CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

plerik Nybegynder

17. januar 2007 - 12:15 Der er 14 kommentarer

Trojan Horse "Backdoor.Rustock.B"

Ifølge Norton antivirus har jeg fået "Backdoor.Rustock.B" (McAfee kalder den "Spam-Mailbot.c"), denne Trojanske Horse skulle åbne op for, at man kan blive bombaderet med Spammail og det passer meget godt. Problemet er at fjerne den!!! - Norton Antivirus kan ikke fjerne den, men beskriver hvordan dette gøres, man skal blot starte op på XP cd'en og køre Reparer dernæst køre kommandoen "DISABLE pe386", problemet er bare, at når jeg gør dette så finder kommandoen ikke "pe386" (som skulle være i registreringsdatabasen), og jeg kan heller ikke finde den manuelt i registreringsdatabasen hvor den ifølge Norton skulle ligge. Norton kommer op med at det er filen "C:\windows\system32:lzx32.sys" der er banditten, men heller ikke denne fil kan jeg finde. Jeg har prøvet at køre Panda online scan og McAfee online scan, men ingen af disse finder noget, men når jeg køre disse online scan popper Norton op med en advarsel om "Backdoor.Rustock.B", HJÆLP!!!! - nogen løsninger på problemet.

Synes godt om

bufferzone Praktikant

17. januar 2007 - 12:30 #1

http://vil.nai.com/vil/content/v_140181.htm
All Users:

Manual Removal Instructions

Reboot your system using the Windows Recovery Console
Select R to start the Recovery Console.
At the recovery console command prompt type DISABLE pe386
Type Exit
Rescan the system with latest DATs upon reboot.

Synes godt om

plerik Nybegynder

17. januar 2007 - 13:06 #2

Som nævnt i mit indlæg, så er den metode prøvet uden held, windows recovery kan IKKE finde noget ved navn pe386.

Synes godt om

ejvindh Ekspert

17. januar 2007 - 13:11 #3

Nej, for pe386 er skjult af et rootkit ;-) Prøv dette:

Hent dette værktøj, og gem det på skrivebordet:
http://www.uploads.ejvindh.net/rustbfix.exe

Dobbeltklik på værktøjet. Hvis værktøjet finder en Rustock-infektion, vil du efter kort tid blive bedt om at genstarte computeren. Dette skal du så acceptere. Genstarten vil muligvis tage et godt stykke tid, og måske skal der 2 genstarter til, men dette vil ske helt automatisk. Når genstarten er færdig vil der åbnes 2 logfiler (%root%\avenger.txt & %root%\rustbfix\pelog.txt), som du skal kopiere ind i tråden.

Bagefter er du velkommen til at lægge en Winpfind3-logfil herind. Så skal jeg kigge på den:

Hent Oldtimer's WinPFind3 herfra:
http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe

Dobbeltklik på WinPFind3u, som du hentede, og klik på Extract. Så udpakkes programmet i en særskilt mappe. Gå ind i denne mappe, og dobbeltklik på WinPFind3U.exe. Sæt så flueben og prikker på følgende måde:

Processes: Non-Microsoft
Win32 Services: Non-Microsoft
Driver Services: Non-Microsoft
Registry: Non-Microsoft
Files Created Within: 30 Days, Non-Microsoft Only
Files Modified Within: 30 Days, Non-Microsoft Only
File String Search: Non-Microsoft

Klik herefter på "Run Scan". Efter noget tid vil der dukke en logfil op, som du gerne må paste herind. Muligvis vil loggen være så lang, at den ikke kan være i en enkelt post. Så må du lægge den ind i flere dele.

Synes godt om

ejvindh Ekspert

17. januar 2007 - 13:49 #4

Rettelse: I Recovery-consollen burde den relevante service faktisk godt kunne ses. Problemet med Rustock er imidlertid at den ikke altid hedder PE386. For øjeblikket er der 3 andre kendte navne...

Synes godt om

plerik Nybegynder

17. januar 2007 - 15:15 #5

Tak for svaret, vil prøve dit foreslag.
Ved du e.v.t hvilke andre navne end PE386 der benyttes?

Synes godt om

plerik Nybegynder

17. januar 2007 - 17:25 #6

************************* Rustock.b-fix -- By ejvindh *************************
17-01-2007 17:23:33,50

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
:lzx32.sys 68978
Total size: 68978 bytes.
Attempting to remove ADS...
system32: deleted 68978 bytes in 1 streams.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32

******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32

******************************* End of Logfile ********************************

Synes godt om

plerik Nybegynder

17. januar 2007 - 17:42 #7

WinPFind3 logfile created on: 17-01-2007 17:28:33
WinPFind3U by OldTimer - Version 1.0.10 Folder = C:\Downloads\Temp\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

1047276 Kb Total Physical Memory | 674424 Kb Available Physical Memory | 64,40%

Memory free
2520916 Kb Paging File | 2192508 Kb Available in Paging File | 86,97% Paging File

free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 80027764 Kb Total Space | 47541436 Kb Free Space | 59,41% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe ->

Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date =

23-02-2006 10:41:04 | Attr = ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\apdproxy.exe -> Adobe

Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date =

14-09-2006 07:55:52 | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec

Corporation [Ver = 103.0.7.2 | Size = 59040 bytes | Modified Date = 17-02-2006

10:05:20 | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec

Corporation [Ver = 103.0.7.2 | Size = 198304 bytes | Modified Date = 17-02-2006

10:05:28 | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec

Corporation [Ver = 103.0.7.2 | Size = 181920 bytes | Modified Date = 17-02-2006

10:05:50 | Attr = ]
googletoolbarnotifier.exe ->

%ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.ex

e -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date =

15-10-2006 10:18:16 | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe ->

Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152

bytes | Modified Date = 19-02-2006 01:41:10 | Attr = ]
incd.exe -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 20, 1 |

Size = 1397760 bytes | Modified Date = 25-07-2005 12:01:24 | Attr = ]
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 20,

1 | Size = 876032 bytes | Modified Date = 25-07-2005 12:00:56 | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec

Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 19-10-2005

12:54:14 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8198 |

Size = 131139 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
oodag.exe -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 8.5.1788 | Size =

339456 bytes | Modified Date = 02-06-2006 00:52:58 | Attr = ]
opscan.exe -> %ProgramFiles%\Norton AntiVirus\OPSCAN.EXE -> Symantec Corporation

[Ver = 103.0.3.8 | Size = 71280 bytes | Modified Date = 13-12-2004 15:30:16 |

Attr = ]
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements

5.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified

Date = 14-09-2006 07:56:06 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver =

6.4 | Size = 77824 bytes | Modified Date = 22-02-2006 11:58:50 | Attr = ]
savscan.exe -> %ProgramFiles%\Norton AntiVirus\SAVSCAN.EXE -> Symantec

Corporation [Ver = 9.4.2.1 | Size = 198368 bytes | Modified Date = 07-03-2005

14:59:36 | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog

Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20-09-2002

14:50:10 | Attr = ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog

Devices, Inc. [Ver = 4, 0, 4, 1 | Size = 774144 bytes | Modified Date =

04-04-2003 12:38:52 | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec

Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 05-04-2005

11:17:22 | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe ->

Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date =

21-07-2004 16:24:04 | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe ->

Symantec Corporation [Ver = 1, 8, 54, 419 | Size = 817304 bytes | Modified Date =

05-03-2006 18:08:02 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 |

Size = 75768 bytes | Modified Date = 23-08-2006 22:38:26 | Attr = ]
winnc32.exe -> %ProgramFiles%\WinNc\WinNc32.exe -> Dunes MultiMedia [Ver = 2000 |

Size = 2014720 bytes | Modified Date = 06-09-2005 16:11:30 | Attr = ]
winpfind3u.exe -> %SystemDrive%\Downloads\Temp\WinPFind3u\WinPFind3U.exe ->

Oldtimer Tools [Ver = 1.0.10.0 | Size = 306176 bytes | Modified Date = 12-01-2007

16:20:26 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC

[Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 23-08-2006 22:38:28 |

Attr = ]

[Win32 Services - Non-Microsoft Only]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Stopped] ->

%CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> File not found
(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Win32_Own | Auto |

Running] -> %ProgramFiles%\Adobe\Photoshop Elements

5.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified

Date = 14-09-2006 07:56:06 | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto

| Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec

Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 23-02-2006

10:41:04 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] ->

%CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver =

103.0.7.2 | Size = 198304 bytes | Modified Date = 17-02-2006 10:05:28 | Attr =

]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] ->

%CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver =

103.0.7.2 | Size = 79520 bytes | Modified Date = 17-02-2006 10:05:42 | Attr =

]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] ->

%CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver =

103.0.7.2 | Size = 181920 bytes | Modified Date = 17-02-2006 10:05:50 | Attr =

]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand |

Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver =

2600.0.503.0 | Size = 205312 bytes | Modified Date = 16-09-2002 13:00:00 | Attr =

]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] ->

%ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google

[Ver = 2.0.699.25363.beta | Size = 135608 bytes | Modified Date = 04-12-2006

05:53:56 | Attr = ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] ->

%ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 20, 1 | Size =

876032 bytes | Modified Date = 25-07-2005 12:00:56 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] ->

%ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation

[Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 23-02-2006 10:41:04 |

Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] ->

%ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver =

11.0.16.2 | Size = 177264 bytes | Modified Date = 19-10-2005 12:54:14 | Attr =

]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Disabled |

Stopped] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec

Corporation [Ver = 11.0.16.2 | Size = 46704 bytes | Modified Date = 19-10-2005

12:54:52 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] ->

%System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 131139

bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
(O&O Defrag) O&O Defrag [Win32_Own | Auto | Running] -> %System32%\oodag.exe ->

O&O Software GmbH [Ver = 8.5.1788 | Size = 339456 bytes | Modified Date =

02-06-2006 00:52:58 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Stopped] -> -> File

not found
(SandraDataSrv) Sandra Data Service [Win32_Own | On_Demand | Stopped] ->

%ProgramFiles%\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe ->

SiSoftware [Ver = 10.60.2005.7 | Size = 173040 bytes | Modified Date = 01-07-2005

16:11:52 | Attr = ]
(SandraTheSrv) Sandra Service [Win32_Own | On_Demand | Stopped] ->

%ProgramFiles%\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe ->

SiSoftware [Ver = 10.60.2005.7 | Size = 1053672 bytes | Modified Date =

01-07-2005 16:15:46 | Attr = ]
(SAVScan) SAVScan [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton

AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = 9.4.2.1 | Size = 198368

bytes | Modified Date = 07-03-2005 14:59:36 | Attr = ]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] ->

%CommonProgramFiles%\Symantec Shared\Script Blocking\SBSERV.EXE -> Symantec

Corporation [Ver = 11.0.16.2 | Size = 67184 bytes | Modified Date = 19-10-2005

12:55:00 | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] ->

%CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver =

5.5.1.6 | Size = 206552 bytes | Modified Date = 05-04-2005 11:17:22 | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto |

Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices,

Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20-09-2002 14:50:10

| Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] ->

%CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation

[Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 21-07-2004 16:24:04 |

Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] ->

%CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation

[Ver = 1, 8, 54, 419 | Size = 817304 bytes | Modified Date = 05-03-2006 18:08:02

| Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] ->

%CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> File not found
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] ->

%System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768

bytes | Modified Date = 23-08-2006 22:38:26 | Attr = ]
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] ->

%System32%\spool\drivers\w32x86\3\HPBOID.EXE -> Hewlett-Packard Company [Ver = 1,

0, 46, 0 | Size = 73728 bytes | Modified Date = 16-10-2004 04:31:06 | Attr = ]
(HP Port Resolver) HP Port Resolver [Win32_Own | On_Demand | Stopped] ->

%System32%\spool\drivers\w32x86\3\HPBPRO.EXE -> Hewlett-Packard Company [Ver = 1,

0, 50, 0 | Size = 81920 bytes | Modified Date = 20-05-2005 09:37:12 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aeaudio) aeaudio [Kernel | On_Demand | Running] ->

%System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 3.0.2.29

| Size = 100032 bytes | Modified Date = 26-02-2003 05:01:40 | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(aslm75) aslm75 [Kernel | Auto | Running] -> %System32%\drivers\ASLM75.SYS ->

[Ver = | Size = 6272 bytes | Modified Date = 22-04-1997 09:16:00 | Attr = ]
(ASPI32) ASPI32 [Kernel | System | Running] -> %System32%\drivers\ASPI32.SYS ->

Adaptec [Ver = 4.71 (0002) | Size = 16877 bytes | Modified Date = 17-07-2002

02:53:02 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(DCamUSBEMPIA) USB 2820 Video [Kernel | On_Demand | Running] ->

%System32%\drivers\emDevice.sys -> eMPIA Technology, Inc. [Ver = 1.1.0521.0 |

Size = 112525 bytes | Modified Date = 17-08-2004 11:48:08 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys ->

Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 781184 bytes |

Modified Date = 16-09-2002 13:00:00 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys ->

Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146560 bytes |

Modified Date = 16-09-2002 13:00:00 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys ->

Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes |

Modified Date = 16-09-2002 13:00:00 | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(EL2000) 3Com 3C2000x EtherLink XL Adapter [Kernel | On_Demand | Running] ->

%System32%\drivers\EL2K_XP.sys -> 3Com Corporation [Ver = 1.00.00.0042 built by:

WinDDK | Size = 147328 bytes | Modified Date = 17-04-2003 09:15:22 | Attr = ]
(FiltUSBEMPIA) USB Device Lower Filter [Kernel | On_Demand | Running] ->

%System32%\drivers\emFilter.sys -> Windows (R) Server 2003 DDK provider [Ver =

5.2.3790.0 built by: WinDDK | Size = 19328 bytes | Modified Date = 04-11-2004

22:36:00 | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(InCDFs) InCD File System [File_System | Disabled | Running] ->

%System32%\drivers\InCDfs.sys -> Nero AG [Ver = 4, 3, 20, 1 | Size = 101504 bytes

| Modified Date = 25-07-2005 11:53:28 | Attr = ]
(InCDPass) InCDPass [Kernel | System | Running] ->

%System32%\drivers\InCDpass.sys -> Nero AG [Ver = 4, 3, 20, 1 | Size = 29696

bytes | Modified Date = 25-07-2005 11:53:04 | Attr = ]
(InCDRm) InCD Reader [Kernel | System | Running] -> %System32%\drivers\InCDrm.sys

-> Nero AG [Ver = 4, 3, 20, 1 | Size = 28672 bytes | Modified Date = 25-07-2005

11:53:00 | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MidiSyn) MidiSyn [Kernel | On_Demand | Stopped] ->

%System32%\drivers\MidiSyn.sys -> Analog Devices Inc [Ver = 3, 3, 7, 3 | Size =

235100 bytes | Modified Date = 20-09-2002 03:53:34 | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\NAVENG.SYS -> Symantec Corporation [Ver =

20061.3.0.12 | Size = 80408 bytes | Modified Date = 20-12-2006 10:00:00 | Attr =

]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\NAVEX15.SYS -> Symantec Corporation [Ver =

20061.3.0.12 | Size = 833048 bytes | Modified Date = 20-12-2006 10:00:00 | Attr =

]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys ->

NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 3536768 bytes | Modified Date =

10-12-2005 03:06:00 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] ->

%System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.36 | Size = 47360 bytes

| Modified Date = 14-11-2006 12:41:30 | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] ->

%System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368

bytes | Modified Date = 05-12-2003 11:46:36 | Attr = ]
(Ptilink) Driver til direkte, parallel forbindelse [Kernel | On_Demand | Running]

-> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10

(XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 16-09-2002 13:00:00

| Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys

-> Sonic Solutions [Ver = 3.00.41a | Size = 36560 bytes | Modified Date =

27-09-2006 22:53:24 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Norton

AntiVirus\SAVRT.SYS -> Symantec Corporation [Ver = 9.4.2.1 | Size = 338056 bytes

| Modified Date = 07-03-2005 14:59:44 | Attr = ]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Norton

AntiVirus\SAVRTPEL.SYS -> Symantec Corporation [Ver = 9.4.2.1 | Size = 50312

bytes | Modified Date = 07-03-2005 14:59:50 | Attr = ]
(ScanUSBEMPIA) USB Still Image Capture Device [Kernel | On_Demand | Running] ->

%System32%\drivers\emScan.sys -> eMPIA Technology, Inc. [Ver = 1.1.0812.0 | Size

= 4857 bytes | Modified Date = 12-08-2004 13:35:54 | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys ->

Macrovision Europe Ltd [Ver = 3.18.000 | Size = 12400 bytes | Modified Date =

15-12-2006 18:25:56 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys ->

Analog Devices, Inc. [Ver = 5.12.01.3583 | Size = 555648 bytes | Modified Date =

24-04-2003 15:06:34 | Attr = ]
(SONYPVU1) Sony USB-filterdriver (SONYPVU1) [Kernel | On_Demand | Stopped] ->

%System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0

(XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 17-08-2001 20:56:16

| Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec

Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 1,0,1,47 | Size = 341096

bytes | Modified Date = 21-07-2004 16:24:02 | Attr = ]
(srescan) srescan [Kernel | Boot | Running] -> %System32%\ZoneLabs\srescan.sys ->

Zone Labs, LLC [Ver = 5, 0, 63, 0 | Size = 29680 bytes | Modified Date =

03-08-2006 00:53:32 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %System32%\drivers\symdns.sys

-> Symantec Corporation [Ver = 5.5.1.6 | Size = 11512 bytes | Modified Date =

05-04-2005 11:16:52 | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] ->

%ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.8.1 |

Size = 124016 bytes | Modified Date = 15-09-2006 21:52:12 | Attr = ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %System32%\drivers\symfw.sys ->

Symantec Corporation [Ver = 5.5.1.6 | Size = 173208 bytes | Modified Date =

05-04-2005 11:16:54 | Attr = ]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %System32%\drivers\symids.sys

-> Symantec Corporation [Ver = 5.5.1.6 | Size = 36984 bytes | Modified Date =

05-04-2005 11:16:58 | Attr = ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] ->

%CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\symidsco.sys -> Symantec Corporation

[Ver = 7.1.0.28 | Size = 176760 bytes | Modified Date = 11-11-2006 04:14:00 |

Attr = ]
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %System32%\drivers\symlcbrd.sys

-> Symantec Corporation [Ver = 1, 8, 54, 419 | Size = 4608 bytes | Modified Date

= 05-03-2006 18:08:02 | Attr = ]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] ->

%System32%\drivers\symndis.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size =

47192 bytes | Modified Date = 05-04-2005 11:16:56 | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] ->

%System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size =

17976 bytes | Modified Date = 05-04-2005 11:17:00 | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys ->

Symantec Corporation [Ver = 5.5.1.6 | Size = 267192 bytes | Modified Date =

05-04-2005 11:17:02 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(tcaicchg) tcaicchg [Kernel | Auto | Running] -> %System32%\TCAICCHG.SYS -> 3Com

Corporation [Ver = 4, 4, 0, 1 | Size = 21233 bytes | Modified Date = 06-06-2000

19:08:04 | Attr = ]
(TCAITDI) TCAITDI Protocol [Kernel | Auto | Running] ->

%System32%\drivers\TCAITDI.SYS -> 3Com Corporation [Ver = 2, 0, 0, 9 | Size =

19534 bytes | Modified Date = 04-09-2001 12:22:52 | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(vsdatant) vsdatant [Kernel | System | Running] -> %System32%\vsdatant.sys ->

Zone Labs, LLC [Ver = 6.5.737.000 | Size = 392824 bytes | Modified Date =

23-08-2006 22:38:36 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Elements

5.0\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440

bytes | Modified Date = 14-09-2006 07:55:52 | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation

[Ver = 103.0.7.2 | Size = 59040 bytes | Modified Date = 17-02-2006 10:05:20 |

Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe ->

Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152

bytes | Modified Date = 19-02-2006 01:41:10 | Attr = ]
InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 20, 1 | Size =

1397760 bytes | Modified Date = 25-07-2005 12:01:24 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver =

6.14.10.8198 | Size = 7311360 bytes | Modified Date = 10-12-2005 03:06:00 | Attr

= ]
NvMediaCenter -> %System32%\nvmctray.dll [RunDLL32.exe

NvMCTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size =

86016 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc.

[Ver = 6.4 | Size = 77824 bytes | Modified Date = 22-02-2006 11:58:50 | Attr =

]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices,

Inc. [Ver = 4, 0, 4, 22 | Size = 581632 bytes | Modified Date = 23-04-2003

07:39:08 | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog

Devices, Inc. [Ver = 4, 0, 4, 1 | Size = 774144 bytes | Modified Date =

04-04-2003 12:38:52 | Attr = ]
SSC_UserPrompt -> %CommonProgramFiles%\Symantec Shared\Security

Center\usrprmpt.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 218240

bytes | Modified Date = 02-11-2004 16:59:52 | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec

Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 05-03-2006

18:29:04 | Attr = ]
TCASUTIEXE -> %System32%\TCAUDIAG.EXE -> [Ver = 6, 1, 1, 1 | Size = 1334784

bytes | Modified Date = 12-02-2003 10:55:52 | Attr = ]
Zone Labs Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs,

LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 23-08-2006

22:38:28 | Attr = ]
< OptionalComponents [HKLM] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponen

ts\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1,

2, 0, 60 | Size = 1961984 bytes | Modified Date = 16-09-2005 16:41:26 | Attr =

]
swg ->

%ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.ex

e -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date =

15-10-2006 10:18:16 | Attr = ]
< Disabled MSConfig Services [HKLM] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
NPFMntor -> ->
< Disabled MSConfig Folder Items[HKLM] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader

Hurtigstart.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe

Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date =

14-12-2004 03:44:06 | Attr = ]
C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital

Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe ->

Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472

bytes | Modified Date = 19-02-2006 03:21:22 | Attr = ]
C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Photosmart

Premier Hurtig start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe ->

Hewlett-Packard Development Company, L.P. [Ver = 065.000.117.000 | Size = 73728

bytes | Modified Date = 10-02-2006 06:56:20 | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
Acronis Scheduler2 Service -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe

-> File not found
CheckRegDefragService -> %ProgramFiles%\Registry Compressor\rbcs.exe -> Systweak

Inc [Ver = 2.0.0.52 | Size = 299520 bytes | Modified Date = 22-09-2004 23:18:36 |

Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe ->

Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152

bytes | Modified Date = 19-02-2006 01:41:10 | Attr = ]
NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1,

2, 0, 60 | Size = 1961984 bytes | Modified Date = 16-09-2005 16:41:26 | Attr =

]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0,

0, 2 | Size = 155648 bytes | Modified Date = 09-07-2001 10:50:42 | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date =

10-12-2005 03:06:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc.

[Ver = 6.4 | Size = 77824 bytes | Modified Date = 22-02-2006 11:58:50 | Attr =

]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink

Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 12-01-2005 02:01:32

| Attr = ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 19543592 bytes

| Modified Date = 13-03-2006 10:10:54 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_04\bin\jusched.exe -> Sun

Microsystems, Inc. [Ver = 5.0.40.5 | Size = 36975 bytes | Modified Date =

03-06-2005 02:52:54 | Attr = ]
< SecurityProviders [HKLM] > ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityPr

oviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\

-> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Ru

n\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Ru

n\\1 -> C:\WINDOWS\winsys.exe ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ ->

->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{B

DEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6

DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0

DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ ->

->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\don

tdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\leg

alnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\leg

alnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shu

tdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ ->

->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\No

DriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Fo

rceActiveDesktopOn -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet

Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = Min aktuelle startside ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
-> ->
192.168.1.250 HP0017A4529695 -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL ->

http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

->
HKLM: Start Page ->

http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SU

B_PVER}&ar=home ->
HKLM: CustomizeSearch ->

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.ni.dk/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< BHO's > ->

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser

Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated

[Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 14-12-2004

00:56:50 | Attr = ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> %ProgramFiles%\Norton

AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver =

11.0.16.2 | Size = 218736 bytes | Modified Date = 19-10-2005 12:54:30 | Attr =

]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] ->

%ProgramFiles%\Google\googletoolbar1.dll [Google Toolbar Helper] -> Google Inc.

[Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 12-10-2006

10:38:04 | Attr = R ]
< Internet Explorer ToolBars [HKLM] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] ->

%ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0,

1020, 2544 | Size = 2108480 bytes | Modified Date = 12-10-2006 10:38:04 | Attr =

R ]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton

AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver =

11.0.16.2 | Size = 218736 bytes | Modified Date = 19-10-2005 12:54:30 | Attr =

]
< Internet Explorer ToolBars [HKCU] > ->

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] ->

%ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0,

1020, 2544 | Size = 2108480 bytes | Modified Date = 12-10-2006 10:38:04 | Attr =

R ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] ->

%ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec

Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 19-10-2005

12:54:30 | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] ->

%ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0,

1020, 2544 | Size = 2108480 bytes | Modified Date = 12-10-2006 10:38:04 | Attr =

R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] ->

%ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec

Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 19-10-2005

12:54:30 | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not

found [Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > ->

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8194 - Sun Java Console ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8195 - Reg Data - Value does not exist

->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8193 - Messenger ->
NextId -> 8196 ->
< Internet Explorer Extensions [HKLM] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] ->

%ProgramFiles%\Java\jre1.5.0_04\bin\npjpi150_04.dll [MenuText: Sun Java Console]

-> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date =

03-06-2005 03:09:54 | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist

[ButtonText: Opslag] -> File not found
< Approved Shell Extensions [HKLM] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell

Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found

[Proceslinje og menuen Start] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop

Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 10-12-2005 03:06:00

| Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop

Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 10-12-2005

03:06:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView

Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date =

10-12-2005 03:06:00 | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll

[Kontrolpanel-udvidelse til skærmpanorering] -> File not found
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} [HKLM] -> %ProgramFiles%\Microsoft

Office\Visio11\VISSHE.DLL [{506F4668-F13E-4AA1-BB04-B43203AB3CC0}] -> [Ver = |

Size = 785464 bytes | Modified Date = 16-08-2003 14:29:34 | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found

[Grænsefladeudvidelser til filkomprimering] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found

[Brugerkonti] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found

[Kontekstmenu til kryptering] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll

[HyperTerminal-ikon] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes |

Modified Date = 16-09-2002 13:00:00 | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] ->

%ProgramFiles%\Ahead\InCD\incdshx.dll [Shell Extension for CDRW] -> Nero AG [Ver

= 4, 3, 20, 1 | Size = 103424 bytes | Modified Date = 25-07-2005 12:01:56 | Attr

= ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl

DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 7311360

bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
{D66DC78C-4F61-447F-942B-3FB6980118CF} [HKLM] -> %ProgramFiles%\Microsoft

Office\Visio11\VISSHE.DLL [{D66DC78C-4F61-447F-942B-3FB6980118CF}] -> [Ver = |

Size = 785464 bytes | Modified Date = 16-08-2003 14:29:34 | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] ->

%ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1

(32-bit) | Size = 5120 bytes | Modified Date = 16-11-2005 10:00:00 | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] ->

%ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1

(32-bit) | Size = 5120 bytes | Modified Date = 16-11-2005 10:00:00 | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] ->

%ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1

(32-bit) | Size = 5120 bytes | Modified Date = 16-11-2005 10:00:00 | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] ->

%ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1

(32-bit) | Size = 5120 bytes | Modified Date = 16-11-2005 10:00:00 | Attr = ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my

TV helper] -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 7311360 bytes |

Modified Date = 10-12-2005 03:06:00 | Attr = ]
< ContextMenuHandlers - * [HKLM] > ->

HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> %ProgramFiles%\Norton

AntiVirus\NAVSHEXT.DLL [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec

Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 19-10-2005

12:54:30 | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] ->

%ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1

(32-bit) | Size = 5120 bytes | Modified Date = 16-11-2005 10:00:00 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > ->

HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] ->

%ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1

(32-bit) | Size = 5120 bytes | Modified Date = 16-11-2005 10:00:00 | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > ->

HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandl

ers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView]

-> [Ver = | Size = 466944 bytes | Modified Date = 10-12-2005 03:06:00 | Attr =

]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] ->

%ProgramFiles%\Ahead\InCD\incdshx.dll [InCDMenu] -> Nero AG [Ver = 4, 3, 20, 1 |

Size = 103424 bytes | Modified Date = 25-07-2005 12:01:56 | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll

[NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 7311360

bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > ->

HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> %ProgramFiles%\Norton

AntiVirus\NAVSHEXT.DLL [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec

Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 19-10-2005

12:54:30 | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] ->

%ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1

(32-bit) | Size = 5120 bytes | Modified Date = 16-11-2005 10:00:00 | Attr = ]
< ColumnHandlers - Folder [HKLM] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat

7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver =

7.0.0.0 | Size = 110592 bytes | Modified Date = 14-12-2004 01:20:02 | Attr = ]
< DNS Name Servers [HKLM] > ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{0A59E447-4945-4EC7-B36F-28BC0BFAE937} -> (3Com Gigabit LOM (3C940)) ->
{3BC8F0B9-8DB8-4278-BDC0-F8EE7A6929AE} -> (1394-netværkskort) ->
{90384FCA-C7E8-4B29-B5ED-E230B5008836} -> () ->
< Protocol Handlers [HKLM] > ->

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store

Database\Distribution Units\
{3334504D-9980-0010-8000-00AA00389B71} -> - CodeBase =

http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D

/mp43dmo.CAB ->
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase =

http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C

/wmv9dmo.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase =

http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4939/mcfscan.cab ->
DirectAnimation Java Classes -> - CodeBase =

file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase =

file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files - Created Wihin 30 days]
CATALOG.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\CATALOG.DAT -> [Ver = | Size = 2504 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
ECMSVR32.DLL -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\ECMSVR32.DLL -> Symantec Corporation [Ver =

61.3.0.18 | Size = 272040 bytes | Created Date = 11-01-2007 15:27:01 | Attr =

]
NAVENG.EXP -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\NAVENG.EXP -> [Ver = | Size = 13040 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
NAVENG.SYS -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\NAVENG.SYS -> Symantec Corporation [Ver =

20061.3.0.12 | Size = 80408 bytes | Created Date = 11-01-2007 15:27:01 | Attr =

]
NAVENG.VXD -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\NAVENG.VXD -> [Ver = | Size = 89674 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
NAVENG32.DLL -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\NAVENG32.DLL -> Symantec Corporation [Ver =

20061.3.0.12 | Size = 124584 bytes | Created Date = 11-01-2007 15:27:01 | Attr =

]
NAVEX15.EXP -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\NAVEX15.EXP -> [Ver = | Size = 13232 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
NAVEX15.SYS -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\NAVEX15.SYS -> Symantec Corporation [Ver =

20061.3.0.12 | Size = 833048 bytes | Created Date = 11-01-2007 15:27:01 | Attr =

]
NAVEX15.VXD -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\NAVEX15.VXD -> [Ver = | Size = 994379 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
NAVEX32A.DLL -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\NAVEX32A.DLL -> Symantec Corporation [Ver =

20061.3.0.12 | Size = 882344 bytes | Created Date = 11-01-2007 15:27:01 | Attr =

]
SCRAUTH.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
SYMAVENG.CAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\SYMAVENG.CAT -> [Ver = | Size = 9237 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
SYMAVENG.INF -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\SYMAVENG.INF -> [Ver = | Size = 1061 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
TCDEFS.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\TCDEFS.DAT -> [Ver = | Size = 187887 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
TCSCAN7.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\TCSCAN7.DAT -> [Ver = | Size = 1190578 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
TCSCAN8.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\TCSCAN8.DAT -> [Ver = | Size = 324094 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
TCSCAN9.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\TCSCAN9.DAT -> [Ver = | Size = 735255 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\TINF.DAT

-> [Ver = | Size = 453 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
TINFIDX.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\TINFIDX.DAT -> [Ver = | Size = 148 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
TINFL.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\TINFL.DAT -> [Ver = | Size = 1957 bytes | Created

Date = 11-01-2007 15:27:01 | Attr = ]
TSCAN1.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\TSCAN1.DAT -> [Ver = | Size = 64232 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\V.GRD ->

[Ver = | Size = 4778 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\V.SIG ->

[Ver = | Size = 2261 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN.INF -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\VIRSCAN.INF -> [Ver = | Size = 106244 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\VIRSCAN1.DAT -> [Ver = | Size = 975589 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\VIRSCAN3.DAT -> [Ver = | Size = 147476 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\VIRSCAN5.DAT -> [Ver = | Size = 3167412 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\VIRSCAN6.DAT -> [Ver = | Size = 390049 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\VIRSCAN7.DAT -> [Ver = | Size = 5789438 bytes |

Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\VIRSCAN8.DAT -> [Ver = | Size = 1660032 bytes |

Created Date = 11-01-2007 15:27:02 | Attr = ]
VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\VIRSCAN9.DAT -> [Ver = | Size = 3999366 bytes |

Created Date = 11-01-2007 15:27:02 | Attr = ]
VIRSCANT.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\VIRSCANT.DAT -> [Ver = | Size = 32 bytes |

Created Date = 11-01-2007 15:27:02 | Attr = ]
vscanmsx.dat -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\vscanmsx.dat -> [Ver = | Size = 2072 bytes |

Created Date = 11-01-2007 17:44:27 | Attr = ]
ZDONE.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070110.032\ZDONE.DAT -> [Ver = | Size = 224 bytes | Created

Date = 11-01-2007 15:27:02 | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\CATALOG.DAT -> [Ver = | Size = 2504 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
ECMSVR32.DLL -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\ECMSVR32.DLL -> Symantec Corporation [Ver =

61.3.0.18 | Size = 272040 bytes | Created Date = 13-01-2007 13:45:03 | Attr =

]
NAVENG.EXP -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\NAVENG.EXP -> [Ver = | Size = 13040 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
NAVENG.SYS -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\NAVENG.SYS -> Symantec Corporation [Ver =

20061.3.0.12 | Size = 80408 bytes | Created Date = 13-01-2007 13:45:03 | Attr =

]
NAVENG.VXD -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\NAVENG.VXD -> [Ver = | Size = 89674 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
NAVENG32.DLL -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\NAVENG32.DLL -> Symantec Corporation [Ver =

20061.3.0.12 | Size = 124584 bytes | Created Date = 13-01-2007 13:45:03 | Attr =

]
NAVEX15.EXP -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\NAVEX15.EXP -> [Ver = | Size = 13232 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
NAVEX15.SYS -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\NAVEX15.SYS -> Symantec Corporation [Ver =

20061.3.0.12 | Size = 833048 bytes | Created Date = 13-01-2007 13:45:03 | Attr =

]
NAVEX15.VXD -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\NAVEX15.VXD -> [Ver = | Size = 994379 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
NAVEX32A.DLL -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\NAVEX32A.DLL -> Symantec Corporation [Ver =

20061.3.0.12 | Size = 882344 bytes | Created Date = 13-01-2007 13:45:03 | Attr =

]
SCRAUTH.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
SYMAVENG.CAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\SYMAVENG.CAT -> [Ver = | Size = 9237 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
SYMAVENG.INF -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\SYMAVENG.INF -> [Ver = | Size = 1061 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
TCDEFS.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\TCDEFS.DAT -> [Ver = | Size = 187905 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
TCSCAN7.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\TCSCAN7.DAT -> [Ver = | Size = 1196629 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
TCSCAN8.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\TCSCAN8.DAT -> [Ver = | Size = 325348 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
TCSCAN9.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\TCSCAN9.DAT -> [Ver = | Size = 736279 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINF.DAT

-> [Ver = | Size = 453 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
TINFIDX.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\TINFIDX.DAT -> [Ver = | Size = 148 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
TINFL.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\TINFL.DAT -> [Ver = | Size = 1957 bytes | Created

Date = 13-01-2007 13:45:03 | Attr = ]
TSCAN1.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\TSCAN1.DAT -> [Ver = | Size = 64232 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\V.GRD ->

[Ver = | Size = 4778 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\V.SIG ->

[Ver = | Size = 2269 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN.INF -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\VIRSCAN.INF -> [Ver = | Size = 106244 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\VIRSCAN1.DAT -> [Ver = | Size = 975798 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\VIRSCAN3.DAT -> [Ver = | Size = 147512 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\VIRSCAN5.DAT -> [Ver = | Size = 3179218 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\VIRSCAN6.DAT -> [Ver = | Size = 390197 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\VIRSCAN7.DAT -> [Ver = | Size = 5890358 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\VIRSCAN8.DAT -> [Ver = | Size = 1662499 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\VIRSCAN9.DAT -> [Ver = | Size = 4008519 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCANT.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\VIRSCANT.DAT -> [Ver = | Size = 32 bytes |

Created Date = 13-01-2007 13:45:03 | Attr = ]
vscanmsx.dat -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\vscanmsx.dat -> [Ver = | Size = 2072 bytes |

Created Date = 16-01-2007 14:22:56 | Attr = ]
ZDONE.DAT -> %CommonProgramFiles%\Symantec

Shared\VirusDefs\20070112.052\ZDONE.DAT -> [Ver = | Size = 224 bytes | Created

Date = 13-01-2007 13:45:03 | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\CATALOG.DAT -> [Ver = | Size = 728

bytes | Created Date = 12-01-2007 15:33:34 | Attr = ]
IDS9xx86.dll -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\IDS9xx86.dll -> Symantec Corporation

[Ver = 6.3.0.5 | Size = 157384 bytes | Created Date = 12-01-2007 15:33:34 | Attr

= ]
IDSVia64.cat -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\IDSVia64.cat -> [Ver = | Size = 8016

bytes | Created Date = 12-01-2007 15:33:34 | Attr = ]
IDSVia64.INF -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\IDSVia64.INF -> [Ver = | Size = 1043

bytes | Created Date = 12-01-2007 15:33:34 | Attr = ]
IDSviA64.sys -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\IDSviA64.sys -> Symantec Corporation

[Ver = 7.2.0.17 | Size = 278840 bytes | Created Date = 12-01-2007 15:33:34 | Attr

= ]
IDSVix86.cat -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\IDSVix86.cat -> [Ver = | Size = 7958

bytes | Created Date = 12-01-2007 15:33:34 | Attr = ]
IDSVix86.INF -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\IDSVix86.INF -> [Ver = | Size = 839

bytes | Created Date = 12-01-2007 15:33:34 | Attr = ]
IDSvix86.sys -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\IDSvix86.sys -> Symantec Corporation

[Ver = 7.2.0.17 | Size = 212280 bytes | Created Date = 12-01-2007 15:33:34 | Attr

= ]
IDSxpx86.dll -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\IDSxpx86.dll -> Symantec Corporation

[Ver = 7.2.0.17 | Size = 513656 bytes | Created Date = 12-01-2007 15:33:34 | Attr

= ]
Metadata.dat -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\Metadata.dat -> [Ver = | Size = 87088

bytes | Created Date = 12-01-2007 15:33:34 | Attr = ]
sigs.dat -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\sigs.dat -> [Ver = | Size = 2382080

bytes | Created Date = 12-01-2007 15:33:34 | Attr = ]
symidsco.sys -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\symidsco.sys -> Symantec Corporation

[Ver = 7.1.0.30 | Size = 177272 bytes | Created Date = 12-01-2007 15:33:34 | Attr

= ]
symidsco.vxd -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\symidsco.vxd -> [Ver = | Size =

216777 bytes | Created Date = 12-01-2007 15:33:34 | Attr = ]
SymIDSI.dll -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\SymIDSI.dll -> Symantec Corporation

[Ver = 6.3.0.5 | Size = 157384 bytes | Created Date = 12-01-2007 15:33:34 | Attr

= ]
v.grd -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\v.grd -> [Ver = | Size = 1245 bytes |

Created Date = 12-01-2007 15:33:34 | Attr = ]
v.sig -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\v.sig -> [Ver = | Size = 2249 bytes |

Created Date = 12-01-2007 15:33:34 | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\VIRSCAN1.DAT -> [Ver = | Size = 32

bytes | Created Date = 12-01-2007 15:33:34 | Attr = ]
zdone.dat -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.001\zdone.dat -> [Ver = | Size = 224

bytes | Created Date = 12-01-2007 15:33:34 | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\CATALOG.DAT -> [Ver = | Size = 728

bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
IDS9xx86.dll -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\IDS9xx86.dll -> Symantec Corporation

[Ver = 6.3.0.5 | Size = 157384 bytes | Created Date = 13-01-2007 13:44:43 | Attr

= ]
IDSVia64.cat -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\IDSVia64.cat -> [Ver = | Size = 8016

bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
IDSVia64.INF -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\IDSVia64.INF -> [Ver = | Size = 1043

bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
IDSviA64.sys -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\IDSviA64.sys -> Symantec Corporation

[Ver = 7.1.0.28 | Size = 266088 bytes | Created Date = 13-01-2007 13:44:43 | Attr

= ]
IDSVix86.cat -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\IDSVix86.cat -> [Ver = | Size = 7958

bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
IDSVix86.INF -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\IDSVix86.INF -> [Ver = | Size = 839

bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
IDSvix86.sys -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\IDSvix86.sys -> Symantec Corporation

[Ver = 7.1.0.28 | Size = 202872 bytes | Created Date = 13-01-2007 13:44:43 | Attr

= ]
IDSxpx86.dll -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\IDSxpx86.dll -> Symantec Corporation

[Ver = 7.1.0.28 | Size = 509560 bytes | Created Date = 13-01-2007 13:44:43 | Attr

= ]
Metadata.dat -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\Metadata.dat -> [Ver = | Size = 87088

bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
sigs.dat -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\sigs.dat -> [Ver = | Size = 2382080

bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
symidsco.sys -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\symidsco.sys -> Symantec Corporation

[Ver = 7.1.0.28 | Size = 176760 bytes | Created Date = 13-01-2007 13:44:43 | Attr

= ]
symidsco.vxd -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\symidsco.vxd -> [Ver = | Size =

216777 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
SymIDSI.dll -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\SymIDSI.dll -> Symantec Corporation

[Ver = 7.1.0.28 | Size = 104056 bytes | Created Date = 13-01-2007 13:44:43 | Attr

= ]
v.grd -> %CommonProgramFiles%\Symantec

Shared\SymcData\ids-diskless\20070112.004\v.grd -> [Ver = | Size = 1245 bytes |

Created Date = 13-01-2007 13:44:43 |

Synes godt om

ejvindh Ekspert

17. januar 2007 - 20:30 #8

Rustbfix checker for følgende servicenavne: pe386, lzx32, msguard og huy32. Ifølge loggen, var ingen af disse tilstede på computeren, så måske er det lykkedes for én af dine scannere at fjerne den. I hvert fald lykkedes det at fjerne selve driveren.

-- Kør WinPFind3U fra WinPFind3U-mappen igen. Kopier indholdet mellem de bølgede linier ind i det hvide felt til højre (højreklik på feltet og vælg "sæt ind"/"paste"):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[Kill Explorer]
[Registry - Non-Microsoft Only]
< Policy Settings [HKLM] > ->
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\1 -> C:\WINDOWS\winsys.exe
[ Extra Files ]
C:\WINDOWS\winsys.exe
[Start Explorer]
[Reboot]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Klik herefter på "Run Fix", og følg instruksionerne, der gives. Din computer vil nu genstarte. Efter genstart skal du køre WinPFindU.exe igen, klikke på "Scan" og lægge en frisk log herind. I mappen, hvor du har installeret WinPFindU ligger der en log, hvis navn består af en masse numre - den skal du også kopiere herind. Du behøver i første omgang ikke lægge en ny log fra Winpfind3u herind.

Download Gmer-rootkit scanner, og pak den ud til skrivebordet:
http://www.young-andersen.dk/gamer/gamer.zip
Kør programmet, klik på fanebladet "Rootkit", og klik på "Scan". Imens computeren scannes, bør du ikke bruge den til andre ting. Når scanningen er færdig, skal du klikke på "Copy". Så dukker et vindue op, som fortæller at resultatet af rootkit-scanningen er blevet lagt ind i udklipsholderen. Du kan herefter gå ind i denne tråd, og kopiere indholdet herind, ved at stille dig i indtastningsfeltet, og trykke ctrl-v.

Synes godt om

plerik Nybegynder

17. januar 2007 - 22:15 #9

WinPFind3 logfile created on: 17-01-2007 22:06:21
WinPFind3U by OldTimer - Version 1.0.10 Folder = C:\Downloads\Temp\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

1047276 Kb Total Physical Memory | 710176 Kb Available Physical Memory | 67,81% Memory free
2520916 Kb Paging File | 2232776 Kb Available in Paging File | 88,57% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 80027764 Kb Total Space | 47484236 Kb Free Space | 59,33% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

[Processes - Non-Microsoft Only]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 23-02-2006 10:41:04 | Attr = ]
apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 14-09-2006 07:55:52 | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.7.2 | Size = 59040 bytes | Modified Date = 17-02-2006 10:05:20 | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.7.2 | Size = 198304 bytes | Modified Date = 17-02-2006 10:05:28 | Attr = ]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.7.2 | Size = 181920 bytes | Modified Date = 17-02-2006 10:05:50 | Attr = ]
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date = 15-10-2006 10:18:16 | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 19-02-2006 01:41:10 | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 10, 1, 1, 5 | Size = 69632 bytes | Modified Date = 03-03-2006 20:03:10 | Attr = ]
incd.exe -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 20, 1 | Size = 1397760 bytes | Modified Date = 25-07-2005 12:01:24 | Attr = ]
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 20, 1 | Size = 876032 bytes | Modified Date = 25-07-2005 12:00:56 | Attr = ]
navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 19-10-2005 12:54:14 | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 131139 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
oodag.exe -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 8.5.1788 | Size = 339456 bytes | Modified Date = 02-06-2006 00:52:58 | Attr = ]
photoshopelementsfileagent.exe -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified Date = 14-09-2006 07:56:06 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 22-02-2006 11:58:50 | Attr = ]
savscan.exe -> %ProgramFiles%\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = 9.4.2.1 | Size = 198368 bytes | Modified Date = 07-03-2005 14:59:36 | Attr = ]
smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20-09-2002 14:50:10 | Attr = ]
smax4pnp.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 1 | Size = 774144 bytes | Modified Date = 04-04-2003 12:38:52 | Attr = ]
sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 05-04-2005 11:17:22 | Attr = ]
spbbcsvc.exe -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 21-07-2004 16:24:04 | Attr = ]
symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 419 | Size = 817304 bytes | Modified Date = 05-03-2006 18:08:02 | Attr = ]
vsmon.exe -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 23-08-2006 22:38:26 | Attr = ]
winnc32.exe -> %ProgramFiles%\WinNc\WinNc32.exe -> Dunes MultiMedia [Ver = 2000 | Size = 2014720 bytes | Modified Date = 06-09-2005 16:11:30 | Attr = ]
winpfind3u.exe -> %SystemDrive%\Downloads\Temp\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.10.0 | Size = 306176 bytes | Modified Date = 12-01-2007 16:20:26 | Attr = ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 23-08-2006 22:38:28 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> File not found
(AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Win32_Own | Auto | Running] -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [Ver = | Size = 102400 bytes | Modified Date = 14-09-2006 07:56:06 | Attr = ]
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.0.0.160 | Size = 100032 bytes | Modified Date = 23-02-2006 10:41:04 | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 103.0.7.2 | Size = 198304 bytes | Modified Date = 17-02-2006 10:05:28 | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 103.0.7.2 | Size = 79520 bytes | Modified Date = 17-02-2006 10:05:42 | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 103.0.7.2 | Size = 181920 bytes | Modified Date = 17-02-2006 10:05:50 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 205312 bytes | Modified Date = 16-09-2002 13:00:00 | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.699.25363.beta | Size = 135608 bytes | Modified Date = 04-12-2006 05:53:56 | Attr = ]
(HP Port Resolver) HP Port Resolver [Win32_Own | On_Demand | Stopped] -> %System32%\spool\drivers\w32x86\3\HPBPRO.EXE -> Hewlett-Packard Company [Ver = 1, 0, 50, 0 | Size = 81920 bytes | Modified Date = 20-05-2005 09:37:12 | Attr = ]
(HP Status Server) HP Status Server [Win32_Own | On_Demand | Stopped] -> %System32%\spool\drivers\w32x86\3\HPBOID.EXE -> Hewlett-Packard Company [Ver = 1, 0, 46, 0 | Size = 73728 bytes | Modified Date = 16-10-2004 04:31:06 | Attr = ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 20, 1 | Size = 876032 bytes | Modified Date = 25-07-2005 12:00:56 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_0.EXE -> Symantec Corporation [Ver = 3.0.0.160 | Size = 2045632 bytes | Modified Date = 23-02-2006 10:41:04 | Attr = ]
(navapsvc) Norton AntiVirus Auto-Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 177264 bytes | Modified Date = 19-10-2005 12:54:14 | Attr = ]
(NPFMntor) Norton AntiVirus Firewall Monitor Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Norton AntiVirus\IWP\NPFMNTOR.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 46704 bytes | Modified Date = 19-10-2005 12:54:52 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 131139 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
(O&O Defrag) O&O Defrag [Win32_Own | Auto | Running] -> %System32%\oodag.exe -> O&O Software GmbH [Ver = 8.5.1788 | Size = 339456 bytes | Modified Date = 02-06-2006 00:52:58 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Unknown | Running] -> -> File not found
(SandraDataSrv) Sandra Data Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe -> SiSoftware [Ver = 10.60.2005.7 | Size = 173040 bytes | Modified Date = 01-07-2005 16:11:52 | Attr = ]
(SandraTheSrv) Sandra Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe -> SiSoftware [Ver = 10.60.2005.7 | Size = 1053672 bytes | Modified Date = 01-07-2005 16:15:46 | Attr = ]
(SAVScan) SAVScan [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = 9.4.2.1 | Size = 198368 bytes | Modified Date = 07-03-2005 14:59:36 | Attr = ]
(SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBSERV.EXE -> Symantec Corporation [Ver = 11.0.16.2 | Size = 67184 bytes | Modified Date = 19-10-2005 12:55:00 | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 05-04-2005 11:17:22 | Attr = ]
(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 20-09-2002 14:50:10 | Attr = ]
(SPBBCSvc) Symantec SPBBCSvc [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCSvc.exe -> Symantec Corporation [Ver = 1,0,1,47 | Size = 173160 bytes | Modified Date = 21-07-2004 16:24:04 | Attr = ]
(Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1, 8, 54, 419 | Size = 817304 bytes | Modified Date = 05-03-2006 18:08:02 | Attr = ]
(SymWSC) SymWMI Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Center\SymWSC.exe -> File not found
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %System32%\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 75768 bytes | Modified Date = 23-08-2006 22:38:26 | Attr = ]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 3.0.2.29 | Size = 100032 bytes | Modified Date = 26-02-2003 05:01:40 | Attr = ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found
(asc) asc [Kernel | Disabled | Stopped] -> -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found
(aslm75) aslm75 [Kernel | Auto | Running] -> %System32%\drivers\ASLM75.SYS -> [Ver = | Size = 6272 bytes | Modified Date = 22-04-1997 09:16:00 | Attr = ]
(ASPI32) ASPI32 [Kernel | System | Running] -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0002) | Size = 16877 bytes | Modified Date = 17-07-2002 02:53:02 | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found
(DCamUSBEMPIA) USB 2820 Video [Kernel | On_Demand | Running] -> %System32%\drivers\emDevice.sys -> eMPIA Technology, Inc. [Ver = 1.1.0521.0 | Size = 112525 bytes | Modified Date = 17-08-2004 11:48:08 | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 781184 bytes | Modified Date = 16-09-2002 13:00:00 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 146560 bytes | Modified Date = 16-09-2002 13:00:00 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 16-09-2002 13:00:00 | Attr = ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found
(EL2000) 3Com 3C2000x EtherLink XL Adapter [Kernel | On_Demand | Running] -> %System32%\drivers\EL2K_XP.sys -> 3Com Corporation [Ver = 1.00.00.0042 built by: WinDDK | Size = 147328 bytes | Modified Date = 17-04-2003 09:15:22 | Attr = ]
(FiltUSBEMPIA) USB Device Lower Filter [Kernel | On_Demand | Running] -> %System32%\drivers\emFilter.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.2.3790.0 built by: WinDDK | Size = 19328 bytes | Modified Date = 04-11-2004 22:36:00 | Attr = ]
(hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found
(InCDFs) InCD File System [File_System | Disabled | Running] -> %System32%\drivers\InCDfs.sys -> Nero AG [Ver = 4, 3, 20, 1 | Size = 101504 bytes | Modified Date = 25-07-2005 11:53:28 | Attr = ]
(InCDPass) InCDPass [Kernel | System | Running] -> %System32%\drivers\InCDpass.sys -> Nero AG [Ver = 4, 3, 20, 1 | Size = 29696 bytes | Modified Date = 25-07-2005 11:53:04 | Attr = ]
(InCDRm) InCD Reader [Kernel | System | Running] -> %System32%\drivers\InCDrm.sys -> Nero AG [Ver = 4, 3, 20, 1 | Size = 28672 bytes | Modified Date = 25-07-2005 11:53:00 | Attr = ]
(ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MidiSyn) MidiSyn [Kernel | On_Demand | Stopped] -> %System32%\drivers\MidiSyn.sys -> Analog Devices Inc [Ver = 3, 3, 7, 3 | Size = 235100 bytes | Modified Date = 20-09-2002 03:53:34 | Attr = ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\NAVENG.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Modified Date = 20-12-2006 10:00:00 | Attr = ]
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\NAVEX15.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Modified Date = 20-12-2006 10:00:00 | Attr = ]
(nv) nv [Kernel | On_Demand | Running] -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 3536768 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %System32%\drivers\pcouffin.sys -> VSO Software [Ver = 1.36 | Size = 47360 bytes | Modified Date = 14-11-2006 12:41:30 | Attr = ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %System32%\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 10368 bytes | Modified Date = 05-12-2003 11:46:36 | Attr = ]
(Ptilink) Driver til direkte, parallel forbindelse [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 16-09-2002 13:00:00 | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.41a | Size = 36560 bytes | Modified Date = 27-09-2006 22:53:24 | Attr = ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found
(SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Norton AntiVirus\SAVRT.SYS -> Symantec Corporation [Ver = 9.4.2.1 | Size = 338056 bytes | Modified Date = 07-03-2005 14:59:44 | Attr = ]
(SAVRTPEL) SAVRTPEL [Kernel | System | Running] -> %ProgramFiles%\Norton AntiVirus\SAVRTPEL.SYS -> Symantec Corporation [Ver = 9.4.2.1 | Size = 50312 bytes | Modified Date = 07-03-2005 14:59:50 | Attr = ]
(ScanUSBEMPIA) USB Still Image Capture Device [Kernel | On_Demand | Running] -> %System32%\drivers\emScan.sys -> eMPIA Technology, Inc. [Ver = 1.1.0812.0 | Size = 4857 bytes | Modified Date = 12-08-2004 13:35:54 | Attr = ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Europe Ltd [Ver = 3.18.000 | Size = 12400 bytes | Modified Date = 15-12-2006 18:25:56 | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3583 | Size = 555648 bytes | Modified Date = 24-04-2003 15:06:34 | Attr = ]
(SONYPVU1) Sony USB-filterdriver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %System32%\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 17-08-2001 20:56:16 | Attr = ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found
(SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 1,0,1,47 | Size = 341096 bytes | Modified Date = 21-07-2004 16:24:02 | Attr = ]
(srescan) srescan [Kernel | Boot | Running] -> %System32%\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 63, 0 | Size = 29680 bytes | Modified Date = 03-08-2006 00:53:32 | Attr = ]
(symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found
(SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %System32%\drivers\symdns.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 11512 bytes | Modified Date = 05-04-2005 11:16:52 | Attr = ]
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.6.8.1 | Size = 124016 bytes | Modified Date = 15-09-2006 21:52:12 | Attr = ]
(SYMFW) SYMFW [Kernel | On_Demand | Running] -> %System32%\drivers\symfw.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 173208 bytes | Modified Date = 05-04-2005 11:16:54 | Attr = ]
(SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %System32%\drivers\symids.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 36984 bytes | Modified Date = 05-04-2005 11:16:58 | Attr = ]
(SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\symidsco.sys -> Symantec Corporation [Ver = 7.2.1.1 | Size = 185976 bytes | Modified Date = 16-01-2007 12:01:06 | Attr = ]
(symlcbrd) symlcbrd [Kernel | Auto | Running] -> %System32%\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1, 8, 54, 419 | Size = 4608 bytes | Modified Date = 05-03-2006 18:08:02 | Attr = ]
(SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %System32%\drivers\symndis.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 47192 bytes | Modified Date = 05-04-2005 11:16:56 | Attr = ]
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %System32%\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 17976 bytes | Modified Date = 05-04-2005 11:17:00 | Attr = ]
(SYMTDI) SYMTDI [Kernel | System | Running] -> %System32%\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.5.1.6 | Size = 267192 bytes | Modified Date = 05-04-2005 11:17:02 | Attr = ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found
(tcaicchg) tcaicchg [Kernel | Auto | Running] -> %System32%\TCAICCHG.SYS -> 3Com Corporation [Ver = 4, 4, 0, 1 | Size = 21233 bytes | Modified Date = 06-06-2000 19:08:04 | Attr = ]
(TCAITDI) TCAITDI Protocol [Kernel | Auto | Running] -> %System32%\drivers\TCAITDI.SYS -> 3Com Corporation [Ver = 2, 0, 0, 9 | Size = 19534 bytes | Modified Date = 04-09-2001 12:22:52 | Attr = ]
(TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found
(vsdatant) vsdatant [Kernel | System | Running] -> %System32%\vsdatant.sys -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 392824 bytes | Modified Date = 23-08-2006 22:38:36 | Attr = ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Elements 5.0\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.66984 | Size = 61440 bytes | Modified Date = 14-09-2006 07:55:52 | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 103.0.7.2 | Size = 59040 bytes | Modified Date = 17-02-2006 10:05:20 | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 19-02-2006 01:41:10 | Attr = ]
InCD -> %ProgramFiles%\Ahead\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 20, 1 | Size = 1397760 bytes | Modified Date = 25-07-2005 12:01:24 | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 7311360 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
NvMediaCenter -> %System32%\nvmctray.dll [RunDLL32.exe NvMCTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 86016 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 22-02-2006 11:58:50 | Attr = ]
SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 22 | Size = 581632 bytes | Modified Date = 23-04-2003 07:39:08 | Attr = ]
SoundMAXPnP -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 4, 0, 4, 1 | Size = 774144 bytes | Modified Date = 04-04-2003 12:38:52 | Attr = ]
SSC_UserPrompt -> %CommonProgramFiles%\Symantec Shared\Security Center\usrprmpt.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 218240 bytes | Modified Date = 02-11-2004 16:59:52 | Attr = ]
Symantec NetDriver Monitor -> %ProgramFiles%\SymNetDrv\SNDMon.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 100056 bytes | Modified Date = 05-03-2006 18:29:04 | Attr = ]
TCASUTIEXE -> %System32%\TCAUDIAG.EXE -> [Ver = 6, 1, 1, 1 | Size = 1334784 bytes | Modified Date = 12-02-2003 10:55:52 | Attr = ]
Zone Labs Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 6.5.737.000 | Size = 968696 bytes | Modified Date = 23-08-2006 22:38:28 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1, 2, 0, 60 | Size = 1961984 bytes | Modified Date = 16-09-2005 16:41:26 | Attr = ]
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 908, 5008 | Size = 163576 bytes | Modified Date = 15-10-2006 10:18:16 | Attr = ]
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
NPFMntor -> ->
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14-12-2004 03:44:06 | Attr = ]
C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 288472 bytes | Modified Date = 19-02-2006 03:21:22 | Attr = ]
C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Photosmart Premier Hurtig start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Development Company, L.P. [Ver = 065.000.117.000 | Size = 73728 bytes | Modified Date = 10-02-2006 06:56:20 | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
Acronis Scheduler2 Service -> %CommonProgramFiles%\Acronis\Schedule2\schedhlp.exe -> File not found
CheckRegDefragService -> %ProgramFiles%\Registry Compressor\rbcs.exe -> Systweak Inc [Ver = 2.0.0.52 | Size = 299520 bytes | Modified Date = 22-09-2004 23:18:36 | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Development Company, L.P. [Ver = 70.0.170.000 | Size = 49152 bytes | Modified Date = 19-02-2006 01:41:10 | Attr = ]
NBJ -> %ProgramFiles%\Ahead\Nero BackItUp\NBJ.exe -> Ahead Software AG [Ver = 1, 2, 0, 60 | Size = 1961984 bytes | Modified Date = 16-09-2005 16:41:26 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09-07-2001 10:50:42 | Attr = ]
nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1519616 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 22-02-2006 11:58:50 | Attr = ]
RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 12-01-2005 02:01:32 | Attr = ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 19543592 bytes | Modified Date = 13-03-2006 10:10:54 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_04\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 36975 bytes | Modified Date = 03-06-2005 02:52:54 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = Min aktuelle startside ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
-> ->
192.168.1.250 HP0017A4529695 -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.ni.dk/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 14-12-2004 00:56:50 | Attr = ]
{BDF3E430-B101-42AD-A544-FADC6B084872} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [CNavExtBho Class] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 19-10-2005 12:54:30 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 12-10-2006 10:38:04 | Attr = R ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 12-10-2006 10:38:04 | Attr = R ]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 19-10-2005 12:54:30 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 12-10-2006 10:38:04 | Attr = R ]
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 19-10-2005 12:54:30 | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 2544 | Size = 2108480 bytes | Modified Date = 12-10-2006 10:38:04 | Attr = R ]
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 19-10-2005 12:54:30 | Attr = ]
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8194 - Sun Java Console ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8195 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8193 - Messenger ->
NextId -> 8196 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_04\bin\npjpi150_04.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.40.5 | Size = 69746 bytes | Modified Date = 03-06-2005 03:09:54 | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Opslag] -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Proceslinje og menuen Start] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Kontrolpanel-udvidelse til skærmpanorering] -> File not found
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} [HKLM] -> %ProgramFiles%\Microsoft Office\Visio11\VISSHE.DLL [{506F4668-F13E-4AA1-BB04-B43203AB3CC0}] -> [Ver = | Size = 785464 bytes | Modified Date = 16-08-2003 14:29:34 | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Grænsefladeudvidelser til filkomprimering] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Brugerkonti] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Kontekstmenu til kryptering] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal-ikon] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 16-09-2002 13:00:00 | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> %ProgramFiles%\Ahead\InCD\incdshx.dll [Shell Extension for CDRW] -> Nero AG [Ver = 4, 3, 20, 1 | Size = 103424 bytes | Modified Date = 25-07-2005 12:01:56 | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 7311360 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
{D66DC78C-4F61-447F-942B-3FB6980118CF} [HKLM] -> %ProgramFiles%\Microsoft Office\Visio11\VISSHE.DLL [{D66DC78C-4F61-447F-942B-3FB6980118CF}] -> [Ver = | Size = 785464 bytes | Modified Date = 16-08-2003 14:29:34 | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-11-2005 10:00:00 | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-11-2005 10:00:00 | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-11-2005 10:00:00 | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-11-2005 10:00:00 | Attr = ]
{FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKLM] -> %System32%\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 7311360 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 19-10-2005 12:54:30 | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-11-2005 10:00:00 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-11-2005 10:00:00 | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [00nView] -> [Ver = | Size = 466944 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> %ProgramFiles%\Ahead\InCD\incdshx.dll [InCDMenu] -> Nero AG [Ver = 4, 3, 20, 1 | Size = 103424 bytes | Modified Date = 25-07-2005 12:01:56 | Attr = ]
{A70C977A-BF00-412C-90B7-034C51DA2439} [HKLM] -> %System32%\nvcpl.dll [NvCplDesktopContext] -> NVIDIA Corporation [Ver = 6.14.10.8198 | Size = 7311360 bytes | Modified Date = 10-12-2005 03:06:00 | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} [HKLM] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Symantec.Norton.Antivirus.IEContextMenu] -> Symantec Corporation [Ver = 11.0.16.2 | Size = 218736 bytes | Modified Date = 19-10-2005 12:54:30 | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16-11-2005 10:00:00 | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14-12-2004 01:20:02 | Attr = ]
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{0A59E447-4945-4EC7-B36F-28BC0BFAE937} -> (3Com Gigabit LOM (3C940)) ->
{3BC8F0B9-8DB8-4278-BDC0-F8EE7A6929AE} -> (1394-netværkskort) ->
{90384FCA-C7E8-4B29-B5ED-E230B5008836} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{3334504D-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB ->
{33564D57-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase = http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4939/mcfscan.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->

[Files - Created Wihin 30 days]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\CATALOG.DAT -> [Ver = | Size = 2504 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
NAVENG.EXP -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\NAVENG.EXP -> [Ver = | Size = 13040 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
NAVENG.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\NAVENG.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
NAVENG.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\NAVENG.VXD -> [Ver = | Size = 89674 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
NAVENG32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\NAVENG32.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
NAVEX15.EXP -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\NAVEX15.EXP -> [Ver = | Size = 13232 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
NAVEX15.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\NAVEX15.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
NAVEX15.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\NAVEX15.VXD -> [Ver = | Size = 994379 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
NAVEX32A.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\NAVEX32A.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
SYMAVENG.CAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\SYMAVENG.CAT -> [Ver = | Size = 9237 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
SYMAVENG.INF -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\SYMAVENG.INF -> [Ver = | Size = 1061 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\TCDEFS.DAT -> [Ver = | Size = 187887 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\TCSCAN7.DAT -> [Ver = | Size = 1190578 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\TCSCAN8.DAT -> [Ver = | Size = 324094 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\TCSCAN9.DAT -> [Ver = | Size = 735255 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\TINF.DAT -> [Ver = | Size = 453 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\TINFL.DAT -> [Ver = | Size = 1957 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\V.GRD -> [Ver = | Size = 4778 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\V.SIG -> [Ver = | Size = 2261 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN.INF -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\VIRSCAN.INF -> [Ver = | Size = 106244 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\VIRSCAN1.DAT -> [Ver = | Size = 975589 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\VIRSCAN3.DAT -> [Ver = | Size = 147476 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\VIRSCAN5.DAT -> [Ver = | Size = 3167412 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\VIRSCAN6.DAT -> [Ver = | Size = 390049 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\VIRSCAN7.DAT -> [Ver = | Size = 5789438 bytes | Created Date = 11-01-2007 15:27:01 | Attr = ]
VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\VIRSCAN8.DAT -> [Ver = | Size = 1660032 bytes | Created Date = 11-01-2007 15:27:02 | Attr = ]
VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\VIRSCAN9.DAT -> [Ver = | Size = 3999366 bytes | Created Date = 11-01-2007 15:27:02 | Attr = ]
VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Created Date = 11-01-2007 15:27:02 | Attr = ]
vscanmsx.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\vscanmsx.dat -> [Ver = | Size = 2072 bytes | Created Date = 11-01-2007 17:44:27 | Attr = ]
ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070110.032\ZDONE.DAT -> [Ver = | Size = 224 bytes | Created Date = 11-01-2007 15:27:02 | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\CATALOG.DAT -> [Ver = | Size = 2504 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
ECBOOTIL.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ECBOOTIL.VXD -> [Ver = | Size = 6899 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
ECMSVR32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ECMSVR32.DLL -> Symantec Corporation [Ver = 61.3.0.18 | Size = 272040 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
NAVENG.EXP -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\NAVENG.EXP -> [Ver = | Size = 13040 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
NAVENG.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\NAVENG.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 80408 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
NAVENG.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\NAVENG.VXD -> [Ver = | Size = 89674 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
NAVENG32.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\NAVENG32.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 124584 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
NAVEX15.EXP -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\NAVEX15.EXP -> [Ver = | Size = 13232 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
NAVEX15.SYS -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\NAVEX15.SYS -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 833048 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
NAVEX15.VXD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\NAVEX15.VXD -> [Ver = | Size = 994379 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
NAVEX32A.DLL -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\NAVEX32A.DLL -> Symantec Corporation [Ver = 20061.3.0.12 | Size = 882344 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
SCRAUTH.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\SCRAUTH.DAT -> [Ver = | Size = 97712 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
SYMAVENG.CAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\SYMAVENG.CAT -> [Ver = | Size = 9237 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
SYMAVENG.INF -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\SYMAVENG.INF -> [Ver = | Size = 1061 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
TCDEFS.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCDEFS.DAT -> [Ver = | Size = 187905 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
TCSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN7.DAT -> [Ver = | Size = 1196629 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
TCSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN8.DAT -> [Ver = | Size = 325348 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
TCSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TCSCAN9.DAT -> [Ver = | Size = 736279 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
TINF.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINF.DAT -> [Ver = | Size = 453 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
TINFIDX.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINFIDX.DAT -> [Ver = | Size = 148 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
TINFL.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TINFL.DAT -> [Ver = | Size = 1957 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
TSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TSCAN1.DAT -> [Ver = | Size = 64232 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
TSCAN1HD.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\TSCAN1HD.DAT -> [Ver = | Size = 3072 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
V.GRD -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\V.GRD -> [Ver = | Size = 4778 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
V.SIG -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\V.SIG -> [Ver = | Size = 2269 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN.INF -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN.INF -> [Ver = | Size = 106244 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN1.DAT -> [Ver = | Size = 975798 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN2.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN2.DAT -> [Ver = | Size = 570042 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN3.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN3.DAT -> [Ver = | Size = 147512 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN4.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN4.DAT -> [Ver = | Size = 320186 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN5.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN5.DAT -> [Ver = | Size = 3179218 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN6.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN6.DAT -> [Ver = | Size = 390197 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN7.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN7.DAT -> [Ver = | Size = 5890358 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN8.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN8.DAT -> [Ver = | Size = 1662499 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCAN9.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCAN9.DAT -> [Ver = | Size = 4008519 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
VIRSCANT.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\VIRSCANT.DAT -> [Ver = | Size = 32 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
vscanmsx.dat -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\vscanmsx.dat -> [Ver = | Size = 2072 bytes | Created Date = 16-01-2007 14:22:56 | Attr = ]
ZDONE.DAT -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20070112.052\ZDONE.DAT -> [Ver = | Size = 224 bytes | Created Date = 13-01-2007 13:45:03 | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\CATALOG.DAT -> [Ver = | Size = 728 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
IDS9xx86.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\IDS9xx86.dll -> Symantec Corporation [Ver = 6.3.0.5 | Size = 157384 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
IDSVia64.cat -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\IDSVia64.cat -> [Ver = | Size = 8016 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
IDSVia64.INF -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\IDSVia64.INF -> [Ver = | Size = 1043 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
IDSviA64.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\IDSviA64.sys -> Symantec Corporation [Ver = 7.1.0.28 | Size = 266088 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
IDSVix86.cat -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\IDSVix86.cat -> [Ver = | Size = 7958 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
IDSVix86.INF -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\IDSVix86.INF -> [Ver = | Size = 839 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
IDSvix86.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\IDSvix86.sys -> Symantec Corporation [Ver = 7.1.0.28 | Size = 202872 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
IDSxpx86.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\IDSxpx86.dll -> Symantec Corporation [Ver = 7.1.0.28 | Size = 509560 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
Metadata.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\Metadata.dat -> [Ver = | Size = 87088 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
sigs.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\sigs.dat -> [Ver = | Size = 2382080 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
symidsco.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\symidsco.sys -> Symantec Corporation [Ver = 7.1.0.28 | Size = 176760 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
symidsco.vxd -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\symidsco.vxd -> [Ver = | Size = 216777 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
SymIDSI.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\SymIDSI.dll -> Symantec Corporation [Ver = 7.1.0.28 | Size = 104056 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
v.grd -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\v.grd -> [Ver = | Size = 1245 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
v.sig -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\v.sig -> [Ver = | Size = 2249 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\VIRSCAN1.DAT -> [Ver = | Size = 32 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
zdone.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070112.004\zdone.dat -> [Ver = | Size = 224 bytes | Created Date = 13-01-2007 13:44:43 | Attr = ]
CATALOG.DAT -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\CATALOG.DAT -> [Ver = | Size = 728 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
IDS9xx86.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\IDS9xx86.dll -> Symantec Corporation [Ver = 6.3.0.5 | Size = 157384 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
IDSVia64.cat -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\IDSVia64.cat -> [Ver = | Size = 10654 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
IDSVia64.INF -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\IDSVia64.INF -> [Ver = | Size = 1042 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
IDSviA64.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\IDSviA64.sys -> Symantec Corporation [Ver = 7.2.1.1 | Size = 278840 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
IDSVix86.cat -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\IDSVix86.cat -> [Ver = | Size = 10596 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
IDSVix86.INF -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\IDSVix86.INF -> [Ver = | Size = 838 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
IDSvix86.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\IDSvix86.sys -> Symantec Corporation [Ver = 7.2.1.1 | Size = 212280 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
IDSxpx86.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\IDSxpx86.dll -> Symantec Corporation [Ver = 7.2.1.1 | Size = 513656 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
Metadata.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\Metadata.dat -> [Ver = | Size = 87088 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
sigs.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\sigs.dat -> [Ver = | Size = 2382080 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
symidsco.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\symidsco.sys -> Symantec Corporation [Ver = 7.2.1.1 | Size = 185976 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
symidsco.vxd -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\symidsco.vxd -> [Ver = | Size = 216777 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
SymIDSI.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\SymIDSI.dll -> Symantec Corporation [Ver = 7.2.1.1 | Size = 104056 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
v.grd -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\v.grd -> [Ver = | Size = 1245 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
v.sig -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\v.sig -> [Ver = | Size = 2249 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
VIRSCAN1.DAT -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\VIRSCAN1.DAT -> [Ver = | Size = 32 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
zdone.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\20070116.001\zdone.dat -> [Ver = | Size = 224 bytes | Created Date = 17-01-2007 21:45:51 | Attr = ]
IDSVia64.cat -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\BinHub\IDSVia64.cat -> [Ver = | Size = 8016 bytes | Created Date = 28-12-2006 01:16:10 | Attr = ]
IDSVia64.INF -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\BinHub\IDSVia64.INF -> [Ver = | Size = 1043 bytes | Created Date = 28-12-2006 01:16:11 | Attr = ]
IDSviA64.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\BinHub\IDSviA64.sys -> Symantec Corporation [Ver = 7.2.0.17 | Size = 278840 bytes | Created Date = 27-12-2006 23:48:28 | Attr = ]
IDSVix86.cat -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\BinHub\IDSVix86.cat -> [Ver = | Size = 7958 bytes | Created Date = 28-12-2006 01:16:13 | Attr = ]
IDSVix86.INF -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\BinHub\IDSVix86.INF -> [Ver = | Size = 839 bytes | Created Date = 28-12-2006 01:16:14 | Attr = ]
IDSvix86.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\BinHub\IDSvix86.sys -> Symantec Corporation [Ver = 7.2.0.17 | Size = 212280 bytes | Created Date = 27-12-2006 23:48:25 | Attr = ]
IDSxpx86.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\BinHub\IDSxpx86.dll -> Symantec Corporation [Ver = 7.2.0.17 | Size = 513656 bytes | Created Date = 27-12-2006 23:48:22 | Attr = ]
metadata.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\BinHub\metadata.dat -> [Ver = | Size = 87088 bytes | Created Date = 08-01-2007 22:38:05 | Attr = ]
sigs.dat -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\BinHub\sigs.dat -> [Ver = | Size = 2382080 bytes | Created Date = 08-01-2007 22:38:05 | Attr = ]
symidsco.sys -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\BinHub\symidsco.sys -> Symantec Corporation [Ver = 7.2.0.17 | Size = 185976 bytes | Created Date = 27-12-2006 23:48:06 | Attr = ]
SymIDSI.dll -> %CommonProgramFiles%\Symantec Shared\SymcData\ids-diskless\BinHub\SymIDSI.dll -> Symantec Corporation [Ver = 7.2.0.17 | Size = 104056 bytes | Created Date = 27-12-2006 23:48:10 | Attr = ]
v.grd -> %Comm

Synes godt om

plerik Nybegynder

17. januar 2007 - 22:16 #10

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\1 deleted successfully.
[ Extra Files ]
File C:\WINDOWS\winsys.exe not found!
< End of log >
Created on 01-17-2007 21:57:53

Synes godt om

plerik Nybegynder

17. januar 2007 - 22:27 #11

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-17 22:27:16
Windows 5.1.2600 Service Pack 1

---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!ZwCallbackReturn + 28AC 804FE860 12 Bytes [ 60, AC, 76, F5, E0, 0E, 77, ... ]
.text ntoskrnl.exe!ZwCallbackReturn + 28EC 804FE8A0 8 Bytes [ 50, 79, 76, F5, B0, 30, 77, ... ]
.text ntdll.dll!NtClose 77F5B5C8 5 Bytes JMP 72033FAA
.text ntdll.dll!NtCreateProcess 77F5B728 5 Bytes JMP 72034135
.text ntdll.dll!NtCreateProcessEx 77F5B738 5 Bytes JMP 72034019
.text ntdll.dll!NtCreateSection 77F5B758 5 Bytes JMP 72033FC8
.text ntoskrnl.exe!ZwYieldExecution + 2E14 804FE860 12 Bytes [ 60, AC, 76, F5, E0, 0E, 77, ... ]
.text ntoskrnl.exe!ZwYieldExecution + 2E54 804FE8A0 8 Bytes [ 50, 79, 76, F5, B0, 30, 77, ... ]

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F577C2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F577C2A0] vsdatant.sys

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION E9F8FA3FC83E2C243BF8FD9EA338C7D262C43DBDF20C372F1A6969F2F0CEFED7EB0C476E9FC3EC2F6A4A73FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6A0AC4980AC7933A6171C11EC38DE3DB9B12243DFCDA9F7200B9405165696F7BE0594D159C017237670E7D3D1AFFA67E821C69FEABFAE2D5BE322F8A03E229E586E321E0BE8047BB6F0D42646BFC885602EC2EFA9EA0370EFA50B2048280C6E1FCD6631C652FB41FE61578E006F736408351ACAF95832C27827E6512966047BF8167E410737F1B9A16B10C67380D19C423BE488ECF31AAB7FE4622791AB0DDCBF5ADCCC7534302E655DB64B49981347E0E4CBC8470C6C3585003E8082917DAE3FD47692724B4F6983A9135CDBC3360129FE11EC84D22DEE7F3ACC82B49401913861D3171261C13EA964077FBE6E106C58F6869B50E239EBD37CF79111139427618292A29A40C87F7BC9817E356BCA2F9DE0133E8C35BBC0DE53BBDB37540D1861DBE3400996FE070D358A66B771E2F11AF3B204CF2AB709F1EC284EF8FE1090D8B50EC28AF2CDB069AA3C08721CA7E2660A745FE18482E4CF1F629CDC2098BED47EE7BA054D76DD0FCEC37846673F348C227B84C26B4574B0E021BD1DA7F4D7DCC6E10410FC0C73EE6C6512C738221B0D5F006E2

---- EOF - GMER 1.0.12 ----

Synes godt om

ejvindh Ekspert

18. januar 2007 - 09:23 #12

Det ser godt ud. Logsene er rene (sidste del af winpfind3-loggen var dog blevet skåret over, fordi den ikke kunne være i en enkelt post).

Kører computeren som den skal nu?

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37

Synes godt om

plerik Nybegynder

18. januar 2007 - 10:07 #13

Hej Ejvindh

Rigtig mange tak for dit store arbejde og hjælp.
Min pc kører såmænd godt nok og jeg mærkede ikke rigtigt noget til Backdoor.Rustock.B andet end, at jeg håbede på det måske var denne der var skyld i den Spammail jeg modtager, men her til morgen har jeg modtaget 3 nye spammails. Alle dem jeg er en underlig type af, for mig, ligegyldig information, men jeg må åbenbart leve med det.
Endnu en gang, tak for hjælpen.

Synes godt om

ejvindh Ekspert

18. januar 2007 - 10:15 #14

Ja, spammails undgår man desværre ikke ved at fjerne en infektion. Rustock.b forvandler computeren til en spam-robot, så imens den var aktiv har du faktisk spammet andre brugere. Måske har spammerne fået fat i din email-adresse ad denne vej.

Når man først begynder at få spam på sin email kan man enten sætte et spamfilter op (med fare for også at sortere relevante emails fra), skifte email-adresse eller håbe på at det holder op af sig selv, og ellers leve med det.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59
virusscanning Af JetteD i Virus	2	10/11/202312:55	10/11/202316:36

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

26/07

Test: Endelig kan man få en soundbar der lyder godt - og som ikke behøver nogen klodset subwoofer

26/07

Analyse: ”Det største it-nedbrud i historien” viser hvor sårbare dine it-løsninger er - og det vil ske igen

26/07

Nørgaard: Jeg har jo sagt det gang på gang på gang! VMS er det bedste styresystem EVER! Men lytter folk?! Nej, nej og atter nej!

26/07

Kæmpeleverandør til Pentagon hacket: Interne undersøgelser lækket

26/07

Stor aftale gør Microsofts datacentre hurtigere - investerer i netværksudstyr

26/07

Nordjyske MapsPeople ruster op til opkøb af konkurrenter: "Vi vil vinde det her kapløb"

26/07

Mød den unge version af den mest elskede seriemorder nogensinde

26/07

AMD opdager cpu-fejl i 11. time: Storstilet lancering udskydes

26/07

Microsoft tager til genmæle: Vores licenspraksis skaber ikke unfair konkurrence

26/07

Med SearchGPT har verden fået en spritny søgemaskine: Kan den true Googles dominans?

26/07

Færre unge studerende på landets it-uddannelser: "Vi afviser dem der, hvor de har lyst til at læse"

Vis flere artikler

IT-JOB

MAN Energy Solutions

Data Engineer with a flair for software development

Politi

Er du Rigspolitiets nye VMware-specialist?

Politiets Efterretningstjeneste

Configuration Manager til kampen mod terror og spionage

Udviklings- og Forenklingsstyrelsen

Business Analyst med sans for teknik og samarbejde til MOMS drift

Fiskeristyrelsen

Erfaren teamleder der kan rykke os fra support til product ownership

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

28 min siden	Kan ikke fildele fra PC til PC Af gertLundberg i LAN/WAN
I dag 17:33	Facebook kopier en tråd Af clausito i Sociale medier
I dag 09:49	Indtogs sejlads : OL i Paris : Hvornår kom Danmark ? Af Ikke-ekspert i Fri debat
I dag 03:28	Inkasso som privat? Af lekor adams i Fri debat
I går 23:51	Frossen cursor Af goglov i PC