HijackThis Log

... du kører via noget OpenDNS eller hyr ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2E0FCB0-0099-4A23-BE9D-70355C72D6F0}: NameServer = 208.67.222.222,208.67.220.220

Kender det ikke selv - men er det samme langsom UDEN Netværksstikket isat ?

Jeg kører trådløst netværk....og ikke via noget openDNS jeg ved af....! :-)

Hmmm... Vi prøver *S* ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er denne, som skal fixes:

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2E0FCB0-0099-4A23-BE9D-70355C72D6F0}: NameServer = 208.67.222.222,208.67.220.220

Genstart normalt, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------

Der er også en o23, der skal fixes:
O23 - Service: DirectX Service (DirectCygz) - Unknown owner - C:\WINDOWS\system32\directx.exe

http://www.bleepingcomputer.com/startups/DirectX_Service-14356.html

Den sidste kan jeg ikke fixe...den kommer igen...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 08:21:09, on 27-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\inf\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\A8GSdsApp\AGSeiApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Anders Kristensen\Skrivebord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {226D6348-AAEA-4481-B26A-FD245EB09730} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [A8GSdsApp] C:\Programmer\A8GSdsApp\AGSeiApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://gandalf.certifikat.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://remedys.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BBF26523-5BC7-435D-BDD3-AC84C5DC00C3} (UIEPlayer 1.4 Class) - http://demo.uievolution.com/webpreview/lgvx6000/UIEPlayer1_4.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DirectX Service (DirectCygz) - Unknown owner - C:\WINDOWS\system32\directx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmer\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 7529 bytes

Den her skal vel også væk?

Husk at gøre det i fejlsiskret tilstand.

AFslut den her hvis den stadigvæk køre (med jobliste)
C:\Programmer\A8GSdsApp\AGSeiApp.exe

O4 - HKLM\..\Run: [A8GSdsApp] C:\Programmer\A8GSdsApp\AGSeiApp.exe

Samtidig med at Golden Eye og/eller A8GSdsApp skal afinstalleres og mappen slettes.

Hent Ccleaner og rens din pc med den.

Og deaktivere systemgendannelse, genstart og aktivere igen.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:24:19, on 27-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\inf\explorer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Anders Kristensen\Skrivebord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {226D6348-AAEA-4481-B26A-FD245EB09730} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://gandalf.certifikat.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://remedys.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BBF26523-5BC7-435D-BDD3-AC84C5DC00C3} (UIEPlayer 1.4 Class) - http://demo.uievolution.com/webpreview/lgvx6000/UIEPlayer1_4.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DirectX Service (DirectCygz) - Unknown owner - C:\WINDOWS\system32\directx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmer\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 7442 bytes

Min messenger er nu 5 min om at Logge på....Hvad er det der får den til at hænge...?

Hej Guanomo. Nyt at se dig herovre ;-)

...og jo, den skulle da også væk.

Prøv lige følgende:

-- Hent "SuperAntiSpyware free" herfra:
http://www.spywarefri.dk/downloads1.htm
Installer, og opdater scannereren. Men vent med at scanne.

Fuld vejledning til superantispyware finder du her:
http://www.spywarefri.dk/manualer/superantispyware-manual.htm

-- Klik på Start-kør. Skriv: Services.msc, og klik på OK.
Find følgende services, højreklik på dem og vælg egenskaber. Under starttype vælger du deaktiveret. Klik også på Stop:

"DirectX Service"

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Du skal nu til at slette. Som indledning hertil skal du have slået "Udvidet filvisning" til:
Åbn en mappe, klik på Funktioner=>Mappeindstillinger=>Vis.
Fjern flueben ved "Skjul beskyttede operativsystemfiler".
Fjern flueben ved "Skjul filtypenavne for kendte filtyper".
Sæt prik i "Vis skjulte filer og mapper".

-- Slet herefter følgende:
C:\WINDOWS\system32\directx.exe

-- Start SuperAntispyware, klik "Scan your computer", sæt flueben i dine drev, ovre til venstre i vinduet. Ovre til højre i vinduet, sætter du prik i "Perform Complete Scan". Klik "næste", nu scanner den. Når den er færdig, så markerer du det den finder, og lader scannereren fjerne det.

-- Genstart til normal tilstand. Åbn SuperAntispyware-scannereren igen, og klik "preferences"-> "stastics/logs". Marker loggen, og klik "View log". Kopier loggen her ind i tråden. Lav også en frisk log med Hijackthis, som du lægger herind.

(( Jeg havde 'set' de andre uønskede elementer, men ville lige prøve at fixe denne NameServer ting først... fortsæt bare <ejvindh> ))

@dr1: Hvis du HAVDE set dem, så beklager jeg da indblandingen. Jeg synes dog nok at det er vigtigere at få fjernet en trojan, der "includes functionality to access the internet and communicate with a remote server via HTTP" og en keylogger -- fremfor deres efterladenskaber i O17 :-)

OK - det var også (næsten) nat  *S* ...
Dvs de to spillede 'sammen' ?

@dr1: Det vil jeg tro. Den er jo i hvert fald ikke kommet af sig selv ;-)

SuperAntiSpyware Log:

SUPERAntiSpyware Scan Log
Generated 03/27/2007 at 11:33 PM

Application Version : 3.5.1016

Core Rules Database Version : 3207
Trace Rules Database Version: 1217

Scan type      : Complete Scan
Total Scan Time : 06:14:18

Memory items scanned      : 430
Memory threats detected  : 0
Registry items scanned    : 7210
Registry threats detected : 0
File items scanned        : 33610
File threats detected    : 9

Adware.Tracking Cookie
    C:\Documents and Settings\Anders Kristensen\Cookies\anders_kristensen@track.adform[1].txt
    C:\Documents and Settings\Anders Kristensen\Cookies\anders_kristensen@ad1.emediate[1].txt
    C:\Documents and Settings\Anders Kristensen\Cookies\anders_kristensen@edsa.122.2o7[1].txt
    C:\Documents and Settings\Anders Kristensen\Cookies\anders_kristensen@xiti[1].txt
    C:\Documents and Settings\LocalService\Cookies\system@trackthatad[2].txt
    C:\Documents and Settings\LocalService\Cookies\system@trackthatad[3].txt

Trojan.VXGame/32
    C:\WINDOWS\SYSTEM32\DLH9JKDQ1.EXE
    C:\WINDOWS\SYSTEM32\DLH9JKDQ5.EXE
    C:\WINDOWS\SYSTEM32\DLH9JKDQ7.EXE

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:51:27, on 27-03-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\Programmer\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Anders Kristensen\Skrivebord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {226D6348-AAEA-4481-B26A-FD245EB09730} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://gandalf.certifikat.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://remedys.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://newscanner.virus112.com/ols/fscax.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BBF26523-5BC7-435D-BDD3-AC84C5DC00C3} (UIEPlayer 1.4 Class) - http://demo.uievolution.com/webpreview/lgvx6000/UIEPlayer1_4.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DirectX Service (DirectCygz) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmer\Photodex\ProShowProducer\ScsiAccess.exe

--
End of file - 7620 bytes

Loggen er ren. Har du også fået løst dit problem?

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37

O23 - Service: DirectX Service (DirectCygz) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)

Jeg ville deaktivere tjenesten, godt nok er der File missing, men alligevel.
Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten DirectX Service (DirectCygz) stop den hvis den kører, højreklik på den, klik på Egenskaber og vælg Starttype Deaktiveret.

Så er det gjort, computeren kører som så'n også fint nu, men den er stadig 10 minutter om at logge på messenger, på trods af afinstallation og installering igen. Samt firewall til og fra, og Antivirus til og fra...Hvad er det der gør at den ikke kan få forbindelse hurtigere...? (Prøver jeg fra en anden computer, går der 10 sek...)

Jøsses. Først korekser jeg selv på O23'eren. Og så overser jeg den selv efterfølgende. *dyb rødmen*

Lad os prøve at give computeren et dybere check:

-- Hent dette værktøj:
http://www.uploads.ejvindh.net/rootchk.exe
Dobbeltklik på filen, og læg resultatet herind til gennemsyn.

-- Hent så Oldtimer's WinPFind3 herfra:
http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe

Dobbeltklik på WinPFind3u, som du hentede, og klik på Extract. Så udpakkes programmet i en særskilt mappe. Gå ind i denne mappe, og dobbeltklik på WinPFind3U.exe. I venstre side skal du sætte flueben og prikker på følgende måde:

Processes: Non-Microsoft
Win32 Services: Non-Microsoft
Driver Services: Non-Microsoft
Registry:  Non-Microsoft
Files Created Within: 30 Days, Non-Microsoft Only
Files Modified Within: 30 Days, Non-Microsoft Only
File String Search: None

I Højre side skal du i første omgang ikke vælge noget.

Klik herefter på "Run Scan". Efter noget tid vil der dukke en logfil op, som du gerne må paste herind. Muligvis vil loggen være så lang, at den ikke kan være i en enkelt post. Så må du lægge den ind i flere dele.

Jeg må tilstå at der undslap mig et mindre fnis.*G*
Nok om det showet er dit resten af vejen, så kigger og lærer jeg. :-)

********************************* ROOTCHK-(07-04-07)-LOG, by ejvindh
10-04-2007  1:04:55,29

Driver irmon {visible} is present. If you use an infrared port the driver probably derives from this activity. If not, you should do a rootkit scan.

********************************* ROOTCHK-LOG-end

WinPFind3 logfile created on: 10-04-2007 01:09:03
WinPFind3U by OldTimer - Version 1.0.34    Folder = C:\Documents and Settings\Anders Kristensen\Skrivebord\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

478,42 Mb Total Physical Memory | 189,89 Mb Available Physical Memory | 39,69% Memory free
1,12 Gb Paging File | 0,68 Gb Available in Paging File | 60,44% Paging File free
Paging file location(s): C:\pagefile.sys 2 2;D:\pagefile.sys 744 1488;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 17,07 Gb Total Space | 1,12 Gb Free Space | 6,59% Space Free
Drive D: | 17,24 Gb Total Space | 5,60 Gb Free Space | 32,45% Space Free
Drive E: | 34,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free
F: Drive not present or media not loaded

Computer Name: ANDERS
Current User Name: Anders Kristensen
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
anbmserv.exe -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.5.8 | Size = 1287168 bytes | Modified Date = 16-08-2004 15:17:20 | Attr =    ]
anydvd.exe -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe -> SlySoft, Inc. [Ver = 6.1.3.3 | Size = 363365 bytes | Modified Date = 21-03-2007 16:04:24 | Attr =    ]
ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe ->  [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 15-01-2007 18:28:58 | Attr =    ]
ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 15-01-2007 18:28:32 | Attr =    ]
ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe ->  [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 15-01-2007 18:28:52 | Attr =    ]
ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 15-01-2007 18:27:52 | Attr =    ]
aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe ->  [Ver =  | Size = 59008 bytes | Modified Date = 05-08-2006 17:10:10 | Attr =    ]
avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07-10-2006 14:20:00 | Attr =    ]
emms windows.exe -> %ProgramFiles%\3PC Message\eMMS Windows.exe ->  [Ver = 4, 0, 3, 1 | Size = 1675264 bytes | Modified Date = 06-10-2005 13:24:38 | Attr =    ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28-09-2006 16:13:20 | Attr =    ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 25-10-2006 18:58:18 | Attr =    ]
scsiaccess.exe -> %ProgramFiles%\Photodex\ProShowProducer\ScsiAccess.exe ->  [Ver =  | Size = 181312 bytes | Modified Date = 07-08-2006 10:23:20 | Attr =    ]
superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 5, 0, 1016 | Size = 1310720 bytes | Modified Date = 10-01-2007 15:14:36 | Attr =    ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 08-04-2007 19:02:38 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(anbmService) Notebook Manager Service [Win32_Own | Auto | Running] -> %SystemDrive%\Acer\eManager\anbmServ.exe -> OSA Technologies Inc. [Ver = 3.0.5.8 | Size = 1287168 bytes | Modified Date = 16-08-2004 15:17:20 | Attr =    ]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe ->  [Ver =  | Size = 59008 bytes | Modified Date = 05-08-2006 17:10:10 | Attr =    ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped] -> %System32%\ati2evxx.exe ->  [Ver =  | Size = 376832 bytes | Modified Date = 15-05-2004 22:30:04 | Attr =    ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe ->  [Ver = 4, 7, 936, 0 | Size = 132736 bytes | Modified Date = 15-01-2007 18:28:52 | Attr =    ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 255616 bytes | Modified Date = 15-01-2007 18:28:32 | Attr =    ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 936, 0 | Size = 370304 bytes | Modified Date = 15-01-2007 18:27:52 | Attr =    ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28-09-2006 16:13:20 | Attr =    ]
(DirectCygz) DirectX Service [Win32_Own | Disabled | Stopped] -> %System32%\directx.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04-04-2005 00:41:10 | Attr =    ]
(ScsiAccess) ScsiAccess [Win32_Own | Auto | Running] -> %ProgramFiles%\Photodex\ProShowProducer\ScsiAccess.exe ->  [Ver =  | Size = 181312 bytes | Modified Date = 07-08-2006 10:23:20 | Attr =    ]
(ServiceLayer) ServiceLayer [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\PCSuite\Services\ServiceLayer.exe -> Nokia. [Ver = 6, 80, 56, 4 | Size = 176640 bytes | Modified Date = 12-04-2006 11:36:56 | Attr =    ]

[Driver Services - Non-Microsoft Only]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.892.0 | Size = 31560 bytes | Modified Date = 21-12-2006 00:51:58 | Attr =    ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(AnyDVD) AnyDVD [Kernel | On_Demand | Running] -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.3.3 | Size = 77000 bytes | Modified Date = 16-03-2007 00:42:10 | Attr =    ]
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Aspi32) Aspi32 [Kernel | System | Running] -> %System32%\drivers\aspi32.sys -> Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Modified Date = 10-09-1999 13:06:00 | Attr =    ]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.892.0 | Size = 94424 bytes | Modified Date = 21-12-2006 00:56:00 | Attr =    ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.936.0 | Size = 23352 bytes | Modified Date = 15-01-2007 18:26:08 | Attr =    ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.936.0 | Size = 43176 bytes | Modified Date = 15-01-2007 18:25:24 | Attr =    ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Stopped] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6451 | Size = 745984 bytes | Modified Date = 15-05-2004 22:41:40 | Attr =    ]
(atmex) atmex [File_System | Unknown | Running] ->  -> File not found
(AvFlt) Antivirus Filter Driver [File_System | On_Demand | Stopped] -> %System32%\drivers\av5flt.sys -> Panda Software [Ver = 5.1.2600.1 | Size = 90112 bytes | Modified Date = 22-08-2005 14:35:54 | Attr =    ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 4096 bytes | Modified Date = 28-09-2006 16:13:34 | Attr =    ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 05-09-2006 18:03:16 | Attr =    ]
(Avrfdiean) Avrfdiean [File_System | On_Demand | Stopped] ->  -> File not found
(b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Stopped] -> %System32%\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 6.64.0.0 built by: WinDDK | Size = 175360 bytes | Modified Date = 23-05-2003 01:47:12 | Attr =    ]
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.23.0.0 built by: WinDDK | Size = 44032 bytes | Modified Date = 27-09-2003 01:41:12 | Attr =    ]
(BTCAMDRV) Mobiola Web Camera driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\BTCamDrv.sys -> Windows (R) 2000 DDK provider [Ver = 5.1.2600.1106 built by: WinDDK | Size = 219264 bytes | Modified Date = 01-11-2006 18:45:14 | Attr =    ]
(BTCAP) Bluetooth, WDM Video Capture [Kernel | Auto | Running] -> %System32%\drivers\BTCap.sys -> MOTECH [Ver = 0.0.0.1 | Size = 276620 bytes | Modified Date = 07-08-2006 15:22:00 | Attr =    ]
(BulkUsb) VoIPUSBDriver.sys [Kernel | On_Demand | Stopped] -> %System32%\drivers\VoIPUSBDriver.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.2.3790.0 built by: WinDDK | Size = 149504 bytes | Modified Date = 20-09-2005 16:45:00 | Attr =    ]
(CAMCAUD) Conexant AMC Audio [Kernel | On_Demand | Running] -> %System32%\drivers\camcaud.sys -> Conexant Systems Inc. [Ver = 6.13.10.8310 | Size = 292352 bytes | Modified Date = 29-04-2004 22:09:20 | Attr =    ]
(CAMCHALA) CAMCHALA [Kernel | On_Demand | Running] -> %System32%\drivers\camchal.sys -> Conexant Systems Inc. [Ver = 6.13.10.8310 | Size = 274688 bytes | Modified Date = 29-04-2004 22:10:06 | Attr =    ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(ComFiltr) Panda Anti-Dialer [Kernel | On_Demand | Stopped] -> %System32%\drivers\COMFiltr.sys ->  [Ver =  | Size = 5232 bytes | Modified Date = 22-08-2005 13:42:08 | Attr =    ]
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(d347bus) d347bus [Kernel | Boot | Running] -> %System32%\drivers\d347bus.sys ->  [Ver = 3.47.0.0 built by: WinDDK | Size = 155136 bytes | Modified Date = 22-08-2004 16:31:10 | Attr =    ]
(d347prt) d347prt [Kernel | Boot | Running] -> %System32%\drivers\d347prt.sys ->  [Ver = 3.47.0.0 built by: WinDDK | Size = 5248 bytes | Modified Date = 22-08-2004 16:31:48 | Attr =    ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(DKbFltr) Dritek HotKey Keyboard Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\DKbFltr.SYS -> Dritek System Inc. [Ver = 3, 0, 2, 1 | Size = 17983 bytes | Modified Date = 20-11-2002 09:29:12 | Attr =    ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(dmio) Driver til Logical Disk Manager [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153600 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> %System32%\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 2 | Size = 15440 bytes | Modified Date = 28-02-2007 22:56:08 | Attr =    ]
(ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %System32%\drivers\ElbyDelay.sys -> Elaborate Bytes AG [Ver = 5, 1, 0, 0 | Size = 4608 bytes | Modified Date = 12-04-2005 09:41:22 | Attr =    ]
(ElbyVCD) ElbyVCD [Kernel | Boot | Stopped] -> %System32%\DRIVERS\ElbyVCD.sys -> File not found
(EpmPsd) Acer EPM Power Scheme Driver [Kernel | Auto | Running] -> %System32%\drivers\epm-psd.sys -> Acer Value Labs, USA [Ver = 1.02 | Size = 4096 bytes | Modified Date = 19-07-2004 13:10:00 | Attr =    ]
(EpmShd) Acer EPM System Hardware Driver [Kernel | Auto | Running] -> %System32%\drivers\epm-shd.sys -> Acer Value Labs, USA [Ver = 1.22 | Size = 78208 bytes | Modified Date = 14-08-2004 20:59:00 | Attr =    ]
(FCA202AudioSrv) Behringer FCA202 AVC Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\fca202audio.sys -> Behringer [Ver = 1.0.1.0 | Size = 37504 bytes | Modified Date = 14-11-2005 09:04:56 | Attr =    ]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.12.04 | Size = 199552 bytes | Modified Date = 10-03-2004 11:40:28 | Attr =    ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.12.04 | Size = 1041536 bytes | Modified Date = 10-03-2004 11:35:48 | Attr =    ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3762 | Size = 681469 bytes | Modified Date = 10-02-2004 20:17:06 | Attr =    ]
(InCDFs) InCD File System [File_System | Disabled | Stopped] -> system32\drivers\InCDFs.sys -> File not found
(InCDPass) InCDPass [Kernel | System | Stopped] -> system32\drivers\InCDPass.sys -> File not found
(InCDRm) InCD Reader [Kernel | System | Stopped] -> system32\drivers\InCDRm.sys -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IPN2220) acer IPN2220 Wireless LAN Card Driver [Kernel | On_Demand | Running] -> %System32%\drivers\i2220ntx.sys -> Inprocomm, Inc. [Ver = 2.10.03.2004 built by: WinDDK | Size = 140288 bytes | Modified Date = 30-03-2004 08:23:42 | Attr =    ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.80.13.0 | Size = 25630 bytes | Modified Date = 11-12-2003 18:50:00 | Attr =    ]
(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidUsb.sys -> Logitech, Inc. [Ver = 9.80.200.0 | Size = 37916 bytes | Modified Date = 11-12-2003 18:50:00 | Attr =    ]
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.80.13.0 | Size = 70894 bytes | Modified Date = 11-12-2003 18:50:00 | Attr =    ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 09-04-2003 13:48:08 | Attr =    ]
(MIDUSB) Driver for MidiStuio-2 [Kernel | On_Demand | Stopped] -> %System32%\drivers\mstud-2drv.sys -> MidiTech GmbH [Ver = 5.0.0.0 | Size = 46976 bytes | Modified Date = 02-11-2003 12:31:14 | Attr =    ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.82.3.0 | Size = 9216 bytes | Modified Date = 10-10-2006 08:54:32 | Attr =    ]
(Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10-10-2006 08:54:32 | Attr =    ]
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.82.3.0 | Size = 138240 bytes | Modified Date = 10-10-2006 08:54:34 | Attr =    ]
(Nokia USB Port) Nokia USB Port [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcj.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10-10-2006 08:54:32 | Attr =    ]
(NSCIRDA) NSC Infrared enhedsdriver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 03-08-2004 23:00:52 | Attr =    ]
(NSNDIS5) NSNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %System32%\NSNDIS5.SYS -> File not found
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\NTIDrvr.sys -> NewTech Infosystems, Inc. [Ver = 1, 0, 0, 5 | Size = 6912 bytes | Modified Date = 01-10-2004 17:20:14 | Attr =    ]
(osaio) osaio [Kernel | Auto | Running] -> %System32%\drivers\osaio.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 10594 bytes | Modified Date = 01-06-2004 11:50:50 | Attr =    ]
(osanbm) osanbm [Kernel | Auto | Running] -> %System32%\drivers\osanbm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 4054 bytes | Modified Date = 01-06-2004 11:50:50 | Attr =    ]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Running] -> %System32%\drivers\Pcouffin.sys -> VSO Software [Ver = 1.35 | Size = 47360 bytes | Modified Date = 02-03-2006 23:45:10 | Attr =    ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(prevnd) Panda Preventium Driver. [Kernel | Boot | Stopped] -> %System32%\drivers\Prevnd.sys -> Panda Software [Ver = 2, 0, 0, 1 | Size = 39199 bytes | Modified Date = 07-07-2004 13:15:20 | Attr =    ]
(PRODIGY) PRODIGY [Kernel | On_Demand | Stopped] -> %System32%\drivers\prodigy.sys -> B-phreaks [Ver = 1, 0, 0, 208 | Size = 32377 bytes | Modified Date = 29-08-2006 15:56:18 | Attr =    ]
(Ptilink) Driver til direkte, parallel forbindelse [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 06-04-2006 20:15:30 | Attr =    ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(SANDRA) SANDRA [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Professional 2005.SR3\Sandra.sys -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10-10-2006 12:53:48 | Attr =    ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16-02-2006 16:51:08 | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1034 | Size = 30720 bytes | Modified Date = 09-01-2007 14:09:48 | Attr =    ]
(scsipont) scsipont [Kernel | Unknown | Running] ->  -> File not found
(sdpiosys) sdpiosys [Kernel | System | Running] -> %System32%\drivers\SDPIOSYS.SYS ->  [Ver =  | Size = 161792 bytes | Modified Date = 30-11-2004 12:10:00 | Attr =    ]
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Europe Ltd [Ver = 3.18.000 | Size = 12400 bytes | Modified Date = 20-09-2005 20:12:50 | Attr =    ]
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %System32%\drivers\sfdrv01.sys -> Protection Technology [Ver = 1.34 | Size = 48640 bytes | Modified Date = 16-05-2005 15:16:00 | Attr =    ]
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfhlp02.sys -> Protection Technology [Ver = 2.3 | Size = 6656 bytes | Modified Date = 16-05-2005 15:20:40 | Attr =    ]
(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfsync02.sys -> Protection Technology [Ver = 2.11 | Size = 19968 bytes | Modified Date = 16-05-2005 15:23:40 | Attr =    ]
(sfvfs02) StarForce Protection VFS Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfvfs02.sys -> Protection Technology [Ver = 2.7 | Size = 66560 bytes | Modified Date = 16-05-2005 15:26:50 | Attr =    ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(smb2k) smb2k [Kernel | Unknown | Running] ->  -> File not found
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.10.12 20May04 | Size = 184768 bytes | Modified Date = 20-05-2004 19:52:40 | Attr =    ]
(tbhsd) Tunebite High-Speed Dubbing [Kernel | On_Demand | Stopped] -> %System32%\drivers\tbhsd.sys -> RapidSolution Software AG [Ver = 2, 0, 0, 0 | Size = 16640 bytes | Modified Date = 18-09-2006 11:54:48 | Attr =    ]
(Teefer) Teefer for NT [Kernel | Boot | Running] -> %System32%\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 55888 bytes | Modified Date = 04-09-2003 17:05:00 | Attr =    ]
(tifm21) tifm21 [Kernel | On_Demand | Stopped] -> %System32%\drivers\tifm21.sys -> Texas Instruments [Ver = 1.0.1.4 | Size = 67584 bytes | Modified Date = 26-05-2004 10:07:30 | Attr =    ]
(tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 07-08-2006 05:16:00 | Attr =    ]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(w29n51) Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP [Kernel | On_Demand | Stopped] -> %System32%\drivers\w29n51.sys -> Intel® Corporation [Ver = 9000-60 Driver | Size = 3210496 bytes | Modified Date = 20-08-2004 00:41:46 | Attr =    ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %System32%\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.2.1222.0 | Size = 11914 bytes | Modified Date = 04-09-2003 17:05:00 | Attr =    ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.12.04 built by: WinDDK | Size = 682624 bytes | Modified Date = 10-03-2004 11:37:26 | Attr =    ]
(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %System32%\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 18515 bytes | Modified Date = 04-09-2003 17:05:00 | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 07-10-2006 14:20:00 | Attr =    ]
avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe ->  [Ver = 4, 7, 936, 0 | Size = 108160 bytes | Modified Date = 15-01-2007 18:28:58 | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 25-10-2006 18:58:18 | Attr =    ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BlackFooX 3 -> %ProgramFiles%\SlySoft\AnyDVD\BlackFooX3.exe -> Dr.Pc Putte Corporation ;) [Ver = 3.02.0004 | Size = 475136 bytes | Modified Date = 21-03-2007 20:31:26 | Attr =    ]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 5, 0, 1016 | Size = 1310720 bytes | Modified Date = 10-01-2007 15:14:36 | Attr =    ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28-09-2006 16:13:28 | Attr =    ]
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 20-12-2006 12:55:48 | Attr =    ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1028 | Size = 258048 bytes | Modified Date = 19-10-2006 09:12:20 | Attr =    ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3762 | Size = 339968 bytes | Modified Date = 10-02-2004 10:51:10 | Attr =    ]
< HOSTS File > (179233 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar ->  ->
HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKLM: Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://signon.stofanet.dk/ ->
HKCU: CustomizeSearch ->  ->
HKCU: SearchAssistant ->  ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar] -> File not found
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] ->  ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 14-12-2004 01:56:50 | Attr =    ]
{226D6348-AAEA-4481-B26A-FD245EB09730} [HKLM] ->  [Reg Data - Value does not exist] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10-11-2005 13:22:10 | Attr =    ]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKLM] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] ->  [Ver = 2, 5, 1, 6 | Size = 405504 bytes | Modified Date = 26-08-2004 11:27:32 | Attr =    ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10-11-2005 13:22:10 | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10-11-2005 13:22:10 | Attr =    ]
{2670000A-7350-4f3c-8081-5663EE0C6C49} -> Reg Data - Value does not exist [ButtonText: Send til OneNote] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&ksporter til Microsoft Excel ->  -> File not found
Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_AddToList.htm -> File not found
Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_HSPrint.htm -> File not found
Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Preview.htm -> File not found
Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Resource.dll\RC_Print.htm -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{279B1BE3-5B6F-4914-9440-1A5967F396B0} ->    (1394-netværkskort) ->
{284766F4-BFF8-4035-A3FC-6C5A99DEB5A1} ->    () ->
{41436CB8-C710-465D-A528-F5C433DC195B} ->    () ->
{5E273BD0-11EC-4E7A-93AA-CEE854DEEC94} ->    () ->
{72DC5117-3E4D-4B71-B5C4-041F4EB7E24E} ->    (Broadcom 440x 10/100 Integrated Controller) ->
{CD587E2D-2AE2-4AE4-AC53-F9675B6135FC} ->    () ->
{E5DF882E-5380-40BC-95AB-44DDA00B2C8B} ->    (Motorola SURFboard SB5120 USB Cable Modem) ->
{FB4CDB74-BF55-4C33-A577-EDC1B65C7566} ->    () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab ->
{33564D57-0000-0010-8000-00AA00389B71} ->  - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB ->
{3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} -> Util Class - CodeBase = https://gandalf.certifikat.dk/csp/authenticode/PrimeInkCSP-1204.exe ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://remedys.spaces.live.com//PhotoUpload/MsnPUpld.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{8EB3FF4E-86A1-4717-884D-7BA2D38272CB} -> F-Secure Online Scanner - CodeBase = http://newscanner.virus112.com/ols/fscax.cab ->
{97E71027-0BA2-44F2-97DB-F84D808ED0B6} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> MSN Games - Installer - CodeBase = http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab ->
{BBF26523-5BC7-435D-BDD3-AC84C5DC00C3} -> UIEPlayer 1.4 Class - CodeBase = http://demo.uievolution.com/webpreview/lgvx6000/UIEPlayer1_4.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{D216644A-C6DB-49D9-BBCF-D38FE7991BF2} -> Util Class - CodeBase = https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab ->
Microsoft XML Parser for Java ->  - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Files/Folders - Created Within 30 days]
i386 -> %SystemDrive%\i386 ->  [Folder | Created Date = 14-03-2007 09:36:39 | Attr =    ]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 29-03-2007 09:13:40 | Attr =  HS]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ ->  [Folder | Created Date = 14-03-2007 09:36:35 | Attr =  H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ ->  [Folder | Created Date = 04-04-2007 08:11:30 | Attr =  H ]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.3.3 | Size = 77000 bytes | Created Date = 15-03-2007 23:42:09 | Attr =    ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 28-03-2007 08:17:49 | Attr =    ]

[Files/Folders - Modified Within 30 days]
i386 -> %SystemDrive%\i386 ->  [Folder | Modified Date = 14-03-2007 10:36:40 | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 501731328 bytes | Modified Date = 09-04-2007 10:51:50 | Attr =  HS]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 29-03-2007 10:13:42 | Attr =  HS]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 116 bytes | Modified Date = 07-04-2007 14:43:20 | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 09-04-2007 10:51:52 | Attr =  S]
bthservsdp.dat -> %SystemRoot%\bthservsdp.dat ->  [Ver =  | Size = 12 bytes | Modified Date = 08-04-2007 23:03:24 | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 25-03-2007 20:44:56 | Attr =  H ]
winamp.ini -> %SystemRoot%\winamp.ini ->  [Ver =  | Size = 1125 bytes | Modified Date = 09-04-2007 13:26:32 | Attr =    ]
$NtUninstallKB929338$ -> %SystemRoot%\$NtUninstallKB929338$ ->  [Folder | Modified Date = 14-03-2007 10:36:36 | Attr =  H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ ->  [Folder | Modified Date = 04-04-2007 09:11:32 | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 09-04-2007 10:52:04 | Attr =  H ]
wpa.dbl -> %System32%\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 09-04-2007 10:54:14 | Attr =    ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT ->  [Ver =  | Size = 415856 bytes | Modified Date = 04-04-2007 09:16:38 | Attr =    ]
AnyDVD.sys -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.3.3 | Size = 77000 bytes | Modified Date = 16-03-2007 00:42:10 | Attr =    ]

< End of report >

-- Har du en infrarød port på din computer, som du bruger/har brugt?

-- Hent denne fil, og pak den ud til en mappe på skrivebordet:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Dobbeltklik på filen, og lad den pakke sig ud til en mappe i roden af din harddisk (typisk: c:\SDfix)

-- Kør WinPFind3U fra WinPFind3U-mappen igen. Kopier indholdet mellem de bølgede linier ind i det hvide felt til højre (højreklik på feltet og vælg "sæt ind"/"paste"):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[Kill Explorer]
[Win32 Services - Non-Microsoft Only]
YY -> (DirectCygz) DirectX Service [Win32_Own | Disabled | Stopped] -> %System32%\directx.exe
[Driver Services - Non-Microsoft Only]
YY -> (sdpiosys) sdpiosys [Kernel | System | Running] -> %System32%\drivers\SDPIOSYS.SYS
YY -> (tmcomm) tmcomm [Kernel | Auto | Running] -> %System32%\drivers\tmcomm.sys
[Registry - Non-Microsoft Only]
< Internet Explorer Settings > ->
YN -> HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Data - Key not found [Yahoo! Toolbar]
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {226D6348-AAEA-4481-B26A-FD245EB09730} [HKLM] -> [Reg Data - Value does not exist]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
[Start Explorer]
[Reboot]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Klik herefter på "Run Fix", og følg instruksionerne, der gives. Din computer vil nu genstarte. Efter genstart skal du åbne WinPFindu-mappen igen. Her vil nu ligge en log, hvis navn består af en masse numre - den skal du kopiere herind. Du behøver i første omgang ikke lægge en ny log fra Winpfind3u herind.

-- Genstart så i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Gå så ind i mappen SDFix, som du fik oprettet tidligere. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.

-- Skriv også om det har hjulpet på maskinen.

Har ingen og har aldrig haft nogen infrarød port koblet til min pc. :-)

Log:

Explorer killed successfully
[Win32 Services - Non-Microsoft Only]
Service DirectCygz stopped successfully.
Service DirectCygz deleted successfully.
File C:\WINDOWS\SYSTEM32\directx.exe not found.
[Driver Services - Non-Microsoft Only]
Service sdpiosys stopped successfully.
Service sdpiosys deleted successfully.
C:\WINDOWS\SYSTEM32\drivers\SDPIOSYS.SYS moved successfully.
Service tmcomm stopped successfully.
Service tmcomm deleted successfully.
C:\WINDOWS\SYSTEM32\drivers\tmcomm.sys moved successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{226D6348-AAEA-4481-B26A-FD245EB09730} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{226D6348-AAEA-4481-B26A-FD245EB09730} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} deleted successfully.
< End of log >
Created on 04-10-2007 09:36:59

Så mangler jeg lige at se logfilen fra sdfix :-)

Jeg har ingen mulighed for genstart i fejlsikret tilstand!! Den kommer med en stop fejl når jeg forsøger både "fejlsikret tilstand med netværk" og uden....!

Kan jeg gøre det når den er startet op almindeligt...?

Nej, desværre kan sdfix ikke køre fra almindelig tilstand. Vi må lave nogle ekstra check.

-- Kør Winpfind3u igen. I venstre side skal du sætte flueben og prikker på følgende måde:

Processes: None
Win32 Services: None
Driver Services: All
Registry:  None
Files Created Within: 30 Days, None
Files Modified Within: 30 Days, None
File String Search: None

I Højre side skal du ikke vælge noget.

Klik herefter på "Run Scan". Efter noget tid vil der dukke en logfil op, som du gerne må paste herind. Muligvis vil loggen være så lang, at den ikke kan være i en enkelt post. Så må du lægge den ind i flere dele.

-- Download Gmer-rootkit scanner, og pak den ud til skrivebordet:
http://www.young-andersen.dk/gamer/gamer.zip
Start med at omdøbe programmet gmer.exe (fx til abc.exe). Kør programmet, klik på fanebladet "Rootkit", og klik på "Scan". Imens der scannes, bør du afbryde netforbindelsen, lukke alle åbne programmer, og undlade at bruge computeren til andre ting. Du bør heller ikke klikke på andre ting i Gmer-scanneren. Når scanningen er færdig, skal du klikke på "Copy". Så dukker et vindue op, som fortæller at resultatet af rootkit-scanningen er blevet lagt ind i udklipsholderen. Du kan herefter gå ind i denne tråd, og kopiere indholdet herind, ved at stille dig i indtastningsfeltet, og trykke ctrl-v.

WinPFind3 logfile created on: 10-04-2007 21:32:49
WinPFind3U by OldTimer - Version 1.0.34    Folder = C:\Documents and Settings\Anders Kristensen\Skrivebord\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

478,42 Mb Total Physical Memory | 150,27 Mb Available Physical Memory | 31,41% Memory free
1,12 Gb Paging File | 0,75 Gb Available in Paging File | 66,65% Paging File free
Paging file location(s): C:\pagefile.sys 2 2;D:\pagefile.sys 744 1488;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer
Drive C: | 17,07 Gb Total Space | 0,54 Gb Free Space | 3,14% Space Free
Drive D: | 17,24 Gb Total Space | 5,59 Gb Free Space | 32,45% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: ANDERS
Current User Name: Anders Kristensen
Logged in as Administrator.
Current Boot Mode: Normal


[Driver Services - All]
(61883) 61883-enhed [Kernel | On_Demand | Stopped] -> %System32%\drivers\61883.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48128 bytes | Modified Date = 03-08-2004 23:10:12 | Attr =    ]
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.892.0 | Size = 31560 bytes | Modified Date = 21-12-2006 00:51:58 | Attr =    ]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(ACPI) Microsoft ACPI-driver [Kernel | Boot | Running] -> %System32%\drivers\acpi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 188032 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(ACPIEC) Driver til Microsoft Embedded-controller [Kernel | Boot | Running] -> %System32%\drivers\acpiec.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11776 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %System32%\drivers\aec.sys -> Microsoft Corporation [Ver = 5.1.2601.2180 | Size = 142464 bytes | Modified Date = 15-02-2006 02:22:26 | Attr =    ]
(AFD) AFD [Kernel | System | Running] -> %System32%\drivers\afd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 138496 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(agp440) Intel AGP-busfilter [Kernel | Boot | Running] -> %System32%\drivers\AGP440.SYS -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42368 bytes | Modified Date = 03-08-2004 23:07:42 | Attr =    ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(AnyDVD) AnyDVD [Kernel | On_Demand | Running] -> %System32%\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 6.1.3.3 | Size = 77000 bytes | Modified Date = 16-03-2007 00:42:10 | Attr =    ]
(Arp1394) 1394 ARP-klientprotokol [Kernel | On_Demand | Stopped] -> %System32%\drivers\arp1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Aspi32) Aspi32 [Kernel | System | Running] -> %System32%\drivers\aspi32.sys -> Adaptec [Ver = 4.60 (1021) | Size = 25244 bytes | Modified Date = 10-09-1999 13:06:00 | Attr =    ]
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.892.0 | Size = 94424 bytes | Modified Date = 21-12-2006 00:56:00 | Attr =    ]
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.936.0 | Size = 23352 bytes | Modified Date = 15-01-2007 18:26:08 | Attr =    ]
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.936.0 | Size = 43176 bytes | Modified Date = 15-01-2007 18:25:24 | Attr =    ]
(AsyncMac) RAS-asynkron mediedriver [Kernel | On_Demand | Stopped] -> %System32%\drivers\asyncmac.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(atapi) Standard IDE/ESDI-harddiskcontroller [Kernel | Boot | Running] -> %System32%\drivers\atapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95360 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(ati2mtag) ati2mtag [Kernel | On_Demand | Stopped] -> %System32%\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6451 | Size = 745984 bytes | Modified Date = 15-05-2004 22:41:40 | Attr =    ]
(Atmarpc) ATM ARP-klientprotokol [Kernel | On_Demand | Stopped] -> %System32%\drivers\atmarpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(atmex) atmex [File_System | Unknown | Running] ->  -> File not found
(audstub) Lydstubdriver [Kernel | On_Demand | Running] -> %System32%\drivers\audstub.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3072 bytes | Modified Date = 17-08-2001 21:59:44 | Attr =    ]
(Avc) AVC-enhed [Kernel | On_Demand | Stopped] -> %System32%\drivers\avc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 03-08-2004 23:10:12 | Attr =    ]
(AvFlt) Antivirus Filter Driver [File_System | On_Demand | Stopped] -> %System32%\drivers\av5flt.sys -> Panda Software [Ver = 5.1.2600.1 | Size = 90112 bytes | Modified Date = 22-08-2005 14:35:54 | Attr =    ]
(AVG Anti-Spyware Driver) AVG Anti-Spyware Driver [Kernel | System | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.sys ->  [Ver =  | Size = 4096 bytes | Modified Date = 28-09-2006 16:13:34 | Attr =    ]
(AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 05-09-2006 18:03:16 | Attr =    ]
(Avrfdiean) Avrfdiean [File_System | On_Demand | Stopped] ->  -> File not found
(b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Stopped] -> %System32%\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 6.64.0.0 built by: WinDDK | Size = 175360 bytes | Modified Date = 23-05-2003 01:47:12 | Attr =    ]
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %System32%\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.23.0.0 built by: WinDDK | Size = 44032 bytes | Modified Date = 27-09-2003 01:41:12 | Attr =    ]
(Beep) Beep [Kernel | System | Running] -> %System32%\drivers\beep.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(BTCAMDRV) Mobiola Web Camera driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\BTCamDrv.sys -> Windows (R) 2000 DDK provider [Ver = 5.1.2600.1106 built by: WinDDK | Size = 219264 bytes | Modified Date = 01-11-2006 18:45:14 | Attr =    ]
(BTCAP) Bluetooth, WDM Video Capture [Kernel | Auto | Running] -> %System32%\drivers\BTCap.sys -> MOTECH [Ver = 0.0.0.1 | Size = 276620 bytes | Modified Date = 07-08-2006 15:22:00 | Attr =    ]
(BthEnum) Driver til Bluetooth-anmodningsblok [Kernel | On_Demand | Stopped] -> %System32%\drivers\BthEnum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17024 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(BTHMODEM) Bluetooth Modem Communications-driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\bthmodem.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38016 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(BthPan) Bluetooth Device (Personal Area Network) [Kernel | On_Demand | Stopped] -> %System32%\drivers\bthpan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 100992 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(BTHPORT) Bluetooth-portdriver [Kernel | On_Demand | Stopped] -> %System32%\drivers\bthport.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 274432 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(BTHUSB) USB-driver til Bluetooth-radio [Kernel | On_Demand | Stopped] -> %System32%\drivers\BTHUSB.SYS -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(BulkUsb) VoIPUSBDriver.sys [Kernel | On_Demand | Stopped] -> %System32%\drivers\VoIPUSBDriver.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.2.3790.0 built by: WinDDK | Size = 149504 bytes | Modified Date = 20-09-2005 16:45:00 | Attr =    ]
(CAMCAUD) Conexant AMC Audio [Kernel | On_Demand | Running] -> %System32%\drivers\camcaud.sys -> Conexant Systems Inc. [Ver = 6.13.10.8310 | Size = 292352 bytes | Modified Date = 29-04-2004 22:09:20 | Attr =    ]
(CAMCHALA) CAMCHALA [Kernel | On_Demand | Running] -> %System32%\drivers\camchal.sys -> Conexant Systems Inc. [Ver = 6.13.10.8310 | Size = 274688 bytes | Modified Date = 29-04-2004 22:10:06 | Attr =    ]
(cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %System32%\drivers\cbidf2k.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 13952 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(CCDECODE) Dekoder til tekstning for hørehæmmede [Kernel | On_Demand | Stopped] -> %System32%\drivers\CCDECODE.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17024 bytes | Modified Date = 03-08-2004 23:10:18 | Attr =    ]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Cdaudio) Cdaudio [Kernel | System | Stopped] -> %System32%\drivers\cdaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Cdfs) Cdfs [File_System | Disabled | Running] -> %System32%\drivers\cdfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63744 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Cdrom) Cd-rom-driver [Kernel | System | Running] -> %System32%\drivers\cdrom.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(ComFiltr) Panda Anti-Dialer [Kernel | On_Demand | Stopped] -> %System32%\drivers\COMFiltr.sys ->  [Ver =  | Size = 5232 bytes | Modified Date = 22-08-2005 13:42:08 | Attr =    ]
(Compbatt) Microsoft Composite Battery Driver [Kernel | Boot | Running] -> %System32%\drivers\compbatt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9344 bytes | Modified Date = 17-08-2001 21:58:00 | Attr =    ]
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(d347bus) d347bus [Kernel | Boot | Running] -> %System32%\drivers\d347bus.sys ->  [Ver = 3.47.0.0 built by: WinDDK | Size = 155136 bytes | Modified Date = 22-08-2004 16:31:10 | Attr =    ]
(d347prt) d347prt [Kernel | Boot | Running] -> %System32%\drivers\d347prt.sys ->  [Ver = 3.47.0.0 built by: WinDDK | Size = 5248 bytes | Modified Date = 22-08-2004 16:31:48 | Attr =    ]
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(Disk) Diskdriver [Kernel | Boot | Running] -> %System32%\drivers\disk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36352 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(DKbFltr) Dritek HotKey Keyboard Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\DKbFltr.SYS -> Dritek System Inc. [Ver = 3, 0, 2, 1 | Size = 17983 bytes | Modified Date = 20-11-2002 09:29:12 | Attr =    ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800000 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(dmio) Driver til Logical Disk Manager [Kernel | Boot | Running] -> %System32%\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153600 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(dmload) dmload [Kernel | Boot | Running] -> %System32%\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(DMusic) Microsoft Kernel DLS-synthesizer [Kernel | On_Demand | Stopped] -> %System32%\drivers\DMusic.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52864 bytes | Modified Date = 03-08-2004 23:07:40 | Attr =    ]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %System32%\drivers\drmkaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 2944 bytes | Modified Date = 03-08-2004 23:07:58 | Attr =    ]
(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> %System32%\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 0, 2 | Size = 15440 bytes | Modified Date = 28-02-2007 22:56:08 | Attr =    ]
(ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %System32%\drivers\ElbyDelay.sys -> Elaborate Bytes AG [Ver = 5, 1, 0, 0 | Size = 4608 bytes | Modified Date = 12-04-2005 09:41:22 | Attr =    ]
(ElbyVCD) ElbyVCD [Kernel | Boot | Stopped] -> %System32%\DRIVERS\ElbyVCD.sys -> File not found
(EpmPsd) Acer EPM Power Scheme Driver [Kernel | Auto | Running] -> %System32%\drivers\epm-psd.sys -> Acer Value Labs, USA [Ver = 1.02 | Size = 4096 bytes | Modified Date = 19-07-2004 13:10:00 | Attr =    ]
(EpmShd) Acer EPM System Hardware Driver [Kernel | Auto | Running] -> %System32%\drivers\epm-shd.sys -> Acer Value Labs, USA [Ver = 1.22 | Size = 78208 bytes | Modified Date = 14-08-2004 20:59:00 | Attr =    ]
(Fastfat) Fastfat [File_System | Disabled | Running] -> %System32%\drivers\fastfat.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143360 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(FCA202AudioSrv) Behringer FCA202 AVC Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\fca202audio.sys -> Behringer [Ver = 1.0.1.0 | Size = 37504 bytes | Modified Date = 14-11-2005 09:04:56 | Attr =    ]
(Fdc) Fdc [Kernel | System | Stopped] -> %System32%\drivers\fdc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27392 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Fips) Fips [Kernel | System | Running] -> %System32%\drivers\fips.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 34944 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Flpydisk) Flpydisk [Kernel | System | Stopped] -> %System32%\drivers\flpydisk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(FltMgr) FltMgr [File_System | Boot | Running] -> %System32%\drivers\fltMgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2978 (xpsp_sp2_gdr.060821-0039) | Size = 128896 bytes | Modified Date = 21-08-2006 11:14:58 | Attr =    ]
(Ftdisk) Driver til diskenhedsstyring [Kernel | Boot | Running] -> %System32%\drivers\ftdisk.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 125312 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Gpc) Standardpakkeklassificering [Kernel | On_Demand | Running] -> %System32%\drivers\msgpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 35072 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(HidBth) Microsoft Bluetooth HID-miniport [Kernel | On_Demand | Stopped] -> %System32%\drivers\hidbth.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25728 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(HidUsb) Microsoft HID-klassedriver [Kernel | On_Demand | Stopped] -> %System32%\drivers\hidusb.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 9600 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %System32%\drivers\HSFHWICH.sys -> Conexant Systems, Inc. [Ver = 7.12.04 | Size = 199552 bytes | Modified Date = 10-03-2004 11:40:28 | Attr =    ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.12.04 | Size = 1041536 bytes | Modified Date = 10-03-2004 11:35:48 | Attr =    ]
(HTTP) HTTP [Kernel | On_Demand | Running] -> %System32%\drivers\http.sys -> Microsoft Corporation [Ver = 5.1.2600.2869 (xpsp_sp2_gdr.060316-1512) | Size = 262784 bytes | Modified Date = 17-03-2006 02:33:10 | Attr =    ]
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(i8042prt) i8042-tastatur og PS/2-museportdriver [Kernel | System | Running] -> %System32%\drivers\i8042prt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53120 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3762 | Size = 681469 bytes | Modified Date = 10-02-2004 20:17:06 | Attr =    ]
(Imapi) Filterdriver til cd-skrivning [Kernel | System | Running] -> %System32%\drivers\imapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41856 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(InCDFs) InCD File System [File_System | Disabled | Stopped] -> system32\drivers\InCDFs.sys -> File not found
(InCDPass) InCDPass [Kernel | System | Stopped] -> system32\drivers\InCDPass.sys -> File not found
(InCDRm) InCD Reader [Kernel | System | Stopped] -> system32\drivers\InCDRm.sys -> File not found
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Boot | Running] -> %System32%\drivers\intelide.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5504 bytes | Modified Date = 26-08-2004 17:49:14 | Attr =    ]
(intelppm) Driver til Intel-processor [Kernel | System | Running] -> %System32%\drivers\intelppm.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 39936 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Ip6Fw) IPv6-driver til Windows Firewall [Kernel | On_Demand | Stopped] -> %System32%\drivers\ip6fw.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29056 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(IpFilterDriver) Filterdriver til IP-trafik [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipfltdrv.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32896 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(IpInIp) Driver til IP i IP-tunnel [Kernel | On_Demand | Stopped] -> %System32%\drivers\ipinip.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(IPN2220) acer IPN2220 Wireless LAN Card Driver [Kernel | On_Demand | Running] -> %System32%\drivers\i2220ntx.sys -> Inprocomm, Inc. [Ver = 2.10.03.2004 built by: WinDDK | Size = 140288 bytes | Modified Date = 30-03-2004 08:23:42 | Attr =    ]
(IpNat) Oversætter til IP-netværksadresser [Kernel | On_Demand | Running] -> %System32%\drivers\ipnat.sys -> Microsoft Corporation [Ver = 5.1.2600.2524 (xpsp_sp2_gdr.040919-1056) | Size = 134912 bytes | Modified Date = 29-09-2004 23:28:38 | Attr =    ]
(IPSec) IPSEC-driver [Kernel | System | Running] -> %System32%\drivers\ipsec.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 74752 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(irda) IrDA-protokol [Kernel | Auto | Running] -> %System32%\drivers\irda.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 87424 bytes | Modified Date = 03-08-2004 23:00:54 | Attr =    ]
(IRENUM) Tjeneste til IR-optælling [Kernel | On_Demand | Stopped] -> %System32%\drivers\irenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11264 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(isapnp) PnP ISA/EISA-busdriver [Kernel | Boot | Running] -> %System32%\drivers\isapnp.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36096 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Kbdclass) Klassedriver til tastatur [Kernel | System | Running] -> %System32%\drivers\kbdclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24832 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(kbdhid) HID-tastaturdriver [Kernel | System | Stopped] -> %System32%\drivers\kbdhid.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14848 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(kmixer) Microsoft Kernel Wave-lydmixer [Kernel | On_Demand | Stopped] -> %System32%\drivers\kmixer.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 172416 bytes | Modified Date = 14-06-2006 10:47:46 | Attr =    ]
(KSecDD) KSecDD [Kernel | Boot | Running] -> %System32%\drivers\ksecdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92032 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidFlt2.Sys -> Logitech, Inc. [Ver = 9.80.13.0 | Size = 25630 bytes | Modified Date = 11-12-2003 18:50:00 | Attr =    ]
(LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Running] -> %System32%\drivers\LHidUsb.sys -> Logitech, Inc. [Ver = 9.80.200.0 | Size = 37916 bytes | Modified Date = 11-12-2003 18:50:00 | Attr =    ]
(LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\LMouFlt2.Sys -> Logitech, Inc. [Ver = 9.80.13.0 | Size = 70894 bytes | Modified Date = 11-12-2003 18:50:00 | Attr =    ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 09-04-2003 13:48:08 | Attr =    ]
(MIDUSB) Driver for MidiStuio-2 [Kernel | On_Demand | Stopped] -> %System32%\drivers\mstud-2drv.sys -> MidiTech GmbH [Ver = 5.0.0.0 | Size = 46976 bytes | Modified Date = 02-11-2003 12:31:14 | Attr =    ]
(mnmdd) mnmdd [Kernel | System | Running] -> %System32%\drivers\mnmdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Modem) Modem [Kernel | On_Demand | Running] -> %System32%\drivers\modem.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30336 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Mouclass) Klassedriver til mus [Kernel | System | Running] -> %System32%\drivers\mouclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23296 bytes | Modified Date = 26-08-2004 17:47:54 | Attr =    ]
(mouhid) HID-driver til mus [Kernel | On_Demand | Running] -> %System32%\drivers\mouhid.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 12160 bytes | Modified Date = 04-10-2001 16:35:26 | Attr =    ]
(MountMgr) MountMgr [Kernel | Boot | Running] -> %System32%\drivers\mountmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42240 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(MRxDAV) Klientomdirigering for WebDav [File_System | On_Demand | Running] -> %System32%\drivers\mrxdav.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 181248 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(MRxSmb) MRxSmb [File_System | System | Running] -> %System32%\drivers\mrxsmb.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 453120 bytes | Modified Date = 05-05-2006 11:41:46 | Attr =    ]
(MSDV) Microsoft DV Camera and VCR [Kernel | On_Demand | Stopped] -> %System32%\drivers\msdv.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 51328 bytes | Modified Date = 03-08-2004 23:10:00 | Attr =    ]
(Msfs) Msfs [File_System | System | Running] -> %System32%\drivers\msfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 19072 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(MSKSSRV) Serviceproxy til Microsoft Streaming [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSKSSRV.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 7552 bytes | Modified Date = 03-08-2004 22:58:42 | Attr =    ]
(MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSPCLOCK.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5376 bytes | Modified Date = 03-08-2004 22:58:40 | Attr =    ]
(MSPQM) Kvalitetsstyringsproxy til Microsoft Streaming [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSPQM.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4992 bytes | Modified Date = 03-08-2004 22:58:42 | Attr =    ]
(mssmbios) Driver til Microsoft System Management BIOS [Kernel | On_Demand | Running] -> %System32%\drivers\mssmbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(MSTEE) Microsoft Streaming Tee/Sink-to-Sink-konverteringsprogram [Kernel | On_Demand | Stopped] -> %System32%\drivers\MSTEE.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5504 bytes | Modified Date = 03-08-2004 22:58:40 | Attr =    ]
(Mup) Mup [File_System | Boot | Running] -> %System32%\drivers\mup.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 107904 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(NABTSFEC) NABTS/FEC VBI Codec [Kernel | On_Demand | Stopped] -> %System32%\drivers\NABTSFEC.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 85376 bytes | Modified Date = 03-08-2004 23:10:30 | Attr =    ]
(NDIS) NDIS-systemdriver [Kernel | Boot | Running] -> %System32%\drivers\ndis.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 182912 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(NdisIP) Microsoft TV/Video-forbindelse [Kernel | On_Demand | Stopped] -> %System32%\drivers\NdisIP.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 10880 bytes | Modified Date = 03-08-2004 23:10:14 | Attr =    ]
(NdisTapi) Remote Access NDIS TAPI-driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndistapi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9600 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Ndisuio) NDIS-protokol til I/O i brugertilstand [Kernel | On_Demand | Running] -> %System32%\drivers\ndisuio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12928 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(NdisWan) Remote Access NDIS WAN-driver [Kernel | On_Demand | Running] -> %System32%\drivers\ndiswan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 91776 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %System32%\drivers\ndproxy.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 38016 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(NetBIOS) NetBIOS-grænseflade [File_System | System | Running] -> %System32%\drivers\netbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(NetBT) NetBT [Kernel | System | Running] -> %System32%\drivers\netbt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 162816 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(NIC1394) 1394-netværksdriver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nic1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 61824 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(nm) Driver til Netværksovervågning [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmnt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 40320 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Nokia USB Generic) Nokia USB Generic [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdc.sys -> Nokia [Ver = 6.82.3.0 | Size = 9216 bytes | Modified Date = 10-10-2006 08:54:32 | Attr =    ]
(Nokia USB Modem) Nokia USB Modem [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcm.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10-10-2006 08:54:32 | Attr =    ]
(Nokia USB Phone Parent) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcd.sys -> Nokia [Ver = 6.82.3.0 | Size = 138240 bytes | Modified Date = 10-10-2006 08:54:34 | Attr =    ]
(Nokia USB Port) Nokia USB Port [Kernel | On_Demand | Stopped] -> %System32%\drivers\nmwcdcj.sys -> Nokia [Ver = 6.82.3.0 | Size = 12800 bytes | Modified Date = 10-10-2006 08:54:32 | Attr =    ]
(Npfs) Npfs [File_System | System | Running] -> %System32%\drivers\npfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30848 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(NSCIRDA) NSC Infrared enhedsdriver [Kernel | On_Demand | Stopped] -> %System32%\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 03-08-2004 23:00:52 | Attr =    ]
(NSNDIS5) NSNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %System32%\NSNDIS5.SYS -> File not found
(Ntfs) Ntfs [File_System | Disabled | Stopped] -> %System32%\drivers\ntfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 574592 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(NTIDrvr) Upper Class Filter Driver [Kernel | On_Demand | Running] -> %System32%\drivers\NTIDrvr.sys -> NewTech Infosystems, Inc. [Ver = 1, 0, 0, 5 | Size = 6912 bytes | Modified Date = 01-10-2004 17:20:14 | Attr =    ]
(Null) Null [Kernel | System | Running] -> %System32%\drivers\null.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 2944 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(NwlnkFlt) Filterdriver til IPX-trafik [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkflt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12416 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(NwlnkFwd) Driver til IPX-trafikvideresendelse [Kernel | On_Demand | Stopped] -> %System32%\drivers\nwlnkfwd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32512 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(NwlnkIpx) NWLink IPX/SPX/NetBIOS-kompatibel transportprotokol [Kernel | Auto | Running] -> %System32%\drivers\nwlnkipx.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 88448 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(NwlnkNb) NWLink NetBIOS [Kernel | Auto | Running] -> %System32%\drivers\nwlnknb.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 63232 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(NwlnkSpx) NWLink SPX/SPXII-protokol [Kernel | Auto | Running] -> %System32%\drivers\nwlnkspx.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 55936 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(ohci1394) NEC FireWarden OHCI Compliant IEEE 1394-værtscontroller [Kernel | Boot | Running] -> %System32%\drivers\ohci1394.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 61056 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(osaio) osaio [Kernel | Auto | Running] -> %System32%\drivers\osaio.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 10594 bytes | Modified Date = 01-06-2004 11:50:50 | Attr =    ]
(osanbm) osanbm [Kernel | Auto | Running] -> %System32%\drivers\osanbm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1620 | Size = 4054 bytes | Modified Date = 01-06-2004 11:50:50 | Attr =    ]
(Parport) Driver til parallel port [Kernel | On_Demand | Stopped] -> %System32%\drivers\parport.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80256 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(PartMgr) PartMgr [Kernel | Boot | Running] -> %System32%\drivers\partmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(ParVdm) ParVdm [Kernel | Disabled | Stopped] -> %System32%\drivers\parvdm.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 6912 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(PCI) PCI-busdriver [Kernel | Boot | Running] -> %System32%\drivers\pci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68096 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PCIIde) PCIIde [Kernel | Boot | Running] -> %System32%\drivers\pciide.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3328 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Pcmcia) Pcmcia [Kernel | Boot | Running] -> %System32%\drivers\pcmcia.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 120064 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Running] -> %System32%\drivers\Pcouffin.sys -> VSO Software [Ver = 1.35 | Size = 47360 bytes | Modified Date = 02-03-2006 23:45:10 | Attr =    ]
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(PptpMiniport) WAN-miniport (PPTP) [Kernel | On_Demand | Running] -> %System32%\drivers\raspptp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48384 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(prevnd) Panda Preventium Driver. [Kernel | Boot | Stopped] -> %System32%\drivers\Prevnd.sys -> Panda Software [Ver = 2, 0, 0, 1 | Size = 39199 bytes | Modified Date = 07-07-2004 13:15:20 | Attr =    ]
(PRODIGY) PRODIGY [Kernel | On_Demand | Stopped] -> %System32%\drivers\prodigy.sys -> B-phreaks [Ver = 1, 0, 0, 208 | Size = 32377 bytes | Modified Date = 29-08-2006 15:56:18 | Attr =    ]
(PSched) QoS-pakkeplanlægning [Kernel | On_Demand | Running] -> %System32%\drivers\psched.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Ptilink) Driver til direkte, parallel forbindelse [Kernel | On_Demand | Running] -> %System32%\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Modified Date = 06-04-2006 20:15:30 | Attr =    ]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(RasAcd) Driver til Remote Access Auto Connection [Kernel | System | Running] -> %System32%\drivers\rasacd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 8832 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Rasirda) WAN-miniport (IrDA) [Kernel | On_Demand | Running] -> %System32%\drivers\rasirda.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 19584 bytes | Modified Date = 17-08-2001 21:51:32 | Attr =    ]
(Rasl2tp) WAN-miniport (L2TP) [Kernel | On_Demand | Running] -> %System32%\drivers\rasl2tp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 51328 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(RasPppoe) Remote Access PPPOE-driver [Kernel | On_Demand | Running] -> %System32%\drivers\raspppoe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41472 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Raspti) Direkte parallel [Kernel | On_Demand | Running] -> %System32%\drivers\raspti.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 16512 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Rdbss) Rdbss [File_System | System | Running] -> %System32%\drivers\rdbss.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 174592 bytes | Modified Date = 05-05-2006 11:47:58 | Attr =    ]
(RDPCDD) RDPCDD [Kernel | System | Running] -> %System32%\drivers\rdpcdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4224 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(rdpdr) Driver til Terminal Server-enhedsomdirigering [Kernel | On_Demand | Running] -> %System32%\drivers\rdpdr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 196864 bytes | Modified Date = 03-08-2004 23:01:16 | Attr =    ]
(RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %System32%\drivers\rdpwd.sys -> Microsoft Corporation [Ver = 5.1.2600.2695 (xpsp_sp2_gdr.050609-1528) | Size = 139528 bytes | Modified Date = 10-06-2005 06:11:18 | Attr =    ]
(redbook) Filterdriver til digital cd-lydafspilning [Kernel | System | Running] -> %System32%\drivers\redbook.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57856 bytes | Modified Date = 26-08-2004 17:48:28 | Attr =    ]
(RFCOMM) Bluetooth-enhed (RFCOMM Protocol TDI) [Kernel | On_Demand | Stopped] -> %System32%\drivers\rfcomm.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59648 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(SANDRA) SANDRA [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SiSoftware\SiSoftware Sandra Professional 2005.SR3\Sandra.sys -> File not found
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys ->  [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10-10-2006 12:53:48 | Attr =    ]
(SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 16-02-2006 16:51:08 | Attr = R  ]
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS ->  [Ver = 1, 0, 0, 1034 | Size = 30720 bytes | Modified Date = 09-01-2007 14:09:48 | Attr =    ]
(scsipont) scsipont [Kernel | Unknown | Running] ->  -> File not found
(Secdrv) Secdrv [Kernel | Auto | Running] -> %System32%\drivers\secdrv.sys -> Macrovision Europe Ltd [Ver = 3.18.000 | Size = 12400 bytes | Modified Date = 20-09-2005 20:12:50 | Attr =    ]
(serenum) Serenum-filterdriver [Kernel | On_Demand | Stopped] -> %System32%\drivers\serenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Serial) Seriel portdriver [Kernel | System | Stopped] -> %System32%\drivers\serial.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 65152 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %System32%\drivers\sfdrv01.sys -> Protection Technology [Ver = 1.34 | Size = 48640 bytes | Modified Date = 16-05-2005 15:16:00 | Attr =    ]
(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfhlp02.sys -> Protection Technology [Ver = 2.3 | Size = 6656 bytes | Modified Date = 16-05-2005 15:20:40 | Attr =    ]
(Sfloppy) Sfloppy [Kernel | System | Stopped] -> %System32%\drivers\sfloppy.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11392 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfsync02.sys -> Protection Technology [Ver = 2.11 | Size = 19968 bytes | Modified Date = 16-05-2005 15:23:40 | Attr =    ]
(sfvfs02) StarForce Protection VFS Driver (version 2.x) [Kernel | Boot | Running] -> %System32%\drivers\sfvfs02.sys -> Protection Technology [Ver = 2.7 | Size = 66560 bytes | Modified Date = 16-05-2005 15:26:50 | Attr =    ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SLIP) BDA Slip De-Framer [Kernel | On_Demand | Stopped] -> %System32%\drivers\SLIP.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11136 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(smb2k) smb2k [Kernel | Unknown | Running] ->  -> File not found
(SMBBATT) Driver til Microsoft Smart Battery [Kernel | On_Demand | Running] -> %System32%\drivers\smbbatt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16128 bytes | Modified Date = 03-08-2004 23:07:36 | Attr =    ]
(SMBHC) Driver til Microsoft SM Bus-værtscontroller [Kernel | System | Running] -> %System32%\drivers\smbhc.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 6784 bytes | Modified Date = 17-08-2001 21:57:56 | Attr =    ]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %System32%\drivers\splitter.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 6400 bytes | Modified Date = 14-06-2006 10:47:46 | Attr =    ]
(sr) Filterdriver til Systemgendannelse [File_System | Boot | Running] -> %System32%\drivers\sr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73472 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Srv) Srv [File_System | On_Demand | Running] -> %System32%\drivers\srv.sys -> Microsoft Corporation [Ver = 5.1.2600.2974 (xpsp_sp2_gdr.060814-0101) | Size = 332928 bytes | Modified Date = 14-08-2006 12:34:42 | Attr =    ]
(streamip) BDA IPSink [Kernel | On_Demand | Stopped] -> %System32%\drivers\StreamIP.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(swenum) Software-busdriver [Kernel | On_Demand | Running] -> %System32%\drivers\swenum.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4352 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(swmidi) Microsoft Kernel GS Wavetable-synthesizer [Kernel | On_Demand | Stopped] -> %System32%\drivers\swmidi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 54272 bytes | Modified Date = 17-08-2001 22:00:52 | Attr =    ]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %System32%\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.10.12 20May04 | Size = 184768 bytes | Modified Date = 20-05-2004 19:52:40 | Attr =    ]
(sysaudio) Microsoft Kernel System Audio-enhed [Kernel | On_Demand | Running] -> %System32%\drivers\sysaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 03-08-2004 23:15:56 | Attr =    ]
(tbhsd) Tunebite High-Speed Dubbing [Kernel | On_Demand | Stopped] -> %System32%\drivers\tbhsd.sys -> RapidSolution Software AG [Ver = 2, 0, 0, 0 | Size = 16640 bytes | Modified Date = 18-09-2006 11:54:48 | Attr =    ]
(Tcpip) TCP/IP-protokoldriver [Kernel | System | Running] -> %System32%\drivers\tcpip.sys -> Microsoft Corporation [Ver = 5.1.2600.2892 (xpsp_sp2_gdr.060420-0254) | Size = 359808 bytes | Modified Date = 20-04-2006 13:51:50 | Attr =    ]
(TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdpipe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12040 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %System32%\drivers\tdtcp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 21896 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(Teefer) Teefer for NT [Kernel | Boot | Running] -> %System32%\drivers\Teefer.sys -> Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 55888 bytes | Modified Date = 04-09-2003 17:05:00 | Attr =    ]
(TermDD) Driver til terminalenhed [Kernel | System | Running] -> %System32%\drivers\termdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 40840 bytes | Modified Date = 26-08-2004 17:54:04 | Attr =    ]
(tifm21) tifm21 [Kernel | On_Demand | Stopped] -> %System32%\drivers\tifm21.sys -> Texas Instruments [Ver = 1.0.1.4 | Size = 67584 bytes | Modified Date = 26-05-2004 10:07:30 | Attr =    ]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(Udfs) Udfs [File_System | Disabled | Stopped] -> %System32%\drivers\udfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 66176 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(Update) Opdateringsdriver til mikrokode [Kernel | On_Demand | Running] -> %System32%\drivers\update.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 209408 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(usbaudio) USB-lyddriver (WDM) [Kernel | On_Demand | Stopped] -> %System32%\drivers\USBAUDIO.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59264 bytes | Modified Date = 03-08-2004 23:07:56 | Attr =    ]
(usbccgp) Overordnet Microsoft USB-standarddriver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbccgp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 31616 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(usbehci) Miniportdriver til Microsoft USB 2.0-udvidet værtscontroller [Kernel | On_Demand | Running] -> %System32%\drivers\usbehci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26624 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(usbhub) Driver til Microsoft USB-standardhub [Kernel | On_Demand | Running] -> %System32%\drivers\usbhub.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57600 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(usbprint) Microsoft USB PRINTER-klasse [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbprint.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25856 bytes | Modified Date = 03-08-2004 23:01:26 | Attr =    ]
(usbscan) USB-scannerdriver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usbscan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15104 bytes | Modified Date = 03-08-2004 22:58:46 | Attr =    ]
(USBSTOR) Driver til USB-lagerenhed [Kernel | On_Demand | Stopped] -> %System32%\drivers\USBSTOR.SYS -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26496 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(usbuhci) Microsoft USB-universel værtscontroller miniportdriver [Kernel | On_Demand | Running] -> %System32%\drivers\usbuhci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(USB_RNDIS) USB Remote NDIS Network Device Driver [Kernel | On_Demand | Stopped] -> %System32%\drivers\usb8023.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12672 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(VgaSave) VgaSave [Kernel | System | Running] -> %System32%\drivers\vga.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(VolSnap) VolSnap [Kernel | Boot | Running] -> %System32%\drivers\volsnap.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 53504 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(w29n51) Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP [Kernel | On_Demand | Stopped] -> %System32%\drivers\w29n51.sys -> Intel® Corporation [Ver = 9000-60 Driver | Size = 3210496 bytes | Modified Date = 20-08-2004 00:41:46 | Attr =    ]
(Wanarp) Remote Access IP ARP-driver [Kernel | On_Demand | Running] -> %System32%\drivers\wanarp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(wdmaud) Microsoft WINNM WDM-kompatibel lyddriver [Kernel | On_Demand | Running] -> %System32%\drivers\wdmaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 82944 bytes | Modified Date = 14-06-2006 11:00:46 | Attr =    ]
(wg3n) SyGate for NT, wg3n [Kernel | Auto | Running] -> %System32%\drivers\wg3n.sys -> Sygate Technologies, Inc. [Ver = 1.2.1222.0 | Size = 11914 bytes | Modified Date = 04-09-2003 17:05:00 | Attr =    ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.12.04 built by: WinDDK | Size = 682624 bytes | Modified Date = 10-03-2004 11:37:26 | Attr =    ]
(wpsdrvnt) wpsdrvnt [Kernel | System | Running] -> %System32%\drivers\wpsdrvnt.sys -> Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 18515 bytes | Modified Date = 04-09-2003 17:05:00 | Attr =    ]
(WS2IFSL) Windows Socket 2.0-ikke-IFS-udbydermiljø [Kernel | Disabled | Stopped] -> %System32%\drivers\ws2ifsl.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12032 bytes | Modified Date = 27-08-2004 05:00:00 | Attr =    ]
(WSTCODEC) World Standard Teletext Codec [Kernel | On_Demand | Stopped] -> %System32%\drivers\WSTCODEC.SYS -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 19328 bytes | Modified Date = 03-08-2004 23:10:22 | Attr =    ]

< End of report >

Der var ikke noget at komme efter i winpfind3u-loggen. Det bliver spændende at se om Gmer finder noget.

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-04-11 10:18:12
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT    d347bus.sys                                                                                                                                                                                  ZwClose
SSDT    \SystemRoot\system32\drivers\smb2k.sys                                                                                                                                                      ZwCreateKey                                                                                                                                                                                                                                    <-- ROOTKIT !!!
SSDT    d347bus.sys                                                                                                                                                                                  ZwCreatePagingFile
SSDT    \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys                                                                                                                                                ZwCreateThread
SSDT    \SystemRoot\system32\drivers\smb2k.sys                                                                                                                                                      ZwEnumerateKey                                                                                                                                                                                                                                  <-- ROOTKIT !!!
SSDT    d347bus.sys                                                                                                                                                                                  ZwEnumerateValueKey
SSDT    \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys                                                                                                                                                ZwMapViewOfSection
SSDT    \SystemRoot\system32\drivers\smb2k.sys                                                                                                                                                      ZwOpenKey                                                                                                                                                                                                                                      <-- ROOTKIT !!!
SSDT    \??\C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.sys                                                                                                                                    ZwOpenProcess
SSDT    d347bus.sys                                                                                                                                                                                  ZwQueryKey
SSDT    d347bus.sys                                                                                                                                                                                  ZwQueryValueKey
SSDT    d347bus.sys                                                                                                                                                                                  ZwSetSystemPowerState
SSDT    \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys                                                                                                                                                ZwShutdownSystem
SSDT    \??\C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.sys                                                                                                                                    ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

?        atmex.sys                                                                                                                                                                                    Den angivne fil blev ikke fundet.
.text    tcpip.sys!IPTransmit + 10BC                                                                                                                                                                  EEBADCFA 6 Bytes  CALL F7628200 Teefer.sys
.text    tcpip.sys!IPTransmit + 2810                                                                                                                                                                  EEBAF44E 6 Bytes  CALL F7628200 Teefer.sys
.text    tcpip.sys!ARPRcv + 506D                                                                                                                                                                      EEBB44E0 6 Bytes  CALL F7628200 Teefer.sys
?        system32\drivers\scsipont.sys                                                                                                                                                                Den angivne fil blev ikke fundet.
?        system32\drivers\smb2k.sys                                                                                                                                                                  Den angivne fil blev ikke fundet.
.text    wanarp.sys                                                                                                                                                                                  F78B33FD 4 Bytes  CALL F7628350 Teefer.sys
.text    wanarp.sys                                                                                                                                                                                  F78B3402 2 Bytes  [ 90, 90 ]

---- Devices - GMER 1.0.12 ----

Device  \FileSystem\Fastfat \FatCdrom IRP_MJ_READ                                                                                                                                                    85F8AB58
Device  \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_CREATE                                                                                                                                            [F7B3F360] wpsdrvnt.sys
Device  \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_CLOSE                                                                                                                                            [F7B3F580] wpsdrvnt.sys
Device  \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_DEVICE_CONTROL                                                                                                                                    [F7B3F6A0] wpsdrvnt.sys
Device  \Driver\aswTdi \Device\AswUdpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                          [F7B3F6D0] wpsdrvnt.sys
Device  \Driver\aswTdi \Device\ASWTDI IRP_MJ_CREATE                                                                                                                                                  [F7B3F360] wpsdrvnt.sys
Device  \Driver\aswTdi \Device\ASWTDI IRP_MJ_CLOSE                                                                                                                                                  [F7B3F580] wpsdrvnt.sys
Device  \Driver\aswTdi \Device\ASWTDI IRP_MJ_DEVICE_CONTROL                                                                                                                                          [F7B3F6A0] wpsdrvnt.sys
Device  \Driver\aswTdi \Device\ASWTDI IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                [F7B3F6D0] wpsdrvnt.sys
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE                                                                                                                                                  85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE                                                                                                                                        85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE                                                                                                                                                    85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ                                                                                                                                                    85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE                                                                                                                                                    85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION                                                                                                                                        85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION                                                                                                                                          85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA                                                                                                                                                85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA                                                                                                                                                  85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS                                                                                                                                            85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                                85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                                  85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL                                                                                                                                        85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                                      85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL                                                                                                                                          85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                  85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN                                                                                                                                                85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL                                                                                                                                            85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP                                                                                                                                                  85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT                                                                                                                                          85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY                                                                                                                                          85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY                                                                                                                                            85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER                                                                                                                                                    85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL                                                                                                                                          85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE                                                                                                                                            85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA                                                                                                                                              85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA                                                                                                                                                85AC84B8
Device  \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP                                                                                                                                                      85AC84B8
Device  \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ                                                                                                                                                859F2208
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE                                                                                                                                                  85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE                                                                                                                                        85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE                                                                                                                                                    85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ                                                                                                                                                    85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE                                                                                                                                                    85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION                                                                                                                                        85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION                                                                                                                                          85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA                                                                                                                                                85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA                                                                                                                                                  85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS                                                                                                                                            85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                                85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                                  85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL                                                                                                                                        85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                                      85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL                                                                                                                                          85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                  85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN                                                                                                                                                85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL                                                                                                                                            85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP                                                                                                                                                  85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT                                                                                                                                          85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY                                                                                                                                          85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY                                                                                                                                            85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER                                                                                                                                                    85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL                                                                                                                                          85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE                                                                                                                                            85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA                                                                                                                                              85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA                                                                                                                                                85AC84B8
Device  \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP                                                                                                                                                      85AC84B8
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE                                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE                                                                                                                                  85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE                                                                                                                                              85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ                                                                                                                                              85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE                                                                                                                                              85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION                                                                                                                                  85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA                                                                                                                                          85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA                                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS                                                                                                                                      85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                          85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL                                                                                                                                  85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                                85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL                                                                                                                                    [F7120CBC] AnyDVD.sys
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                            [F7121750] AnyDVD.sys
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN                                                                                                                                          85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL                                                                                                                                      85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP                                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY                                                                                                                                      85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER                                                                                                                                              85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE                                                                                                                                      85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA                                                                                                                                        85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA                                                                                                                                          85906F00
Device  \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP                                                                                                                                                85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE                                                                                                                        85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ                                                                                                                                      85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION                                                                                                                        85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION                                                                                                                          85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA                                                                                                                                  85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                  85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL                                                                                                                        85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                      85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL                                                                                                                            [F7120CBC] AnyDVD.sys
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                  [F7121750] AnyDVD.sys
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN                                                                                                                                  85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL                                                                                                                              85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP                                                                                                                                  85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT                                                                                                                          85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY                                                                                                                              85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA                                                                                                                              85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA                                                                                                                                85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP                                                                                                                                      85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE                                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE                                                                                                                                  85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE                                                                                                                                              85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ                                                                                                                                              85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE                                                                                                                                              85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION                                                                                                                                  85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA                                                                                                                                          85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA                                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS                                                                                                                                      85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                          85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL                                                                                                                                  85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                                85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL                                                                                                                                    [F7120CBC] AnyDVD.sys
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                            [F7121750] AnyDVD.sys
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN                                                                                                                                          85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL                                                                                                                                      85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP                                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY                                                                                                                                      85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER                                                                                                                                              85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE                                                                                                                                      85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA                                                                                                                                        85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA                                                                                                                                          85906F00
Device  \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP                                                                                                                                                85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE                                                                                                                        85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_READ                                                                                                                                      85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION                                                                                                                        85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION                                                                                                                          85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA                                                                                                                                  85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                  85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL                                                                                                                        85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                      85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL                                                                                                                            [F7120CBC] AnyDVD.sys
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                  [F7121750] AnyDVD.sys
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN                                                                                                                                  85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL                                                                                                                              85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP                                                                                                                                  85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT                                                                                                                          85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY                                                                                                                              85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER                                                                                                                                    85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE                                                                                                                            85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA                                                                                                                              85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA                                                                                                                                85906F00
Device  \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP                                                                                                                                      85906F00
Device  \Driver\SMBHC \Device\SmbHc IRP_MJ_CREATE                                                                                                                                                    [F7CFCC98] SMBCLASS.SYS
Device  \Driver\SMBHC \Device\SmbHc IRP_MJ_CLOSE                                                                                                                                                    [F7CFCC98] SMBCLASS.SYS
Device  \Driver\SMBHC \Device\SmbHc IRP_MJ_DEVICE_CONTROL                                                                                                                                            [F7CFC4A4] SMBCLASS.SYS
Device  \Driver\SMBHC \Device\SmbHc IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                                  [F7CFC3D2] SMBCLASS.SYS
Device  \Driver\SMBHC \Device\SmbHc IRP_MJ_POWER                                                                                                                                                    [F7CFC386] SMBCLASS.SYS
Device  \Driver\SMBHC \Device\SmbHc IRP_MJ_SYSTEM_CONTROL                                                                                                                                            [F7CFC4A4] SMBCLASS.SYS
Device  \Driver\SMBHC \Device\SmbHc IRP_MJ_PNP                                                                                                                                                      [F7CFCE88] SMBCLASS.SYS
Device  \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_CREATE                                                                                                                                            [F7B3F360] wpsdrvnt.sys
Device  \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_CLOSE                                                                                                                                            [F7B3F580] wpsdrvnt.sys
Device  \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_DEVICE_CONTROL                                                                                                                                    [F7B3F6A0] wpsdrvnt.sys
Device  \Driver\aswTdi \Device\AswTcpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                          [F7B3F6D0] wpsdrvnt.sys
Device  \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ                                                                                                                                            85D20698
Device  \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ                                                                                                                                859E7208
Device  \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ                                                                                                                                      859E7208
Device  \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ                                                                                                                                              85A0B440
Device  \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ                                                                                                                                                85A07B40
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE                                                                                                                    85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE                                                                                                          85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSE                                                                                                                      85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_READ                                                                                                                      85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE                                                                                                                      85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION                                                                                                          85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION                                                                                                            85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA                                                                                                                  85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA                                                                                                                    85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS                                                                                                              85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                  85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION                                                                                                    85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL                                                                                                          85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                        85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL                                                                                                            [F7120CBC] AnyDVD.sys
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                    [F7121750] AnyDVD.sys
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN                                                                                                                  85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL                                                                                                              85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP                                                                                                                    85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT                                                                                                            85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY                                                                                                            85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY                                                                                                              85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER                                                                                                                      85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL                                                                                                            85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE                                                                                                              85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA                                                                                                                85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA                                                                                                                  85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP                                                                                                                        85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE                                                                                                                                          85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE                                                                                                                              85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE                                                                                                                                          85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ                                                                                                                                            85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE                                                                                                                                          85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION                                                                                                                              85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION                                                                                                                                85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA                                                                                                                                        85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA                                                                                                                                          85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS                                                                                                                                  85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION                                                                                                                        85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION                                                                                                                          85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL                                                                                                                              85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL                                                                                                                            85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL                                                                                                                                  [F7120CBC] AnyDVD.sys
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL                                                                                                                        [F7121750] AnyDVD.sys
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN                                                                                                                                        85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL                                                                                                                                    85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP                                                                                                                                        85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT                                                                                                                                85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY                                                                                                                                  85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY                                                                                                                                    85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER                                                                                                                                          85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL                                                                                                                                  85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE                                                                                                                                  85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA                                                                                                                                    85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA                                                                                                                                      85BC5E28
Device  \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP                                                                                                                                            85BC5E28
Device  \FileSystem\Fastfat \Fat IRP_MJ_READ                                                                                                                                                        85F8AB58
Device  \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ                                                                                                                              85A0B278
Device  \FileSystem\Fs_Rec \FileSystem\NtfsRecognizer IRP_MJ_READ                                                                                                                                    85A0B278
Device  \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ                                                                                                                                    85A0B278
Device  \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ                                                                                                                                85A0B278
Device  \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ                                                                                                                                85A0B278
Device  \FileSystem\Cdfs \Cdfs IRP_MJ_READ                                                                                                                                                          85D7A438

---- Modules - GMER 1.0.12 ----

Module  _________                                                                                                                                                                                    F76ED000

---- Services - GMER 1.0.12 ----

Service  system32\drivers\atmex.sys (*** hidden *** )                                                                                                                                                [BOOT] atmex                                                                                                                                                                                                                                    <-- ROOTKIT !!!
Service  system32\drivers\scsipont.sys (*** hidden *** )                                                                                                                                              [SYSTEM] scsipont                                                                                                                                                                                                                              <-- ROOTKIT !!!
Service  system32\drivers\smb2k.sys (*** hidden *** )                                                                                                                                                [SYSTEM] smb2k                                                                                                                                                                                                                                  <-- ROOTKIT !!!

---- Registry - GMER 1.0.12 ----

Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                                                                                Apartment
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                                                                              C:\WINDOWS\system32\OLE32.DLL
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b                                                              0xC8 0x28 0x51 0xAF ...
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                                                                                Apartment
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                                                                              C:\WINDOWS\system32\OLE32.DLL
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b                                                              0x71 0x3B 0x04 0x66 ...
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                                                                                Apartment
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                                                                              C:\WINDOWS\system32\OLE32.DLL
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016                                                              0xFF 0x7C 0x85 0xE0 ...
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                                                                                Apartment
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                                                                              C:\WINDOWS\system32\OLE32.DLL
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48                                                              0x86 0x8C 0x21 0x01 ...
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                                                                                Apartment
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                                                                              C:\WINDOWS\system32\OLE32.DLL
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472                                                              0xE9 0x02 0x6C 0xFA ...
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                                                                                Apartment
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                                                                              C:\WINDOWS\system32\OLE32.DLL
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d                                                              0xB0 0x18 0xED 0xA7 ...
Reg      \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel     

Nå, der var godt nok lige et par slemme rootkits i dén log. Når der er rootkits på computeren, er den som regel rimelig slemt kompomiteret. Dette betyder for det første, at det kan tage lang tid at rense den. For det andet, at det kan være svært at give endelige garantier på, at computeren er helt ren til sidst. Derfor kunne det måske være en ide at overveje om en nyformatering kunne være en mulighed?

Hvis du vælger at fortsætte, så gør følgende:

-- Hent Avenger her, og pak det ud på skrivebordet (du skal bruge det senere):
http://swandog46.geekstogo.com/avenger.zip

-- Kør så Gmer igen, og lad den scanne for rootkits. Når den er færdig, skal du finde følgende entries:

SSDT    \SystemRoot\system32\drivers\smb2k.sys        ZwCreateKey
SSDT    \SystemRoot\system32\drivers\smb2k.sys          ZwEnumerateKey
SSDT    \SystemRoot\system32\drivers\smb2k.sys          ZwOpenKey

Højreklik på hver af dem, og vælg "Restore SSDT"

-- Længere nede, skal du finde disse entries:
?        atmex.sys                                      Den angivne fil blev ikke fundet.
?        system32\drivers\scsipont.sys                  Den angivne fil blev ikke fundet.
?        system32\drivers\smb2k.sys                    Den angivne fil blev ikke fundet.

Højreklik på hver af dem, og vælg (hvis du kan) "Delete file"

-- Længere nede, skal du finde disse entries:
Service  system32\drivers\atmex.sys (*** hidden *** )                    [BOOT] atmex
Service  system32\drivers\scsipont.sys (*** hidden *** )                  [SYSTEM] scsipont
Service  system32\drivers\smb2k.sys (*** hidden *** )                    [SYSTEM] smb2k

Højreklik på hver af dem, og vælg "Delete the service"

Luk herefter Gmer ned.

-- Kør så Avenger-programmet, som du hentede før.

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem de stiplede linier ind:

-----------------------------
Files to delete:
c:\windows\system32\drivers\atmex.sys
c:\windows\system32\drivers\scsipont.sys
c:\windows\system32\drivers\smb2k.sys

drivers to unload:
atmex
scsipont
smb2k
-----------------------------

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Lav også en ny log med Gmer, som du lægger herind. Denne gang må du gerne holde øje med om hele loggen kan være i én post (du fik ikke hele loggen med sidst). Ellers må du lægge den i flere posts :-)

Jeg tror jeg overvejer en formatering, og også ked af at bruge for meget af din tid, på noget som du kun får point for...

Kan også spørge på en anden måde...Hvad ville du ha' gjort...?

Ihvertfald 1000 tak indtil videre... :-)

Nu er det jo også en sport for mig, så jeg ville nok have forsøgt at rense den. Og så når det var lykkedes eventuelt have overvejet at formatere den. Men det er jo nok ikke et synspunkt, du kan bruge til så meget ;-)

Men i hvert fald så skal du ikke lade være med at få den renset for min skyld. Jeg synes hellere du skal overveje hvor besværligt det er for dig at formatere i forhold til at køre en længere rensningsprocedure, der ikke giver garantier for fuld rensning.