cpu på 100 %

-- Hent dette værktøj:
http://www.uploads.ejvindh.net/rootchk.exe
Dobbeltklik på filen, og læg resultatet herind til et sidste check.

-- Hent så Oldtimer's WinPFind3 herfra:
http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe

Dobbeltklik på WinPFind3u, som du hentede, og klik på Extract. Så udpakkes programmet i en særskilt mappe. Gå ind i denne mappe, og dobbeltklik på WinPFind3U.exe. I venstre side skal du sætte flueben og prikker på følgende måde:

Processes: Non-Microsoft
Win32 Services: Non-Microsoft
Driver Services: Non-Microsoft
Registry:  Non-Microsoft
Files Created Within: 30 Days, Non-Microsoft Only
Files Modified Within: 30 Days, Non-Microsoft Only
File String Search: Non-Microsoft

I Højre side skal du i første omgang ikke vælge noget.

Klik herefter på "Run Scan". Efter noget tid vil der dukke en logfil op, som du gerne må paste herind. Muligvis vil loggen være så lang, at den ikke kan være i en enkelt post. Så må du lægge den ind i flere dele.

********************************* ROOTCHK-(21-03-07)-LOG, by ejvindh
22-03-2007 11:39:28,85

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

WinPFind3 logfile created on: 22-03-2007 11:37:00
WinPFind3U by OldTimer - Version 1.0.27    Folder = C:\Documents and Settings\Torben\Skrivebord\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

735 Mb Total Physical Memory | 498 Mb Available Physical Memory | 67,84% Memory free
1 Gb Paging File | 1 Gb Available in Paging File | 86,41% Paging File free
Paging file location(s): C:\pagefile.sys 997 1860;

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programmer
Drive C: | 57 Gb Total Space | 15 Gb Free Space | 26,30% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: TORBEN-PC
Current User Name: Torben
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 24-02-2007 08:28:22 | Attr =    ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 09-02-2007 08:39:36 | Attr =    ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 13-11-2006 16:14:24 | Attr =    ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28-09-2006 15:13:20 | Attr =    ]
incdsrv.exe -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 11, 1 | Size = 854528 bytes | Modified Date = 03-01-2005 11:40:42 | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 09-11-2006 15:07:30 | Attr =    ]
mixer.exe -> %SystemRoot%\mixer.exe -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.58 | Size = 1818624 bytes | Modified Date = 15-10-2002 18:00:20 | Attr =    ]
naviagent.exe -> %ProgramFiles%\VeriSign\NAVI\naviagent.exe -> VeriSign, Inc. [Ver = 2.0.0.14 | Size = 40960 bytes | Modified Date = 15-10-2004 09:15:18 | Attr =    ]
navicl~1.exe -> %ProgramFiles%\VeriSign\NAVI\naviclient.exe -> VeriSign, Inc. [Ver = 2.0.1.0 | Size = 552960 bytes | Modified Date = 23-10-2004 17:50:20 | Attr =    ]
vm_sti.exe -> %SystemRoot%\VM_STI.EXE -> BIGDOG [Ver = 4, 2, 610, 4 | Size = 40960 bytes | Modified Date = 09-06-2004 15:37:02 | Attr =    ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.27.0 | Size = 316416 bytes | Modified Date = 19-03-2007 17:58:42 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28-09-2006 15:13:20 | Attr =    ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.445 | Size = 353792 bytes | Modified Date = 24-02-2007 08:28:22 | Attr =    ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Free\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 13-11-2006 16:14:24 | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 27-08-2004 01:53:50 | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04-04-2005 00:41:10 | Attr =    ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 11, 1 | Size = 854528 bytes | Modified Date = 03-01-2005 11:40:42 | Attr =    ]
(InCDsrvR) InCD Helper (read only) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 11, 1 | Size = 854528 bytes | Modified Date = 03-01-2005 11:40:42 | Attr =    ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 30-10-2006 09:36:32 | Attr =    ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | Disabled | Stopped] -> %SystemDrive%\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe -> File not found
(navi) VeriSign Updater [Win32_Own | Auto | Running] -> %ProgramFiles%\VeriSign\NAVI\naviagent.exe -> VeriSign, Inc. [Ver = 2.0.0.14 | Size = 40960 bytes | Modified Date = 15-10-2004 09:15:18 | Attr =    ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 18-03-2004 15:55:48 | Attr =    ]
(Windows Log) Windows Log [Win32_Own | Disabled | Stopped] -> %System32%\nvsvcd.exe -> File not found

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Aspi32) Aspi32 [Kernel | Auto | Running] -> %System32%\drivers\ASPI32.SYS -> Adaptec [Ver = 4.71 (0001) | Size = 17005 bytes | Modified Date = 28-05-2003 18:53:46 | Attr =    ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 4096 bytes | Modified Date = 28-09-2006 15:13:34 | Attr =    ]
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 24-02-2007 08:28:16 | Attr =    ]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 13-11-2006 16:14:30 | Attr =    ]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 24-02-2007 08:28:16 | Attr =    ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 05-09-2006 17:03:16 | Attr =    ]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 13-11-2006 16:14:34 | Attr =    ]
(Ca533av) DV Series Video Capture [Kernel | Auto | Stopped] -> %System32%\drivers\Ca533av.sys -> Digital Camera [Ver = 2.1.9.9 | Size = 515803 bytes | Modified Date = 21-10-2002 10:37:16 | Attr =    ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(cmpci) C-Media PCI Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\cmaudio.sys -> C-Media Inc [Ver = 5.12.01.0643 | Size = 377358 bytes | Modified Date = 18-11-2002 15:51:40 | Attr =    ]
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 27-08-2004 01:49:38 | Attr =    ]
(dmio) Driver til Logical Disk Manager [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153600 bytes | Modified Date = 27-08-2004 01:49:40 | Attr =    ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 21-09-2002 10:25:00 | Attr =    ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(FETNDIS) NT-driver til VIA PCI 10/100Mb Fast Ethernet-netværkskort [Kernel | On_Demand | Running] -> %System32%\drivers\fetnd5.sys -> VIA Technologies, Inc.              [Ver = 2.66 | Size = 27165 bytes | Modified Date = 17-08-2001 20:13:08 | Attr =    ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %System32%\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19-09-2006 15:44:04 | Attr =    ]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZid412.sys -> HP [Ver = 8, 0, 0, 0 | Size = 51088 bytes | Modified Date = 18-03-2004 10:52:00 | Attr = R  ]
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 8, 0, 0, 0 | Size = 16496 bytes | Modified Date = 18-03-2004 10:52:00 | Attr = R  ]
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %System32%\drivers\HPZius12.sys -> HP [Ver = 8, 0, 0, 0 | Size = 21744 bytes | Modified Date = 18-03-2004 10:51:00 | Attr =    ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(InCDfs) InCD File System [File_System | Disabled | Running] -> %System32%\drivers\InCDfs.sys -> Nero AG [Ver = 4, 3, 11, 1 | Size = 99456 bytes | Modified Date = 03-01-2005 11:33:44 | Attr =    ]
(InCDPass) InCDPass [Kernel | System | Running] -> %System32%\drivers\InCDpass.sys -> Nero AG [Ver = 4, 3, 11, 1 | Size = 28928 bytes | Modified Date = 03-01-2005 11:33:24 | Attr =    ]
(incdrm) InCD Reader [Kernel | System | Running] -> %System32%\drivers\InCDrm.sys -> Nero AG [Ver = 4, 3, 11, 1 | Size = 27776 bytes | Modified Date = 03-01-2005 11:33:18 | Attr =    ]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PCIIde) PCIIde [Kernel | Disabled | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(Ptilink) Driver til direkte, parallel forbindelse [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 21-09-2002 10:25:00 | Attr =    ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.28a | Size = 20640 bytes | Modified Date = 11-03-2005 23:28:14 | Attr =    ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(S3Psddr) S3Psddr [Kernel | On_Demand | Running] -> %System32%\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.13.10.1100-13.93.62 | Size = 159104 bytes | Modified Date = 07-11-2002 06:38:48 | Attr = R  ]
(SABProcEnum) SABProcEnum [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Internet Explorer\SABProcEnum.sys -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASDIFSV.SYS ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 22-10-2006 09:01:00 | Attr =    ]
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16-02-2006 16:51:08 | Attr =    ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1024 | Size = 29184 bytes | Modified Date = 22-10-2006 09:00:56 | Attr =    ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 21-09-2002 10:25:00 | Attr =    ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.0.0.20 | Size = 108168 bytes | Modified Date = 17-09-2005 03:20:06 | Attr =    ]
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(USBCamera) DV Series Digital Camera [Kernel | On_Demand | Stopped] -> %System32%\drivers\Bulk533.sys -> USB BULK [Ver = 1.0.4.0 | Size = 10984 bytes | Modified Date = 22-11-2002 08:25:44 | Attr =    ]
(VIAudio) VIA AC'97 Audio Controller (WDM) [Kernel | On_Demand | Running] -> %System32%\drivers\viaudio.sys -> VIA Technologies, Inc. [Ver = 5.12.01.3820 built by: VIA | Size = 64128 bytes | Modified Date = 15-09-2002 20:20:00 | Attr = R  ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(ZSMC301b) Philips SPC 300NC PC Camera [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbVM31b.sys -> VM [Ver = 4.2.1010.41 | Size = 91527 bytes | Modified Date = 26-02-2005 16:25:52 | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07-10-2006 13:20:00 | Attr =    ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG Free\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 09-02-2007 08:39:36 | Attr =    ]
BigDogPath -> %SystemRoot%\VM_STI.EXE -> BIGDOG [Ver = 4, 2, 610, 4 | Size = 40960 bytes | Modified Date = 09-06-2004 15:37:02 | Attr =    ]
C-Media Mixer -> %SystemRoot%\mixer.exe -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.58 | Size = 1818624 bytes | Modified Date = 15-10-2002 18:00:20 | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 09-11-2006 15:07:30 | Attr =    ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28-09-2006 15:13:28 | Attr =    ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1006 | Size = 77824 bytes | Modified Date = 22-10-2006 09:00:58 | Attr =    ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL ->  -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< HOSTS File > (723 bytes) -> C:\WINXP\System32\drivers\etc\Hosts
127.0.0.1      localhost ->  ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> C:\WINXP\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKLM: URLSearchHooks\\{CE000994-A58C-4441-8938-744CD72AB27F} [HKLM] -> %ProgramFiles%\VeriSign\i-Nav\i-nav_4_2_1.dll [i-Nav IDN SearchHook] -> VeriSign, Inc. [Ver = 4, 2, 1, 0 | Size = 452232 bytes | Modified Date = 28-03-2006 12:39:46 | Attr =    ]
HKCU: Local Page -> C:\WINXP\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.google.dk/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: URLSearchHooks\\{CE000994-A58C-4441-8938-744CD72AB27F} [HKLM] -> %ProgramFiles%\VeriSign\i-Nav\i-nav_4_2_1.dll [i-Nav IDN SearchHook] -> VeriSign, Inc. [Ver = 4, 2, 1, 0 | Size = 452232 bytes | Modified Date = 28-03-2006 12:39:46 | Attr =    ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18-12-2006 04:16:42 | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 09-11-2006 15:21:52 | Attr =    ]
{CE000992-A58C-4441-8938-744CD72AB27F} [HKLM] -> %ProgramFiles%\VeriSign\i-Nav\i-nav_4_2_1.dll [i-Nav IDN Resolver] -> VeriSign, Inc. [Ver = 4, 2, 1, 0 | Size = 452232 bytes | Modified Date = 28-03-2006 12:39:46 | Attr =    ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> %ProgramFiles%\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\da\msntb.dll [MSN] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 04-08-2005 21:54:42 | Attr =    ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{02011FE3-C22B-451d-9A25-BF4DBB38B8E7} -> Reg Data - Value does not exist [ButtonText: FirstClass®] -> File not found
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 09-11-2006 15:21:54 | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 09-11-2006 15:21:52 | Attr =    ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Opslag] -> File not found
{CE000996-A58C-4441-8938-744CD72AB27F} [HKLM] -> %ProgramFiles%\VeriSign\i-Nav\i-nav_4_2_1.dll [MenuText: i-Nav Indstillinger] -> VeriSign, Inc. [Ver = 4, 2, 1, 0 | Size = 452232 bytes | Modified Date = 28-03-2006 12:39:46 | Attr =    ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&ksporter til Microsoft Excel ->  -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
i-NavFourF ->  ->
SV1 ->  ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{1432F26A-9F35-4281-A988-A2C09232EE99} ->    (VIA PCI 10/100Mb Fast Ethernet-netværkskort) ->
{225B8798-A4AC-4FCB-AAF5-A0AF9D7BEE94} ->    () ->
{A051F9C9-8F41-41D8-80AA-0642EDFE64A4} ->    () ->
{A5C92F46-F28D-4ADB-A298-26AB6258D9E0} ->    () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.6.2 | Size = 81920 bytes | Modified Date = 12-01-2005 14:54:56 | Attr =    ]
fcp -> %SystemRoot%\Downloaded Program Files\fcplugin.dll ->  [Ver =  | Size = 7232842 bytes | Modified Date = 02-05-2005 11:13:48 | Attr =    ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{00000055-9980-0010-8000-00AA00389B71} ->  - CodeBase = http://codecs.microsoft.com/codecs/i386/fhg.CAB ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{1E69721D-9104-11D3-82D3-D06650C10000} -> DafoloControl Class - CodeBase = http://www.diaform.dk/menu/config/version5_ny/codebase/Dafolo.cab ->
{3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} ->  - CodeBase = https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe ->
{6CB5E471-C305-11D3-99A8-000086395495} ->  - CodeBase = http://toolbar.google.com/data/da/big/1.1.62-big/GoogleNav.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{9C196458-4145-46AF-8A77-1506878DFECA} -> FirstClass® Control - CodeBase = ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} ->  - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38158.3865509259 ->
{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> SABScanProcesses Class - CodeBase = http://www.superadblocker.com/activex/sabspx.cab ->
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_06 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab ->
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_04 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab ->
{D216644A-C6DB-49D9-BBCF-D38FE7991BF2} -> Util Class - CodeBase = https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -> Solitaire Showdown Class - CodeBase = http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab ->
DirectAnimation Java Classes ->  - CodeBase = file://C:\WINXP\Java\classes\dajava.cab ->
Microsoft XML Parser for Java ->  - CodeBase = file://C:\WINXP\Java\classes\xmldso.cab ->


[Files/Folders - Created Within 30 days]
!KillBox -> %SystemDrive%\!KillBox ->  [Folder | Created Date = 20-03-2007 20:54:54 | Attr =    ]
img2-001.raw -> %SystemDrive%\img2-001.raw ->  [Ver =  | Size = 230424 bytes | Created Date = 10-03-2007 17:01:15 | Attr =    ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ ->  [Folder | Created Date = 18-03-2007 15:26:09 | Attr =    ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ ->  [Folder | Created Date = 18-03-2007 15:25:34 | Attr =    ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ ->  [Folder | Created Date = 18-03-2007 15:23:39 | Attr =    ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ ->  [Folder | Created Date = 18-03-2007 15:24:57 | Attr =    ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ ->  [Folder | Created Date = 18-03-2007 15:22:42 | Attr =    ]
cmaudio.dat -> %SystemRoot%\cmaudio.dat ->  [Ver =  | Size = 22178 bytes | Created Date = 18-03-2007 10:06:45 | Attr =    ]
cmaudio.ini -> %SystemRoot%\cmaudio.ini ->  [Ver =  | Size = 20333 bytes | Created Date = 18-03-2007 19:40:27 | Attr =    ]
cmijack.dat -> %SystemRoot%\cmijack.dat ->  [Ver =  | Size = 39104 bytes | Created Date = 18-03-2007 10:06:45 | Attr =    ]
cmuninst.dat -> %SystemRoot%\cmuninst.dat -> C-Media Electronics Inc. [Ver = 1, 0, 0, 7 | Size = 135168 bytes | Created Date = 18-03-2007 10:06:45 | Attr =    ]
cmuninst.exe -> %SystemRoot%\cmuninst.exe -> C-Media Electronics Inc. [Ver = 1, 0, 0, 7 | Size = 139264 bytes | Created Date = 18-03-2007 19:40:27 | Attr =    ]
mixer.exe -> %SystemRoot%\mixer.exe -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.58 | Size = 1818624 bytes | Created Date = 18-03-2007 19:40:27 | Attr =    ]
mixerdef.ini -> %SystemRoot%\mixerdef.ini ->  [Ver =  | Size = 25 bytes | Created Date = 18-03-2007 19:47:37 | Attr =    ]
Options -> %SystemRoot%\Options ->  [Folder | Created Date = 18-03-2007 19:33:11 | Attr =    ]
setup.ini -> %SystemRoot%\setup.ini ->  [Ver =  | Size = 498 bytes | Created Date = 18-03-2007 19:40:27 | Attr =    ]
a3d.dll -> %System32%\a3d.dll -> Sensaura Ltd [Ver = 4.12.01.2008a | Size = 712704 bytes | Created Date = 18-03-2007 19:40:27 | Attr =    ]
Audio3D.dll -> %System32%\Audio3D.dll -> Sensaura Ltd [Ver = 4.12.01.2008a | Size = 712704 bytes | Created Date = 18-03-2007 19:40:27 | Attr =    ]
cmnprop(2).dll -> %System32%\cmnprop(2).dll -> C-Media Corporation [Ver = 5.00.2195.11 | Size = 32768 bytes | Created Date = 18-03-2007 10:06:45 | Attr =    ]
cmnprop.dll -> %System32%\cmnprop.dll -> C-Media Corporation [Ver = 5.00.2195.12 | Size = 32768 bytes | Created Date = 18-03-2007 19:40:27 | Attr =    ]
DRVSTORE -> %System32%\DRVSTORE ->  [Folder | Created Date = 14-03-2007 18:45:18 | Attr =    ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Created Date = 19-03-2007 09:04:48 | Attr =    ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Created Date = 19-03-2007 09:04:48 | Attr =    ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Created Date = 19-03-2007 09:04:49 | Attr =    ]
a3d.dll -> %System32%\dllcache\a3d.dll -> Sensaura Ltd [Ver = 4.12.01.2008a | Size = 712704 bytes | Created Date = 18-03-2007 19:40:27 | Attr =    ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 20-03-2007 20:44:52 | Attr =    ]
cmaudio.sys -> %System32%\drivers\cmaudio.sys -> C-Media Inc [Ver = 5.12.01.0643 | Size = 377358 bytes | Created Date = 18-03-2007 19:40:27 | Attr =    ]
UMDF -> %System32%\drivers\UMDF ->  [Folder | Created Date = 18-03-2007 15:22:48 | Attr =    ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 18-03-2007 15:22:52 | Attr =  H ]

[Files/Folders - Modified Within 30 days]
!KillBox -> %SystemDrive%\!KillBox ->  [Folder | Modified Date = 20-03-2007 20:54:56 | Attr =    ]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 315 bytes | Modified Date = 18-03-2007 19:50:40 | Attr =  HS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 19-03-2007 09:03:56 | Attr =    ]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 18-03-2007 13:56:00 | Attr =    ]
img2-001.raw -> %SystemDrive%\img2-001.raw ->  [Ver =  | Size = 230424 bytes | Modified Date = 10-03-2007 17:01:16 | Attr =    ]
Program Files -> %SystemDrive%\Program Files ->  [Folder | Modified Date = 22-03-2007 09:42:20 | Attr =    ]
Programmer -> %ProgramFiles% ->  [Folder | Modified Date = 22-03-2007 10:04:12 | Attr =    ]
temp -> %SystemDrive%\temp ->  [Folder | Modified Date = 20-03-2007 21:16:40 | Attr =    ]
WINXP -> %SystemRoot% ->  [Folder | Modified Date = 20-03-2007 21:19:20 | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 18-03-2007 19:34:12 | Attr =  H ]
$NtUninstallKB926239$ -> %SystemRoot%\$NtUninstallKB926239$ ->  [Folder | Modified Date = 18-03-2007 19:34:14 | Attr =    ]
$NtUninstallMSCompPackV1$ -> %SystemRoot%\$NtUninstallMSCompPackV1$ ->  [Folder | Modified Date = 18-03-2007 15:25:36 | Attr =    ]
$NtUninstallWMFDist11$ -> %SystemRoot%\$NtUninstallWMFDist11$ ->  [Folder | Modified Date = 18-03-2007 19:34:34 | Attr =    ]
$NtUninstallwmp11$ -> %SystemRoot%\$NtUninstallwmp11$ ->  [Folder | Modified Date = 18-03-2007 19:34:22 | Attr =    ]
$NtUninstallWudf01000$ -> %SystemRoot%\$NtUninstallWudf01000$ ->  [Folder | Modified Date = 18-03-2007 15:22:44 | Attr =    ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 18-03-2007 19:34:14 | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 22-03-2007 10:07:46 | Attr =  S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 06-03-2007 00:52:10 | Attr =  S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 20-03-2007 21:19:28 | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 20-03-2007 21:19:28 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 20-03-2007 21:19:28 | Attr =  HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 10-03-2007 16:25:24 | Attr =    ]
mixerdef.ini -> %SystemRoot%\mixerdef.ini ->  [Ver =  | Size = 25 bytes | Modified Date = 18-03-2007 19:47:40 | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 18-03-2007 19:38:56 | Attr =    ]
Options -> %SystemRoot%\Options ->  [Folder | Modified Date = 18-03-2007 19:33:12 | Attr =    ]
PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI ->  [Ver =  | Size = 151 bytes | Modified Date = 02-03-2007 10:15:18 | Attr =    ]
popcinfo.dat -> %SystemRoot%\popcinfo.dat ->  [Ver =  | Size = 45 bytes | Modified Date = 24-02-2007 19:48:28 | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 22-03-2007 11:35:50 | Attr =    ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Modified Date = 10-03-2007 16:28:32 | Attr =    ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 18-03-2007 19:35:08 | Attr =    ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 18-03-2007 09:46:58 | Attr =    ]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 18-03-2007 19:44:38 | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 18-03-2007 19:50:40 | Attr =    ]
system32 -> %System32% ->  [Folder | Modified Date = 20-03-2007 21:19:36 | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 22-03-2007 11:32:30 | Attr =    ]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 10-03-2007 16:30:36 | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 8416 bytes | Modified Date = 20-03-2007 17:00:22 | Attr =    ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 10-03-2007 16:27:50 | Attr =    ]
1E838AED9F40DA11.job -> %SystemRoot%\tasks\1E838AED9F40DA11.job ->  [Ver =  | Size = 236 bytes | Modified Date = 22-03-2007 11:00:02 | Attr =  H ]
A1FF22BE9184DBBA.job -> %SystemRoot%\tasks\A1FF22BE9184DBBA.job ->  [Ver =  | Size = 234 bytes | Modified Date = 22-03-2007 11:00:02 | Attr =  H ]
A7BC6A599183E391.job -> %SystemRoot%\tasks\A7BC6A599183E391.job ->  [Ver =  | Size = 234 bytes | Modified Date = 22-03-2007 11:00:02 | Attr =  H ]
A7EE39A194ADABED.job -> %SystemRoot%\tasks\A7EE39A194ADABED.job ->  [Ver =  | Size = 268 bytes | Modified Date = 22-03-2007 11:00:02 | Attr =  H ]
A8266E9B911DE553.job -> %SystemRoot%\tasks\A8266E9B911DE553.job ->  [Ver =  | Size = 264 bytes | Modified Date = 22-03-2007 11:00:02 | Attr =  H ]
AD53E52C918098C0.job -> %SystemRoot%\tasks\AD53E52C918098C0.job ->  [Ver =  | Size = 236 bytes | Modified Date = 22-03-2007 11:00:02 | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 22-03-2007 10:08:04 | Attr =  H ]
CatRoot -> %System32%\CatRoot ->  [Folder | Modified Date = 18-03-2007 19:44:36 | Attr =    ]
CatRoot2 -> %System32%\CatRoot2 ->  [Folder | Modified Date = 22-03-2007 10:47:58 | Attr =    ]
config -> %System32%\config ->  [Folder | Modified Date = 18-03-2007 19:35:38 | Attr =    ]
DirectX -> %System32%\DirectX ->  [Folder | Modified Date = 10-03-2007 16:25:38 | Attr =    ]
dllcache -> %System32%\dllcache ->  [Folder | Modified Date = 20-03-2007 21:19:40 | Attr = RHS]
drivers -> %System32%\drivers ->  [Folder | Modified Date = 20-03-2007 20:44:54 | Attr =    ]
DRVSTORE -> %System32%\DRVSTORE ->  [Folder | Modified Date = 14-03-2007 18:45:20 | Attr =    ]
LogFiles -> %System32%\LogFiles ->  [Folder | Modified Date = 18-03-2007 19:34:34 | Attr =    ]
NtmsData -> %System32%\NtmsData ->  [Folder | Modified Date = 20-03-2007 21:19:40 | Attr =    ]
ReinstallBackups -> %System32%\ReinstallBackups ->  [Folder | Modified Date = 14-03-2007 14:21:26 | Attr =    ]
usmt -> %System32%\usmt ->  [Folder | Modified Date = 20-03-2007 21:19:42 | Attr =    ]
wbem -> %System32%\wbem ->  [Folder | Modified Date = 18-03-2007 19:35:10 | Attr =    ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 2278 bytes | Modified Date = 22-03-2007 11:11:30 | Attr =    ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 24-02-2007 08:28:16 | Attr =    ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 24-02-2007 08:28:16 | Attr =    ]
UMDF -> %System32%\drivers\UMDF ->  [Folder | Modified Date = 18-03-2007 19:34:24 | Attr =    ]
MsftWdf_user_01_00_00.Wdf -> %System32%\drivers\UMDF\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 18-03-2007 15:22:54 | Attr =  H ]

[File String Scan - Non-Microsoft Only]
UPX! ,  -> %SystemDrive%\AVG7DB_F.DAT ->  [Ver =  | Size = 52833630 bytes | Modified Date = 05-04-2006 08:41:34 | Attr = RHS]
PEC2 , PECompact2 ,  -> %SystemDrive%\GoogleToolbarInstaller_ADBx_en_401019_signed.exe -> Google [Ver = 4, 0, 1019, 5266 | Size = 811560 bytes | Modified Date = 11-01-2007 09:41:56 | Attr =    ]
@Alternate Data Stream - 26 bytes -> %SystemDrive%\j2re-1_4_2_06-windows-i586-p-iftw.exe:Zone.Identifier ->
File scan skipped for file %SystemDrive%\NY.ISO -> File size too big (108068864 bytes) ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
PEC2 ,  -> %System32%\dfrg.msc ->  [Ver =  | Size = 41123 bytes | Modified Date = 21-09-2002 10:25:00 | Attr =    ]
winsync ,  -> %System32%\wbdbase.deu ->  [Ver =  | Size = 1309184 bytes | Modified Date = 21-09-2002 10:25:00 | Attr =    ]
WSUD , UPX0 ,  -> %System32%\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Modified Date = 21-09-2002 10:25:00 | Attr =    ]
UPX! , FSG! , PEC2 , aspack ,  -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.444 | Size = 775680 bytes | Modified Date = 24-02-2007 08:28:16 | Attr =    ]
PTech ,  -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 04-08-2004 06:41:38 | Attr =    ]

< End of report >

wooh.... der er lidt at kikke på....

Der var desværre ikke det helt store at komme efter. Prøv dog dette:

-- Kør WinPFind3U fra WinPFind3U-mappen igen. Kopier indholdet mellem de bølgede linier ind i det hvide felt til højre (højreklik på feltet og vælg "sæt ind"/"paste"):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[Kill Explorer]
[Files/Folders - Modified Within 30 days]
NY -> 1E838AED9F40DA11.job -> %SystemRoot%\tasks\1E838AED9F40DA11.job
NY -> A1FF22BE9184DBBA.job -> %SystemRoot%\tasks\A1FF22BE9184DBBA.job
NY -> A7BC6A599183E391.job -> %SystemRoot%\tasks\A7BC6A599183E391.job
NY -> A7EE39A194ADABED.job -> %SystemRoot%\tasks\A7EE39A194ADABED.job
NY -> A8266E9B911DE553.job -> %SystemRoot%\tasks\A8266E9B911DE553.job
NY -> AD53E52C918098C0.job -> %SystemRoot%\tasks\AD53E52C918098C0.job
[Start Explorer]
[Reboot]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Klik herefter på "Run Fix", og følg instruksionerne, der gives. Din computer vil nu genstarte. Efter genstart skal du åbne WinPFindu-mappen igen. Her vil nu ligge en log, hvis navn består af en masse numre - den skal du kopiere herind. Du  behøver i første omgang ikke lægge en ny log fra Winpfind3u herind.

-- Hent så NoLop.exe og gem den på skrivebordet:
http://www.spywareedge.net/nolop/NoLop.exe

Kør programmet. Tryk på "Search and Destroy"-knappen. Hvis den finder noget, bliver du bedt om at trykke på Reboot-knappen. Dette skal du så gøre.

Efter genstarten har NoLop.exe lavet en log-fil, der ligger her: C:\NoLop.txt
Kopiér indholdet af denne fil herind.

-- Hent til sidst "SuperAntiSpyware free" herfra:
http://www.spywarefri.dk/downloads1.htm

Installer, og opdater scannereren.

Genstart i fejlsikret tilstand.
Lidt hjælp til at komme i fejlsikret tilstand:
http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm

Start scannereren, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

Genstart til normal tilstand (scannereren tilbyder måske at gøre det).

Åbn scannereren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log". Kopier loggen her ind i tråden.

Det blev en mystisk omgang. Den første del du bad ville den ikke være med til... cpu blev på de 100 % og så ville programmet ikke svare. Prøvede flere gange uden held.
Da jeg så kørte Nolop fandt den de filer du bad køres i runfix fra første program. Slettede dem men jeg kan ikke finde den log du efterlyser. Har søgt overalt og direkte på filnavn men den vil ikke.

her kommer den sidste log du bad om
SUPERAntiSpyware Scan Log
Generated 03/22/2007 at 09:10 PM

Application Version : 3.5.1016

Core Rules Database Version : 3204
Trace Rules Database Version: 1214

Scan type      : Quick Scan
Total Scan Time : 00:30:00

Memory items scanned      : 175
Memory threats detected  : 0
Registry items scanned    : 911
Registry threats detected : 0
File items scanned        : 25436
File threats detected    : 21

Adware.Tracking Cookie
    C:\Documents and Settings\Torben\Cookies\torben@ads.arto[1].txt
    C:\Documents and Settings\Torben\Cookies\torben@media.fastclick[1].txt
    C:\Documents and Settings\Torben\Cookies\torben@doubleclick[2].txt
    C:\Documents and Settings\Torben\Cookies\torben@fastclick[2].txt
    C:\Documents and Settings\Torben\Cookies\torben@1062757019[1].txt
    C:\Documents and Settings\Torben\Cookies\torben@server.cpmstar[1].txt
    C:\Documents and Settings\Torben\Cookies\torben@mb[2].txt
    C:\Documents and Settings\Torben\Cookies\torben@track.adform[1].txt
    C:\Documents and Settings\Torben\Cookies\torben@ads2.jubii[1].txt
    C:\Documents and Settings\Torben\Cookies\torben@cgi-bin[2].txt
    C:\Documents and Settings\Torben\Cookies\torben@atdmt[1].txt
    C:\Documents and Settings\Torben\Cookies\torben@adbrite[2].txt
    C:\Documents and Settings\Torben\Cookies\torben@microsoftwga.112.2o7[1].txt
    C:\Documents and Settings\Torben\Cookies\torben@clickbank[2].txt
    C:\Documents and Settings\Torben\Cookies\torben@adtech[2].txt
    C:\Documents and Settings\Torben\Cookies\torben@advertising[1].txt
    C:\Documents and Settings\Christina\Cookies\christina@adfair[1].txt
    C:\Documents and Settings\Christina\Cookies\christina@atdmt[2].txt
    C:\Documents and Settings\Christina\Cookies\christina@e2.emediate[2].txt
    C:\Documents and Settings\Christina\Cookies\christina@track.adform[1].txt

Worm.Rbot Variant
    C:\WINXP\SYSTEM32\EDLM.EXE

ser det vanvittig ud eller bare mig.....

Det ser ikke helt vanvittigt ud. Har det hjulpet på dit problem?

Der er noget i SAS-loggen som gør at jeg synes vi lige skal scanne lidt for rootkits på din computer:

-- Download Rootkit Unhooker herfra:
http://rku.xell.ru/?l=e&a=dl
Installér programmet. Kør så RKU. Klik på Setup-"Extended mode". Du vil så blive bedt om at genstarte, hvilket du skal gøre. Kør så Rootkit Unhooker igen, klik på fanebladet "Report", klik på knappen "Scan". Lad programmet skanne færdig, klik på "File-Save Report", og gem rapporten et sted, hvor du kan finde den igen. Læg indholdet af denne rapport herind.

jeg kan ikke finde rapport. MEN nu kører den bare super godt. Tak for hjælpen.

Du er velkommen. For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37

takker for de gode råd