6001~1.dll  Sun 12 Mar 2006  15.17.38  ..S.R        237.204  231,64 K
  e8jmli~1.dll  Wed  8 Mar 2006  15.57.02  ..S.R        233.807  228,32 K
  en8ml1~1.dll  Mon 13 Mar 2006  13.42.52  ..S.R        234.863  229,36 K
  enn6l1~1.dll  Mon 13 Mar 2006  16.40.02  ..S.R        235.333  229,82 K
  enpsl1~1.dll  Mon  6 Mar 2006  0.54.26  ..S.R        234.133  228,64 K
  f22m0c~1.dll  Fri  3 Mar 2006  15.57.10  ..S.R        237.265  231,70 K
  f6j20g~1.dll  Wed 15 Mar 2006  23.56.20  ..S.R        233.898  228,41 K
  fpn003~1.dll  Thu 16 Mar 2006  14.00.52  ..S.R        233.735  228,25 K
  fpnq03~1.dll  Wed 15 Mar 2006  11.41.22  ..S.R        234.235  228,74 K
  gp46l3~1.dll  Mon  6 Mar 2006  17.25.50  ..S.R        234.069  228,58 K
  gp80l3~1.dll  Mon 13 Mar 2006  15.56.38  ..S.R        234.765  229,26 K
  h82oli~1.dll  Thu 16 Mar 2006  15.54.30  ..S.R        235.010  229,50 K
  hr2o05~1.dll  Mon 13 Mar 2006  16.56.58  ..S.R        234.007  228,52 K
  hrj205~1.dll  Thu  9 Mar 2006  17.32.54  ..S.R        233.355  227,88 K
  i2jqlc~1.dll  Tue 14 Mar 2006  10.15.20  ..S.R        235.194  229,68 K
  i4420e~1.dll  Sat 11 Mar 2006  17.03.24  ..S.R        233.370  227,90 K
  ir22l5~1.dll  Sun  5 Mar 2006  14.30.14  ..S.R        233.860  228,38 K
  irn0l5~1.dll  Thu  2 Mar 2006  19.03.38  ..S.R        233.775  228,29 K
  irn2l5~1.dll  Fri  3 Mar 2006  18.29.42  ..S.R        233.875  228,39 K
  irpql5~1.dll  Thu 16 Mar 2006  1.40.54  ..S.R        235.257  229,74 K
  j84o0i~1.dll  Sun  5 Mar 2006  23.53.04  ..S.R        233.422  227,95 K
  jt6407~1.dll  Sat  4 Mar 2006  16.23.24  ..S.R        233.481  228,01 K
  jtlm07~1.dll  Thu  2 Mar 2006  15.37.56  ..S.R        237.280  231,72 K
  jtns07~1.dll  Thu 16 Mar 2006  14.43.44  ..S.R        234.439  228,94 K
  k4080e~1.dll  Mon 13 Mar 2006  15.54.42  ..S.R        234.486  228,99 K
  l2r0lc~1.dll  Thu 16 Mar 2006  1.57.32  ..S.R        234.774  229,27 K
  l4n40e~1.dll  Thu  9 Mar 2006  7.13.42  ..S.R        233.475  228,00 K
  lacmgr10.dll  Sat  4 Mar 2006  16.23.26  ..S.R        237.143  231,58 K
  lap209~1.dll  Sun  5 Mar 2006  14.30.14  ..S.R        237.143  231,58 K
  lv8409~1.dll  Mon  6 Mar 2006  0.37.36  ..S.R        233.492  228,02 K
  lv8609~1.dll  Mon 13 Mar 2006  16.23.40  ..S.R        234.371  228,88 K
  lvjm09~1.dll  Fri 10 Mar 2006  11.16.44  ..S.R        237.262  231,70 K
  m6polg~1.dll  Mon 13 Mar 2006  13.38.14  ..S.R        235.058  229,55 K
  medemui.dll    Wed 15 Mar 2006  23.56.20  ..S.R        233.682  228,20 K
  mzvcirt.dll    Mon 13 Mar 2006  16.23.40  ..S.R        233.682  228,20 K
  n68o0g~1.dll  Wed 15 Mar 2006  17.44.38  ..S.R        234.068  228,58 K
  o066la~1.dll  Mon  6 Mar 2006  0.09.58  ..S.R        234.078  228,59 K
  o2lu0c~1.dll  Tue 14 Mar 2006  15.29.46  ..S.R        234.614  229,11 K
  o4ro0e~1.dll  Thu 16 Mar 2006  12.01.24  ..S.R        234.076  228,59 K
  oemdspif.dll  Wed 25 Jan 2006  4.47.04  A....        77.824    76,00 K
  p8r4li~1.dll  Tue 14 Mar 2006  18.28.32  ..S.R        235.180  229,67 K
  q2ps0c~1.dll  Mon  6 Mar 2006  22.10.50  ..S.R        233.634  228,16 K
  qav.dll        Mon  6 Mar 2006  0.37.36  ..S.R        237.143  231,58 K
  r06u0a~1.dll  Thu 16 Mar 2006  16.42.42  ..S.R        235.970  230,44 K
  r6r60g~1.dll  Tue  7 Mar 2006  17.21.46  ..S.R        233.596  228,12 K
  sirenacm.dll  Tue 24 Jan 2006  19.34.24  A....        118.784  116,00 K
  tkd32.dll      Thu  2 Mar 2006  12.31.12  ..S.R        234.272  228,78 K
  u8ru0i~1.dll  Thu  9 Mar 2006  3.06.08  ..S.R        233.747  228,27 K
  urtfs.dll      Thu 16 Mar 2006  14.00.52  ..S.R        233.682  228,20 K
  vcscript.dll  Thu 16 Mar 2006  12.01.24  ..S.R        233.682  228,20 K
  vza64k.dll    Mon 13 Mar 2006  13.38.14  ..S.R        233.682  228,20 K
  wqiprop.dll    Thu 16 Mar 2006  16.42.42  ..S.R        235.010  229,50 K

68 items found:  68 files (51 H/S), 0 directories.
  Total of file sizes:  29.656.696 bytes    28,28 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Disken i drev C har ikke noget navn.
Diskens serienummer er 0424-3BAB

Indhold af C:\WINDOWS\System32

16-03-2006  16:42          235.010 wqiprop.dll
16-03-2006  16:42          235.970 r06u0aj9edo.dll
16-03-2006  15:54          235.010 h82olif3182.dll
16-03-2006  14:43          234.439 jtns0757e.dll
16-03-2006  14:00          233.682 urtfs.dll
16-03-2006  14:00          233.735 fpn0035me.dll
16-03-2006  12:01          233.682 vcscript.dll
16-03-2006  12:01          234.076 o4ro0e93eh.dll
16-03-2006  01:57          234.774 l2r0lc9m1f.dll
16-03-2006  01:40          235.257 irpql5751.dll
15-03-2006  23:56          233.682 medemui.dll
15-03-2006  23:56          233.898 f6j20g1oe6.dll
15-03-2006  17:44          234.068 n68o0gl3e6q.dll
15-03-2006  11:41          234.235 fpnq0355e.dll
14-03-2006  18:28          235.180 p8r4li9q18.dll
14-03-2006  15:29          234.614 o2lu0c39ef.dll
14-03-2006  10:15          235.194 i2jqlc151f.dll
13-03-2006  16:56          234.007 hr2o05f3e.dll
13-03-2006  16:40          235.333 enn6l15s1.dll
13-03-2006  16:23          233.682 mzvcirt.dll
13-03-2006  16:23          234.371 lv8609lse.dll
13-03-2006  15:56          234.765 gp80l3lm1.dll
13-03-2006  15:54          234.486 k4080edueh080.dll
13-03-2006  13:42          234.863 en8ml1l11.dll
13-03-2006  13:38          233.682 vza64k.dll
13-03-2006  13:38          235.058 m6polg7316.dll
12-03-2006  15:17          237.204 dn6001jme.dll
11-03-2006  17:03          233.370 i4420ehoeh4c0.dll
10-03-2006  11:16          237.262 lvjm0911e.dll
09-03-2006  17:32          233.355 hrj2051oe.dll
09-03-2006  07:13          233.475 l4n40e5qeh.dll
09-03-2006  03:06          233.747 u8ru0i99e8.dll
08-03-2006  15:57          233.807 e8jmli1118.dll
07-03-2006  18:21    <DIR>          dllcache
07-03-2006  17:21          233.596 r6r60g9se6.dll
06-03-2006  22:10          233.634 q2ps0c77ef.dll
06-03-2006  17:25          234.069 gp46l3hs1.dll
06-03-2006  00:54          234.133 enpsl1771.dll
06-03-2006  00:37          237.143 qav.dll
06-03-2006  00:37          233.492 lv8409lqe.dll
06-03-2006  00:09          234.078 o066lajs1do6.dll
05-03-2006  23:53          233.422 j84o0ih3e84.dll
05-03-2006  14:30          237.143 lap2097oe.dll
05-03-2006  14:30          233.860 ir22l5fo1.dll
04-03-2006  16:40          233.798 d00mlad11d0.dll
04-03-2006  16:23          237.143 lacmgr10.dll
04-03-2006  16:23          233.481 jt6407jqe.dll
03-03-2006  18:29          233.875 irn2l55o1.dll
03-03-2006  15:57          237.265 f22m0cf1ef2.dll
02-03-2006  19:03          233.775 irn0l55m1.dll
02-03-2006  15:37          237.280 jtlm0731e.dll
02-03-2006  12:31          234.272 tkd32.dll
02-03-2006  12:30    <DIR>          Microsoft
02-03-2006  12:29          100.352 rwnt.0xe.mwt
              52 fil(er)      12.064.784 byte
              2 mappe(r)  181.715.615.744 byte ledig

Dobbeltklik på l2mfix.bat og vælg option 2 (Run Fix) ved at taste "2" og "Enter". Tryk en vilkårlig knap, og computeren genstarter. Skrivebordet og ikonerne forsvinder et øjeblik (dette er normalt). L2mfix scanner og slutter med at åbne notepad med en log. Kopier denne log sammen med en ny log fra hijackthis herind.