CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

oleabirch Nybegynder

09. januar 2008 - 12:11 Der er 33 kommentarer og
1 løsning

Kan ikke fjerne "Windows Security Alert"

Min arbejdscomputer er inficeret og ubrugelig. Styresystem XP SP2, sikkerhedspakker: Defender, TDC sikkerhedspakke,superantivirus.
Alle forsøg på at opspore inficeringskilden har været resultatløse.
Der fremkommer uopfordrede sikkerhedsikoner i vindue og explores menu , menulinien udstyres med et rødt afkrydsset blinkende System Alert, skærmen fyldes af talrige opfordringer med sikkerhedstilbud.
Det er sikkert opstået da jeg ville afinstallere Netscape og lige ville kaste et sidste blik på den nye udgave af fortidslevningen, i nyhedsdelen har jeg clikket på tilføjelse til Realplayer`s videodel, det startede lavinen, og jeg som ellers helst undgår at kvaje mig.
Jeg vedlægger sidste Hijack rapport, og håber i den grad at I kan hjælpe mig.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:50:17, on 09-01-2008u
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\TDCpakke\Npm\Bin\elogsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
C:\Programmer\TDCpakke\npm\bin\nvoy.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Logitech\QuickCam10\QuickCam10.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\EPSON\ESM2\eEBSVC.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Programmer\Miramar\PC MACLAN\ATMsg.exe
C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Programmer\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Programmer\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
C:\Programmer\Miramar\PC MACLAN\ATSERVER.EXE
C:\Programmer\Miramar\PC MACLAN\ATSPOOL.EXE
C:\Programmer\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\Fælles filer\Logishrd\LQCVFX\COCIManager.exe
C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Microsoft Office\Office12\WINWORD.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll
O2 - BHO: XBTBPos00 Class - {FFB8AD19-47BE-4D96-8E93-DA01414A979E} - C:\PROGRA~1\ONLYTO~1\ONLYTO~1.DLL
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Programmer\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Notesbog - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [NPCTray] C:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Programmer\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmer\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Programmer\EPSON\ESM2\STMS.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Noter denne side (Google Notesbog) - res://C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll/gn_menu1.html
O8 - Extra context menu item: Noter dette (Google Notesbog) - res://C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll/gn_menu2.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmer\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmer\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: bklgvsf - {31E2E55A-C195-4287-AAAB-07E69948639E} - C:\WINDOWS\bklgvsf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Programmer\Miramar\PC MACLAN\ATMsg.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\elogsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmer\EPSON\ESM2\eEBSVC.exe
O23 - Service: Flexlm Service 1 - Logitech Inc. - (no file)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: mental ray 3.5 Satellite for Autodesk VIZ 2008 (mi-raysat_VIZ2008_32) - Unknown owner - C:\Programmer\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Programmer\Miramar\PC MACLAN\ATSERVER.EXE
O23 - Service: Miramar AppleTalk Print Server - Miramar Systems Inc. - C:\Programmer\Miramar\PC MACLAN\ATSPOOL.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Unknown owner - (no file)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programmer\TDCpakke\npm\bin\nvoy.exe

--
End of file - 16456 bytes

Synes godt om

fromsej Praktikant

09. januar 2008 - 13:06 #1

Du har besøg af Smitfraud, klik ikke på de "forslag" der kommer, så bryder helvede først løs.

Download http://siri.urz.free.fr/Fix/SmitfraudFix.exe (by S!Ri)
Eller her:
http://72.232.135.12/siri/SmitfraudFix.exe
Til roden af C:drevet

Genstart i fejlsikret tilstand, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

Dobbeltklik på C:\Smitfraud exe. Vælg option #2 - Clean.
Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . den kan findes her - C:\rapport.txt.
Kopiér denne liste ind i tråden sammen med logfilerne fra denne artikel:
http://www.eksperten.dk/artikler/1123

+++++++++++++++++++++++++++++++++++
process.exe er af nogen antivirus programmer betegnet "RiskTool".
Det er ikke en infektion, derimod et program til at stoppe system processer.

Synes godt om

oleabirch Nybegynder

09. januar 2008 - 15:45 #2

2SmitFraudFix v2.265

Scan done at 15:11:34,03, 09-01-2008
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FORETR~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmer

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{155DF63A-B73A-49D2-BC53-ECF07C05F57B}: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS1\Services\Tcpip\..\{155DF63A-B73A-49D2-BC53-ECF07C05F57B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{155DF63A-B73A-49D2-BC53-ECF07C05F57B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{155DF63A-B73A-49D2-BC53-ECF07C05F57B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.162.153.164 194.239.134.83
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Tak for hjælpen, det ser ud som om angrebet er afsluttet

Synes godt om

Computer Hjælp (Gratis) Mester

09. januar 2008 - 22:07 #3

http://www.eksperten.dk/artikler/1123 !!!

Synes godt om

oleabirch Nybegynder

10. januar 2008 - 16:39 #4

Her manglende lograporter, der var noget jeg havde misforstået, men det er min debut i panelet (i spørgepaneler overhovedet, så tilgiv mig forsinkelsen - det tager jo også sin tid altsammen.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:14, on 10-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\TDCpakke\Npm\Bin\elogsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
C:\Programmer\TDCpakke\npm\bin\nvoy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\EPSON\ESM2\eEBSVC.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Programmer\Miramar\PC MACLAN\ATMsg.exe
C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Programmer\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Programmer\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
C:\Programmer\Miramar\PC MACLAN\ATSERVER.EXE
C:\Programmer\Miramar\PC MACLAN\ATSPOOL.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE
C:\Programmer\TDCpakke\Nvc\BIN\NIP.EXE
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\TDCpakke\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Programmer\PowerISO\PWRISOVM.EXE
C:\Programmer\Fælles filer\Mediafour\MACVNTFY.EXE
C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe
C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe
C:\Programmer\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Fælles filer\Logishrd\LQCVFX\COCIManager.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
C:\Programmer\ergonis\PopChar\PopChar.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll
O2 - BHO: XBTBPos00 Class - {FFB8AD19-47BE-4D96-8E93-DA01414A979E} - C:\PROGRA~1\ONLYTO~1\ONLYTO~1.DLL
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Programmer\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Notesbog - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Programmer\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmer\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Programmer\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Programmer\Fælles filer\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmer\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NPCTray] C:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmer\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [DNA] "C:\Programmer\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmer\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Programmer\Last.fm\LastFMHelper.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Programmer\EPSON\ESM2\STMS.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PopChar.lnk = C:\Programmer\ergonis\PopChar\PopChar.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Noter denne side (Google Notesbog) - res://C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll/gn_menu1.html
O8 - Extra context menu item: Noter dette (Google Notesbog) - res://C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll/gn_menu2.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmer\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmer\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: bklgvsf - {31E2E55A-C195-4287-AAAB-07E69948639E} - C:\WINDOWS\bklgvsf.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Programmer\Miramar\PC MACLAN\ATMsg.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\elogsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmer\EPSON\ESM2\eEBSVC.exe
O23 - Service: Flexlm Service 1 - Logitech Inc. - (no file)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: mental ray 3.5 Satellite for Autodesk VIZ 2008 (mi-raysat_VIZ2008_32) - Unknown owner - C:\Programmer\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Programmer\Miramar\PC MACLAN\ATSERVER.EXE
O23 - Service: Miramar AppleTalk Print Server - Miramar Systems Inc. - C:\Programmer\Miramar\PC MACLAN\ATSPOOL.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Unknown owner - (no file)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programmer\TDCpakke\npm\bin\nvoy.exe

--
End of file - 19381 bytes

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
10-01-2008 14:37:57,78

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 14:37:58
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

hidden processes: 0

ComboFix 08-01-10.2 - Administrator 2008-01-10 14:42:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.58 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\9QQGFAP8\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-09 21:44 . 2008-01-09 21:44 <DIR> d-------- C:\Programmer\Microsoft Expression
2008-01-09 15:11 . 2008-01-09 15:17 3,538 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-09 15:10 . 2008-01-09 15:17 <DIR> d-------- C:\SmitfraudFix
2008-01-09 14:54 . 2008-01-09 14:55 1,048,368 --a------ C:\SmitfraudFix.exe
2008-01-09 14:16 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-09 14:16 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-09 14:16 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-09 14:16 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-09 14:16 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-09 14:16 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-09 13:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 12:39 . 2008-01-09 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-09 12:34 . 2008-01-09 12:34 <DIR> d-------- C:\Programmer\CCleaner
2008-01-09 07:06 . 2008-01-09 07:06 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-08 13:40 . 2008-01-08 13:40 <DIR> d-------- C:\Programmer\Trend Micro
2008-01-08 11:32 . 2008-01-08 11:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-08 09:10 . 2008-01-08 09:10 <DIR> d-------- C:\WINDOWS\Content.IE5
2008-01-08 00:35 . 2008-01-08 01:08 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-08 00:35 . 2008-01-08 01:08 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-08 00:35 . 2008-01-08 01:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-08 00:34 . 2008-01-08 00:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-06 15:25 . 2008-01-06 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 15:25 . 2008-01-06 15:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-06 15:25 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-05 22:05 . 2008-01-06 05:54 <DIR> d-------- C:\Programmer\Enigma Software Group
2008-01-05 16:44 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-05 13:14 . 2008-01-05 13:14 <DIR> d-------- C:\Programmer\Lavasoft
2008-01-05 13:14 . 2008-01-05 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-02 12:44 . 2008-01-02 12:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2007-12-29 17:23 . 2007-12-29 17:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-29 17:23 . 2007-12-29 17:23 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-29 17:13 . 2007-12-29 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-29 17:12 . 2007-12-29 17:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2007-12-25 09:15 . 2007-12-25 09:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\F-Secure
2007-12-25 04:08 . 2007-12-25 04:08 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS
2007-12-25 03:48 . 2007-12-25 10:10 <DIR> d-------- C:\Programmer\F-Secure Internet Security
2007-12-25 03:48 . 2007-12-25 03:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-12-25 03:48 . 2007-12-25 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-12-19 16:26 . 2007-12-19 16:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegistrySmart
2007-12-19 10:31 . 2007-12-19 10:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegClean
2007-12-19 09:17 . 2007-12-19 09:17 <DIR> d-------- C:\Programmer\Microsoft Works
2007-12-19 09:12 . 2007-12-19 09:12 <DIR> d-------- C:\Programmer\Microsoft.NET
2007-12-19 09:07 . 2007-12-19 09:07 <DIR> d-------- C:\Programmer\Microsoft Visual Studio 8
2007-12-19 09:04 . 2008-01-09 21:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-18 21:51 . 2007-12-19 11:46 <DIR> d-------- C:\Programmer\RegClean
2007-12-18 20:27 . 2007-12-23 11:01 <DIR> d-------- C:\Programmer\Mozilla Thunderbird
2007-12-18 20:27 . 2007-12-18 20:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2007-12-17 23:30 . 2007-12-17 23:42 <DIR> d-------- C:\Programmer\VisualRoute
2007-12-17 23:00 . 2007-12-17 23:14 <DIR> d-------- C:\Programmer\VisualRoute Server
2007-12-13 22:57 . 2007-12-13 22:57 3 --a------ C:\WINDOWS\msdbc_7489515.dat
2007-12-13 22:49 . 2008-01-05 23:31 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-13 12:37 . 2007-12-13 12:38 <DIR> d-------- C:\WINDOWS\system32\RPC
2007-12-12 11:31 . <DIR> C:\Programmer\Fælles filer\ChaosGroup
2007-12-12 11:30 . 2007-12-12 11:30 <DIR> d-------- C:\Programmer\Chaos Group

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 14:13 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-01-10 14:13 --------- d-----w C:\Programmer\TDCpakke
2008-01-10 13:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-01-10 11:14 --------- d-----w C:\Programmer\SUPERAntiSpyware
2008-01-10 09:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-01-09 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-09 11:34 --------- d-----w C:\Programmer\Yahoo!
2008-01-08 21:45 --------- d-----w C:\Programmer\DarkSim
2008-01-08 21:43 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-01-08 08:40 --------- d-----w C:\Programmer\GXTranscoder.net AWE
2008-01-08 08:38 --------- d-----w C:\Programmer\The Human Genome Project
2008-01-06 00:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2008-01-05 12:13 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2007-12-25 20:05 --------- d-----w C:\Programmer\Apple Software Update
2007-12-19 08:16 --------- d-----w C:\Programmer\MSBuild
2007-12-18 19:22 --------- d-----w C:\Programmer\Mozilla Firefox 3 Beta 1
2007-12-18 11:10 --------- d-----w C:\Programmer\MagicISO
2007-12-17 21:20 --------- d-----w C:\Programmer\Fælles filer\Logitech
2007-12-17 21:16 --------- d-----w C:\Programmer\Fælles filer\LogiShrd
2007-12-17 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-17 21:13 --------- d-----w C:\Programmer\Logitech
2007-12-14 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-09 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-12-06 14:53 --------- d-----w C:\Programmer\MDM
2007-11-23 11:54 --------- d-----w C:\Programmer\Java
2007-11-23 08:08 --------- d-----w C:\Programmer\Google
2007-11-19 17:08 --------- d-----w C:\Programmer\JAlbumWin
2007-11-18 21:31 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-18 21:30 --------- d-----w C:\Programmer\Fælles filer\Skype
2007-11-13 18:22 --------- d-----w C:\Programmer\QuickTime
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 07:45 --------- d-----w C:\Programmer\Fælles filer\Symantec Shared
2007-11-11 13:24 --------- d-----w C:\Programmer\Onlytorrents
2007-10-27 10:45 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-27 10:45 233,472 ------w C:\WINDOWS\Setup1.exe
2001-03-28 10:02 122,880 -c--a-w C:\WINDOWS\inf\Agfa\message.exe
2006-11-12 07:31 131,145 --sha-r C:\WINDOWS\system32\ope81.exe
2006-11-12 07:35 131,145 --sha-r C:\WINDOWS\system32\ope8B.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-09_13.44.31.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-09 12:01:25 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-10 13:41:54 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-09 12:01:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-10 13:41:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-09 12:01:25 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-10 13:41:54 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-09 12:01:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-10 13:41:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-09 12:01:26 13,774,848 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-10 13:41:55 13,791,232 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-09 12:01:26 462,848 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-10 13:41:55 458,752 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-08-28 22:22:36 579,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACACEDAO.DLL
+ 2007-08-24 04:17:04 165,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACCWIZ.DLL
+ 2007-08-28 22:22:30 1,754,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACECORE.DLL
+ 2007-08-28 22:22:36 579,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEDAO.DLL
+ 2007-08-28 22:22:38 50,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEERR.DLL
+ 2007-08-28 22:22:40 193,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEES.DLL
+ 2007-08-24 02:46:10 341,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEEXCH.DLL
+ 2007-08-24 02:46:14 632,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEEXCL.DLL
+ 2007-08-24 02:46:16 210,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACELTS.DLL
+ 2007-08-24 02:46:18 281,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODBC.DLL
+ 2007-08-24 02:46:20 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODDBS.DLL
+ 2007-08-24 02:46:22 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODEXL.DLL
+ 2007-08-24 02:46:22 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODPDX.DLL
+ 2007-08-24 02:46:22 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODTXT.DLL
+ 2007-08-28 22:22:44 390,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEOLEDB.DLL
+ 2007-08-24 02:46:28 394,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEPDE.DLL
+ 2007-08-24 02:46:30 263,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACER2X.DLL
+ 2007-08-24 02:46:32 292,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACER3X.DLL
+ 2007-08-24 02:46:34 58,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACERCLR.DLL
+ 2007-08-24 02:46:38 554,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEREP.DLL
+ 2007-08-24 02:46:40 226,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACETXT.DLL
+ 2007-08-28 23:52:12 201,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEWSS.DLL
+ 2007-08-24 02:46:44 374,200 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEXBE.DLL
+ 2007-08-28 23:53:12 402,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CDLMSO.DLL
+ 2007-08-24 02:45:50 208,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CLVIEW.EXE
+ 2007-08-24 04:38:36 67,952 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\COLLIMP.DLL
+ 2007-08-28 22:19:32 136,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CONTAB32.DLL
+ 2007-08-24 02:36:26 192,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CONTACTPICKER.DLL
+ 2007-08-24 03:49:12 89,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\DLGSETP.DLL
+ 2007-08-24 05:58:50 237,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\DRAT.EXE
+ 2007-08-24 02:18:14 442,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\DWDCW20.DLL
+ 2007-08-24 02:18:18 437,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\DWTRIG20.EXE
+ 2007-10-05 19:37:38 17,927,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2007-08-23 00:03:38 1,195,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FM20.DLL
+ 2007-08-23 00:19:06 78,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FORM.DLL
+ 2007-08-25 18:11:44 1,685,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FPSRVUTL.DLL
+ 2007-08-28 22:45:00 985,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FPWEC.DLL
+ 2007-10-02 18:45:34 2,530,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GRAPH.EXE
+ 2007-08-28 23:23:36 340,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVE.EXE
+ 2007-08-28 23:23:52 6,192,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEACCOUNTMGR.DLL
+ 2007-08-28 23:24:06 286,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEAUDIO.DLL
+ 2007-08-24 05:59:20 68,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEAUDITSERVICE.EXE
+ 2007-08-28 23:24:08 36,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEAUTOPROXY.DLL
+ 2007-08-28 23:24:10 301,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECALENDARTOOL.DLL
+ 2007-08-24 05:59:26 36,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECLEAN.EXE
+ 2007-08-28 23:24:24 2,690,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECOMMONCOMPONENTS.DLL
+ 2007-08-28 23:24:52 3,514,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2007-08-28 23:25:00 118,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2007-08-28 23:25:02 769,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECOMPONENTMGR.DLL
+ 2007-08-28 23:25:10 1,362,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECRYPTO.DLL
+ 2007-08-24 06:00:16 378,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEDATAVIEWERTOOL.DLL
+ 2007-08-28 23:25:22 3,073,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEDOCUMENTSHARETOOL.DLL
+ 2007-08-28 23:25:32 287,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEFETCHSERVICES.DLL
+ 2007-08-24 06:00:36 200,048 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEGAMES.DLL
+ 2007-08-24 06:00:40 320,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEMIGRATOR.EXE
+ 2007-08-24 06:00:46 1,562,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEMISC.DLL
+ 2007-08-24 06:00:48 33,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEMONITOR.EXE
+ 2007-08-24 06:00:50 25,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVENEW.DLL
+ 2007-08-24 06:00:52 225,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEPROJECTTOOLSET.DLL
+ 2007-08-28 23:25:54 7,053,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVERESOURCE.DLL
+ 2007-08-24 06:01:22 2,212,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESHELLEXTENSIONS.DLL
+ 2007-08-24 06:01:28 364,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESKETCHTOOL.DLL
+ 2007-08-24 06:01:30 19,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESTDURLLAUNCHER.EXE
+ 2007-08-28 23:26:12 2,740,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESTORAGEMGR.DLL
+ 2007-08-28 23:26:18 36,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESYSTEMMODE.DLL
+ 2007-08-24 06:01:46 224,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESYSTEMSERVICES.DLL
+ 2007-08-28 23:26:22 1,165,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVETEXTTOOLS.DLL
+ 2007-08-28 23:26:34 4,747,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVETRANSCEIVER.DLL
+ 2007-08-28 23:26:44 1,398,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEUIFRAMEWORK.DLL
+ 2007-08-24 06:02:24 959,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEUTIL.DLL
+ 2007-08-28 23:26:48 269,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEWEBBROWSERTOOL2.DLL
+ 2007-08-24 06:02:34 573,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEWEBPLATFORMSERVICES.DLL
+ 2007-08-28 23:26:54 632,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEWEBSERVICES.DLL
+ 2007-08-24 02:36:58 175,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IEAWSDC.DLL
+ 2007-10-05 19:30:22 1,443,880 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\INFOPATH.EXE
+ 2007-10-05 19:30:40 5,460,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IPDESIGN.DLL
+ 2007-10-05 19:31:06 5,287,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IPEDITOR.DLL
+ 2007-08-24 04:43:06 179,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IPOLK.DLL
+ 2007-08-28 23:45:54 831,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MEDCAT.DLL
+ 2007-08-24 03:49:40 342,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MIMEDIR.DLL
+ 2007-08-28 22:38:10 500,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-08-28 22:13:52 10,367,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSACCESS.EXE
+ 2007-08-24 04:17:48 69,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSAEXP30.DLL
+ 2007-08-28 23:52:02 120,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSCONV97.DLL
+ 2007-09-14 20:45:58 16,901,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-28 22:20:06 163,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSOCF.DLL
+ 2007-08-28 22:20:12 17,304 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSOCFU.DLL
+ 2007-09-06 16:55:08 431,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSODCW.DLL
+ 2007-08-24 04:50:10 29,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSOEURO.DLL
+ 2007-08-27 19:20:14 6,637,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSORES.DLL
+ 2007-08-28 23:18:20 439,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSORUN.DLL
+ 2007-08-28 22:38:46 9,584,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-08-24 02:40:16 674,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSQRY32.EXE
+ 2007-08-23 00:12:20 507,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSSOAP30.DLL
+ 2007-08-28 23:45:58 835,952 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSTORDB.EXE
+ 2007-08-28 23:46:06 542,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSTORES.DLL
+ 2007-08-24 02:37:50 68,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\NAME.DLL
+ 2007-10-05 19:44:24 14,168,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OART.DLL
+ 2007-10-02 18:51:22 8,436,776 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-09-02 00:55:16 235,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ODEPLOY.EXE
+ 2007-08-28 23:37:40 7,039,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OFFOWC.DLL
+ 2007-08-28 23:19:24 1,654,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-24 03:06:28 277,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OIS.EXE
+ 2007-08-24 03:06:32 1,000,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OISAPP.DLL
+ 2007-08-24 03:06:38 288,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OISGRAPH.DLL
+ 2007-08-28 22:20:20 2,949,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OLMAPI32.DLL
+ 2007-08-24 04:42:40 663,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OMSMAIN.DLL
+ 2007-08-24 04:42:44 195,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OMSXP32.DLL
+ 2007-08-28 23:49:28 606,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONBTTNIE.DLL
+ 2007-08-28 23:49:34 667,544 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONBTTNOL.DLL
+ 2007-08-28 22:43:30 1,022,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONENOTE.EXE
+ 2007-08-24 03:45:42 101,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONENOTEM.EXE
+ 2007-08-24 03:45:42 75,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONFILTER.DLL
+ 2007-08-24 03:45:46 1,167,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONLIBS.DLL
+ 2007-10-12 20:08:52 6,588,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONMAIN.DLL
+ 2007-08-28 23:31:42 785,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONSYNCPC.DLL
+ 2007-09-02 00:55:54 6,540,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OSETUP.DLL
+ 2007-06-07 18:51:00 465,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLFLTR.DLL
+ 2007-08-28 22:20:44 600,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLMIME.DLL
+ 2007-09-06 17:01:10 12,836,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLOOK.EXE
+ 2007-08-28 22:22:04 180,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLPH.DLL
+ 2007-09-06 16:50:34 485,232 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PORTCONN.DLL
+ 2007-08-28 22:06:16 467,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-28 22:06:44 7,990,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2007-08-28 23:38:22 2,016,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPTVIEW.EXE
+ 2007-08-24 02:43:28 138,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-23 00:19:06 79,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PSOM.DLL
+ 2007-08-24 03:51:48 416,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PSTPRX32.DLL
+ 2007-08-28 22:39:14 625,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 02:43:36 593,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-24 04:50:10 41,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\REFEDIT.DLL
+ 2007-08-24 04:43:20 747,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\REGFORM.EXE
+ 2007-08-23 00:19:08 22,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\REVERSE.DLL
+ 2007-08-24 03:52:08 266,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SCNPST32.DLL
+ 2007-08-24 03:52:10 275,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SCNPST64.DLL
+ 2007-09-06 16:55:22 505,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SELFCERT.EXE
+ 2007-09-02 00:55:34 442,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SETUP.EXE
+ 2007-08-24 04:17:54 505,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SOA.DLL
+ 2007-06-07 18:51:00 125,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SSGEN.DLL
+ 2007-08-28 22:28:26 2,330,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\STSLIST.DLL
+ 2007-08-23 00:19:08 32,608 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\THOCRAPI.DLL
+ 2007-08-23 00:19:08 129,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWCUTCHR.DLL
+ 2007-08-23 00:19:10 90,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWCUTLIN.DLL
+ 2007-08-23 00:19:10 60,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWLAY32.DLL
+ 2007-08-23 00:19:12 30,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWORIENT.DLL
+ 2007-08-23 00:19:14 54,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWRECE.DLL
+ 2007-08-23 00:19:14 22,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWRECS.DLL
+ 2007-08-23 00:19:16 79,776 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWSTRUCT.DLL
+ 2007-06-27 19:58:12 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VBE6.DLL
+ 2007-08-24 06:10:14 1,846,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL
+ 2007-08-24 06:10:28 3,735,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWER.DLL
+ 2007-08-28 22:16:00 350,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 17:03:02 4,280,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WRD12CNV.DLL
+ 2007-08-28 23:07:58 24,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WRD12EXE.EXE
+ 2007-09-06 16:56:32 17,490,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-08-23 00:19:18 1,198,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XIMAGE3B.DLL
+ 2007-10-02 19:00:06 14,708,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2007-08-24 04:14:14 13,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XLCALL32.DLL
+ 2007-08-23 00:19:20 535,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XPAGE3C.DLL
- 2007-12-20 06:06:40 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-01-09 20:37:12 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2007-12-20 06:06:40 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-01-09 20:37:13 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-12-20 06:06:40 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-01-09 20:37:12 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2007-12-20 06:06:40 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-01-09 20:37:12 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2007-12-20 06:06:40 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-01-09 20:37:13 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-12-20 06:06:40 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-01-09 20:37:13 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-12-20 06:06:40 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-01-09 20:37:14 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-12-20 06:06:40 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-01-09 20:37:12 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-12-20 06:06:40 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-01-09 20:37:13 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-12-20 06:06:40 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-01-09 20:37:13 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-12-20 06:06:40 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-01-09 20:37:13 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-12-20 06:06:40 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-01-09 20:37:12 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-12-19 22:16:56 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0406-0000-0000000FF1CE}\misc.exe
+ 2008-01-09 20:43:31 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0406-0000-0000000FF1CE}\misc.exe
- 2007-12-19 22:17:12 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-01-09 20:43:54 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2007-12-20 07:10:30 439,608 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-10 09:40:12 439,608 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-10 14:14:00 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_8d4.dat
+ 2008-01-10 14:14:00 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_908.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFB8AD19-47BE-4D96-8E93-DA01414A979E}]
2006-10-18 13:18 671744 --a------ C:\PROGRA~1\ONLYTO~1\ONLYTO~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{A08FB30D-51C4-4E54-AA5E-FF18739802EA}]
@=Mediafour Mac Volume Icons

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06 1318912]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 20:02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [ ]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RoxioEngineUtility"="C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe" [ ]
"NWEReboot"="" []
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38 1757184]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 15:41 45056]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Acrobat Assistant 8.0"="C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46 624248]
"Adobe Version Cue CS2"="C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58 856064]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"Norman ZANDA"="C:\Programmer\TDCpakke\Npm\bin\ZLH.exe" [2007-12-10 09:22 273520]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"RoxioDragToDisc"="C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-24 23:18 868352]
"RoxioAudioCentral"="C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-23 20:12 319488]
"PWRISOVM.EXE"="C:\Programmer\PowerISO\PWRISOVM.EXE" [2006-05-20 11:13 188416]
"MediafourGettingStartedWithMacDrive6"="C:\Programmer\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 12:12 86016]
"Mediafour Mac Volume Notifications"="C:\Programmer\Fælles filer\Mediafour\MACVNTFY.exe" [ ]
"MDDiskProtect.exe"="C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe" [2005-04-15 14:54 106496]
"LVCOMSX"="C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe" [ ]
"LogitechQuickCamRibbon"="C:\Programmer\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"LogitechCommunicationsManager"="C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 16:53 15360]
"DWQueuedReporting"="C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
EPSON Background Monitor.lnk - C:\Programmer\EPSON\ESM2\STMS.exe [1999-06-07 11:11:18]
NkbMonitor.exe.lnk - C:\Programmer\Nikon\PictureProject\NkbMonitor.exe [2007-06-13 12:35:11]
PopChar.lnk - C:\Programmer\ergonis\PopChar\PopChar.exe [2005-05-23 11:47:38]
Windows-pc-s›gning.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2006-04-30 08:57]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 16:31]
R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2006-09-13 19:53]
R2 atalk;Miramar AppleTalk Protocol;C:\WINDOWS\system32\DRIVERS\atalk.sys [2002-11-19 16:22]
R2 atfsd;Miramar AppleTalk File System Client;C:\WINDOWS\system32\DRIVERS\atfsd.sys [2002-11-19 16:28]
R2 ATMsg;AppleTalk Messenger;C:\Programmer\Miramar\PC MACLAN\ATMsg.exe [2002-11-19 16:25]
R2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit;"C:\Programmer\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe" [2007-09-24 16:05]
R2 mi-raysat_VIZ2008_32;mental ray 3.5 Satellite for Autodesk VIZ 2008;C:\Programmer\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe [2007-03-07 14:32]
R2 Miramar AppleTalk File Server;Miramar AppleTalk File Server;"C:\Programmer\Miramar\PC MACLAN\ATSERVER.EXE" [2002-11-19 16:07]
R2 Miramar AppleTalk Print Server;Miramar AppleTalk Print Server;"C:\Programmer\Miramar\PC MACLAN\ATSPOOL.EXE" [2002-11-19 16:16]
R2 Ndiskio;Ndiskio;C:\Programmer\TDCpakke\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R2 NVOY;Norman's Very Own supplY of resources;"C:\Programmer\TDCpakke\npm\bin\nvoy.exe" [2007-09-18 12:01]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 10:45]
R3 nvcoas;Norman Virus Control on-access component;"C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe" [2007-12-10 14:36]
R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE" [2007-09-18 12:41]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-07-26 20:19]
S1 NPROSEC;Norman Security driver;C:\Programmer\TDCpakke\Npm\bin\nprosec.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-10 14:16:52 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
"2008-01-10 02:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Programmer\RegClean\RegClean.ex
- C:\Programmer\RegClean
"2008-01-10 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmer\RegistrySmart\RegistrySmart.ex
- C:\Programmer\RegistrySmart
"2008-01-10 06:45:30 C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F91048F-2705-4C2A-BC56-2F538D219348}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2008-01-10 15:42:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-10 14:41:36
ComboFix2.txt 2008-01-09 12:46:19
.
2008-01-09 06:06:04 --- E O F ---

Synes godt om

fromsej Praktikant

10. januar 2008 - 18:05 #5

Vi har skam masser af forståelse herinde. :-)
Afinstaller Bittorrent i Tilføj/fjern programmer.
Drop fildeling >> http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Der er kun en jeg er i tvivl om, nemlig denne:
C:\PROGRA~1\ONLYTO~1
For at få lidt mere info, gør følgende:
Klik på Start->KØr skriv CMD og klik OK.
I "DOS"vinduet skriver du så:(tryk <Enter> efter hver linie)
CD\
DIR C:\PROGRA~1\ONLYTO~1>dir.txt
NOTEPAD dir.txt
Kopier teksten herind.
~ laver du ved at trykke på <AltGr> og tasten hvor tegnet er på, lige ved siden af <Enter> tasten.

Synes godt om

oleabirch Nybegynder

10. januar 2008 - 18:29 #6

Disken i drev C har ikke noget navn.
Diskens serienummer er 1484-CF1F

Indhold af C:\PROGRA~1\ONLYTO~1

11-11-2007 14:24 <DIR> .
11-11-2007 14:24 <DIR> ..
08-11-2006 20:11 7.597 basis.xml
16-05-2007 21:28 <DIR> cache
08-11-2006 13:01 93.750 icons.bmp
08-11-2006 20:11 101 onlytorrents.crc
18-10-2006 13:18 671.744 onlytorrents.dll
08-11-2006 20:11 45 version.txt
5 fil(er) 773.237 byte
3 mappe(r) 49.904.533.504 byte ledig
Bittorrent var afinstalleret

Synes godt om

fromsej Praktikant

10. januar 2008 - 18:53 #7

Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Register ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
---------------------------------------
Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start programmet, klik på Check for updates, når det er opdateret, luk programmet, du skal ikke scanne endnu.
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: XBTBPos00 Class - {FFB8AD19-47BE-4D96-8E93-DA01414A979E} - C:\PROGRA~1\ONLYTO~1\ONLYTO~1.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKCU\..\Run: [DNA] "C:\Programmer\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmer\BitTorrent\bittorrent.exe" --force_start_minimized
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O21 - SSODL: bklgvsf - {31E2E55A-C195-4287-AAAB-07E69948639E} - C:\WINDOWS\bklgvsf.dll (file missing)

---------------------------------------
Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~

Killall::

File::
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\ope81.exe
C:\WINDOWS\system32\ope8B.exe
C:\WINDOWS\bklgvsf.dll

Folder::
C:\PROGRA~1\ONLYTO~1
C:\Programmer\BitTorrent_DNA\dna.exe"
C:\Programmer\BitTorrent

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
---------------------------------------
Genstart i fejlsikret (tryk på <F8> under opstarten)
Start SuperAntiSpyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
---------------------------------------
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.
Vi skal også se en frisk hijackthislog, samt den nye combofixlog.

Synes godt om

oleabirch Nybegynder

11. januar 2008 - 10:26 #8

Combo kunne ikke afslutte, efter at have kørt det meste at natten, har jej lukket ned?

Desværre skal jeg en tur på hosopitalet, ved ikke hvor mange dage, men jeg vender tilbage når det er overstået.

Kærlig hilsen.

Synes godt om

fromsej Praktikant

11. januar 2008 - 18:07 #9

Jeg håber da ikke det er alvorligt.
Når du kommer tilbage og er frisk til det, så prøv at køre Combofix i fejlsikret tilstand.

Synes godt om

oleabirch Nybegynder

12. januar 2008 - 19:36 #10

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/12/2008 at 07:12 PM

Application Version : 3.9.1008

Core Rules Database Version : 3378
Trace Rules Database Version: 1372

Scan type : Complete Scan
Total Scan Time : 01:48:03

Memory items scanned : 767
Memory threats detected : 0
Registry items scanned : 10869
Registry threats detected : 0
File items scanned : 110098
File threats detected : 20

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads9.googleadservices[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads5.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads7.googleadservices[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads6.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@politiken.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads3.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads5.googleadservices[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads3.googleadservices[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads7.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexblo[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads6.googleadservices[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads9.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad1.emediate[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[1].txt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:57, on 12-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\TDCpakke\Npm\Bin\elogsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
C:\Programmer\TDCpakke\npm\bin\nvoy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
C:\Programmer\EPSON\ESM2\eEBSVC.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Programmer\Miramar\PC MACLAN\ATMsg.exe
C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Programmer\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Programmer\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
C:\Programmer\Miramar\PC MACLAN\ATSERVER.EXE
C:\Programmer\Miramar\PC MACLAN\ATSPOOL.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
C:\WINDOWS\Explorer.EXE
C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE
C:\Programmer\TDCpakke\Nvc\BIN\NIP.EXE
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\TDCpakke\Nvc\bin\cclaw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Programmer\PowerISO\PWRISOVM.EXE
C:\Programmer\Fælles filer\Mediafour\MACVNTFY.EXE
C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe
C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmer\Logitech\QuickCam10\QuickCam10.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Logishrd\LQCVFX\COCIManager.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
C:\Programmer\ergonis\PopChar\PopChar.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Programmer\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Notesbog - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Programmer\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmer\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Programmer\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Programmer\Fælles filer\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmer\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Programmer\Last.fm\LastFMHelper.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Programmer\EPSON\ESM2\STMS.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PopChar.lnk = C:\Programmer\ergonis\PopChar\PopChar.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Noter denne side (Google Notesbog) - res://C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll/gn_menu1.html
O8 - Extra context menu item: Noter dette (Google Notesbog) - res://C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll/gn_menu2.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmer\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmer\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Programmer\Miramar\PC MACLAN\ATMsg.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\elogsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmer\EPSON\ESM2\eEBSVC.exe
O23 - Service: Flexlm Service 1 - Logitech Inc. - (no file)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: mental ray 3.5 Satellite for Autodesk VIZ 2008 (mi-raysat_VIZ2008_32) - Unknown owner - C:\Programmer\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Programmer\Miramar\PC MACLAN\ATSERVER.EXE
O23 - Service: Miramar AppleTalk Print Server - Miramar Systems Inc. - C:\Programmer\Miramar\PC MACLAN\ATSPOOL.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Unknown owner - (no file)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programmer\TDCpakke\npm\bin\nvoy.exe

--
End of file - 18354 bytes
ComboFix 08-01-10.2 - Administrator 2008-01-10 14:42:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.58 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\9QQGFAP8\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-09 21:44 . 2008-01-09 21:44 <DIR> d-------- C:\Programmer\Microsoft Expression
2008-01-09 15:11 . 2008-01-09 15:17 3,538 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-09 15:10 . 2008-01-09 15:17 <DIR> d-------- C:\SmitfraudFix
2008-01-09 14:54 . 2008-01-09 14:55 1,048,368 --a------ C:\SmitfraudFix.exe
2008-01-09 14:16 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-09 14:16 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-09 14:16 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-09 14:16 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-09 14:16 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-09 14:16 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-09 13:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 12:39 . 2008-01-09 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-09 12:34 . 2008-01-09 12:34 <DIR> d-------- C:\Programmer\CCleaner
2008-01-09 07:06 . 2008-01-09 07:06 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-08 13:40 . 2008-01-08 13:40 <DIR> d-------- C:\Programmer\Trend Micro
2008-01-08 11:32 . 2008-01-08 11:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-08 09:10 . 2008-01-08 09:10 <DIR> d-------- C:\WINDOWS\Content.IE5
2008-01-08 00:35 . 2008-01-08 01:08 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-08 00:35 . 2008-01-08 01:08 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-08 00:35 . 2008-01-08 01:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-08 00:34 . 2008-01-08 00:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-06 15:25 . 2008-01-06 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 15:25 . 2008-01-06 15:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-06 15:25 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-05 22:05 . 2008-01-06 05:54 <DIR> d-------- C:\Programmer\Enigma Software Group
2008-01-05 16:44 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-05 13:14 . 2008-01-05 13:14 <DIR> d-------- C:\Programmer\Lavasoft
2008-01-05 13:14 . 2008-01-05 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-02 12:44 . 2008-01-02 12:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2007-12-29 17:23 . 2007-12-29 17:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-29 17:23 . 2007-12-29 17:23 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-29 17:13 . 2007-12-29 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-29 17:12 . 2007-12-29 17:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2007-12-25 09:15 . 2007-12-25 09:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\F-Secure
2007-12-25 04:08 . 2007-12-25 04:08 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS
2007-12-25 03:48 . 2007-12-25 10:10 <DIR> d-------- C:\Programmer\F-Secure Internet Security
2007-12-25 03:48 . 2007-12-25 03:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-12-25 03:48 . 2007-12-25 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-12-19 16:26 . 2007-12-19 16:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegistrySmart
2007-12-19 10:31 . 2007-12-19 10:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegClean
2007-12-19 09:17 . 2007-12-19 09:17 <DIR> d-------- C:\Programmer\Microsoft Works
2007-12-19 09:12 . 2007-12-19 09:12 <DIR> d-------- C:\Programmer\Microsoft.NET
2007-12-19 09:07 . 2007-12-19 09:07 <DIR> d-------- C:\Programmer\Microsoft Visual Studio 8
2007-12-19 09:04 . 2008-01-09 21:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-18 21:51 . 2007-12-19 11:46 <DIR> d-------- C:\Programmer\RegClean
2007-12-18 20:27 . 2007-12-23 11:01 <DIR> d-------- C:\Programmer\Mozilla Thunderbird
2007-12-18 20:27 . 2007-12-18 20:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2007-12-17 23:30 . 2007-12-17 23:42 <DIR> d-------- C:\Programmer\VisualRoute
2007-12-17 23:00 . 2007-12-17 23:14 <DIR> d-------- C:\Programmer\VisualRoute Server
2007-12-13 22:57 . 2007-12-13 22:57 3 --a------ C:\WINDOWS\msdbc_7489515.dat
2007-12-13 22:49 . 2008-01-05 23:31 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-13 12:37 . 2007-12-13 12:38 <DIR> d-------- C:\WINDOWS\system32\RPC
2007-12-12 11:31 . <DIR> C:\Programmer\Fælles filer\ChaosGroup
2007-12-12 11:30 . 2007-12-12 11:30 <DIR> d-------- C:\Programmer\Chaos Group

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 14:13 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-01-10 14:13 --------- d-----w C:\Programmer\TDCpakke
2008-01-10 13:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-01-10 11:14 --------- d-----w C:\Programmer\SUPERAntiSpyware
2008-01-10 09:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-01-09 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-09 11:34 --------- d-----w C:\Programmer\Yahoo!
2008-01-08 21:45 --------- d-----w C:\Programmer\DarkSim
2008-01-08 21:43 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-01-08 08:40 --------- d-----w C:\Programmer\GXTranscoder.net AWE
2008-01-08 08:38 --------- d-----w C:\Programmer\The Human Genome Project
2008-01-06 00:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2008-01-05 12:13 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2007-12-25 20:05 --------- d-----w C:\Programmer\Apple Software Update
2007-12-19 08:16 --------- d-----w C:\Programmer\MSBuild
2007-12-18 19:22 --------- d-----w C:\Programmer\Mozilla Firefox 3 Beta 1
2007-12-18 11:10 --------- d-----w C:\Programmer\MagicISO
2007-12-17 21:20 --------- d-----w C:\Programmer\Fælles filer\Logitech
2007-12-17 21:16 --------- d-----w C:\Programmer\Fælles filer\LogiShrd
2007-12-17 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-17 21:13 --------- d-----w C:\Programmer\Logitech
2007-12-14 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-09 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-12-06 14:53 --------- d-----w C:\Programmer\MDM
2007-11-23 11:54 --------- d-----w C:\Programmer\Java
2007-11-23 08:08 --------- d-----w C:\Programmer\Google
2007-11-19 17:08 --------- d-----w C:\Programmer\JAlbumWin
2007-11-18 21:31 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-18 21:30 --------- d-----w C:\Programmer\Fælles filer\Skype
2007-11-13 18:22 --------- d-----w C:\Programmer\QuickTime
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 07:45 --------- d-----w C:\Programmer\Fælles filer\Symantec Shared
2007-11-11 13:24 --------- d-----w C:\Programmer\Onlytorrents
2007-10-27 10:45 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-27 10:45 233,472 ------w C:\WINDOWS\Setup1.exe
2001-03-28 10:02 122,880 -c--a-w C:\WINDOWS\inf\Agfa\message.exe
2006-11-12 07:31 131,145 --sha-r C:\WINDOWS\system32\ope81.exe
2006-11-12 07:35 131,145 --sha-r C:\WINDOWS\system32\ope8B.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-09_13.44.31.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-09 12:01:25 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-10 13:41:54 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-09 12:01:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-10 13:41:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-09 12:01:25 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-10 13:41:54 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-09 12:01:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-10 13:41:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-09 12:01:26 13,774,848 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-10 13:41:55 13,791,232 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-09 12:01:26 462,848 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-10 13:41:55 458,752 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-08-28 22:22:36 579,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACACEDAO.DLL
+ 2007-08-24 04:17:04 165,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACCWIZ.DLL
+ 2007-08-28 22:22:30 1,754,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACECORE.DLL
+ 2007-08-28 22:22:36 579,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEDAO.DLL
+ 2007-08-28 22:22:38 50,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEERR.DLL
+ 2007-08-28 22:22:40 193,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEES.DLL
+ 2007-08-24 02:46:10 341,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEEXCH.DLL
+ 2007-08-24 02:46:14 632,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEEXCL.DLL
+ 2007-08-24 02:46:16 210,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACELTS.DLL
+ 2007-08-24 02:46:18 281,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODBC.DLL
+ 2007-08-24 02:46:20 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODDBS.DLL
+ 2007-08-24 02:46:22 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODEXL.DLL
+ 2007-08-24 02:46:22 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODPDX.DLL
+ 2007-08-24 02:46:22 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODTXT.DLL
+ 2007-08-28 22:22:44 390,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEOLEDB.DLL
+ 2007-08-24 02:46:28 394,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEPDE.DLL
+ 2007-08-24 02:46:30 263,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACER2X.DLL
+ 2007-08-24 02:46:32 292,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACER3X.DLL
+ 2007-08-24 02:46:34 58,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACERCLR.DLL
+ 2007-08-24 02:46:38 554,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEREP.DLL
+ 2007-08-24 02:46:40 226,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACETXT.DLL
+ 2007-08-28 23:52:12 201,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEWSS.DLL
+ 2007-08-24 02:46:44 374,200 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEXBE.DLL
+ 2007-08-28 23:53:12 402,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CDLMSO.DLL
+ 2007-08-24 02:45:50 208,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CLVIEW.EXE
+ 2007-08-24 04:38:36 67,952 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\COLLIMP.DLL
+ 2007-08-28 22:19:32 136,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CONTAB32.DLL
+ 2007-08-24 02:36:26 192,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CONTACTPICKER.DLL
+ 2007-08-24 03:49:12 89,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\DLGSETP.DLL
+ 2007-08-24 05:58:50 237,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\DRAT.EXE
+ 2007-08-24 02:18:14 442,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\DWDCW20.DLL
+ 2007-08-24 02:18:18 437,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\DWTRIG20.EXE
+ 2007-10-05 19:37:38 17,927,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2007-08-23 00:03:38 1,195,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FM20.DLL
+ 2007-08-23 00:19:06 78,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FORM.DLL
+ 2007-08-25 18:11:44 1,685,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FPSRVUTL.DLL
+ 2007-08-28 22:45:00 985,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FPWEC.DLL
+ 2007-10-02 18:45:34 2,530,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GRAPH.EXE
+ 2007-08-28 23:23:36 340,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVE.EXE
+ 2007-08-28 23:23:52 6,192,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEACCOUNTMGR.DLL
+ 2007-08-28 23:24:06 286,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEAUDIO.DLL
+ 2007-08-24 05:59:20 68,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEAUDITSERVICE.EXE
+ 2007-08-28 23:24:08 36,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEAUTOPROXY.DLL
+ 2007-08-28 23:24:10 301,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECALENDARTOOL.DLL
+ 2007-08-24 05:59:26 36,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECLEAN.EXE
+ 2007-08-28 23:24:24 2,690,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECOMMONCOMPONENTS.DLL
+ 2007-08-28 23:24:52 3,514,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2007-08-28 23:25:00 118,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2007-08-28 23:25:02 769,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECOMPONENTMGR.DLL
+ 2007-08-28 23:25:10 1,362,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECRYPTO.DLL
+ 2007-08-24 06:00:16 378,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEDATAVIEWERTOOL.DLL
+ 2007-08-28 23:25:22 3,073,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEDOCUMENTSHARETOOL.DLL
+ 2007-08-28 23:25:32 287,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEFETCHSERVICES.DLL
+ 2007-08-24 06:00:36 200,048 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEGAMES.DLL
+ 2007-08-24 06:00:40 320,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEMIGRATOR.EXE
+ 2007-08-24 06:00:46 1,562,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEMISC.DLL
+ 2007-08-24 06:00:48 33,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEMONITOR.EXE
+ 2007-08-24 06:00:50 25,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVENEW.DLL
+ 2007-08-24 06:00:52 225,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEPROJECTTOOLSET.DLL
+ 2007-08-28 23:25:54 7,053,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVERESOURCE.DLL
+ 2007-08-24 06:01:22 2,212,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESHELLEXTENSIONS.DLL
+ 2007-08-24 06:01:28 364,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESKETCHTOOL.DLL
+ 2007-08-24 06:01:30 19,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESTDURLLAUNCHER.EXE
+ 2007-08-28 23:26:12 2,740,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESTORAGEMGR.DLL
+ 2007-08-28 23:26:18 36,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESYSTEMMODE.DLL
+ 2007-08-24 06:01:46 224,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESYSTEMSERVICES.DLL
+ 2007-08-28 23:26:22 1,165,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVETEXTTOOLS.DLL
+ 2007-08-28 23:26:34 4,747,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVETRANSCEIVER.DLL
+ 2007-08-28 23:26:44 1,398,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEUIFRAMEWORK.DLL
+ 2007-08-24 06:02:24 959,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEUTIL.DLL
+ 2007-08-28 23:26:48 269,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEWEBBROWSERTOOL2.DLL
+ 2007-08-24 06:02:34 573,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEWEBPLATFORMSERVICES.DLL
+ 2007-08-28 23:26:54 632,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEWEBSERVICES.DLL
+ 2007-08-24 02:36:58 175,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IEAWSDC.DLL
+ 2007-10-05 19:30:22 1,443,880 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\INFOPATH.EXE
+ 2007-10-05 19:30:40 5,460,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IPDESIGN.DLL
+ 2007-10-05 19:31:06 5,287,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IPEDITOR.DLL
+ 2007-08-24 04:43:06 179,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IPOLK.DLL
+ 2007-08-28 23:45:54 831,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MEDCAT.DLL
+ 2007-08-24 03:49:40 342,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MIMEDIR.DLL
+ 2007-08-28 22:38:10 500,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-08-28 22:13:52 10,367,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSACCESS.EXE
+ 2007-08-24 04:17:48 69,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSAEXP30.DLL
+ 2007-08-28 23:52:02 120,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSCONV97.DLL
+ 2007-09-14 20:45:58 16,901,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-28 22:20:06 163,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSOCF.DLL
+ 2007-08-28 22:20:12 17,304 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSOCFU.DLL
+ 2007-09-06 16:55:08 431,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSODCW.DLL
+ 2007-08-24 04:50:10 29,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSOEURO.DLL
+ 2007-08-27 19:20:14 6,637,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSORES.DLL
+ 2007-08-28 23:18:20 439,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSORUN.DLL
+ 2007-08-28 22:38:46 9,584,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-08-24 02:40:16 674,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSQRY32.EXE
+ 2007-08-23 00:12:20 507,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSSOAP30.DLL
+ 2007-08-28 23:45:58 835,952 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSTORDB.EXE
+ 2007-08-28 23:46:06 542,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSTORES.DLL
+ 2007-08-24 02:37:50 68,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\NAME.DLL
+ 2007-10-05 19:44:24 14,168,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OART.DLL
+ 2007-10-02 18:51:22 8,436,776 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-09-02 00:55:16 235,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ODEPLOY.EXE
+ 2007-08-28 23:37:40 7,039,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OFFOWC.DLL
+ 2007-08-28 23:19:24 1,654,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-24 03:06:28 277,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OIS.EXE
+ 2007-08-24 03:06:32 1,000,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OISAPP.DLL
+ 2007-08-24 03:06:38 288,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OISGRAPH.DLL
+ 2007-08-28 22:20:20 2,949,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OLMAPI32.DLL
+ 2007-08-24 04:42:40 663,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OMSMAIN.DLL
+ 2007-08-24 04:42:44 195,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OMSXP32.DLL
+ 2007-08-28 23:49:28 606,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONBTTNIE.DLL
+ 2007-08-28 23:49:34 667,544 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONBTTNOL.DLL
+ 2007-08-28 22:43:30 1,022,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONENOTE.EXE
+ 2007-08-24 03:45:42 101,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONENOTEM.EXE
+ 2007-08-24 03:45:42 75,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONFILTER.DLL
+ 2007-08-24 03:45:46 1,167,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONLIBS.DLL
+ 2007-10-12 20:08:52 6,588,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONMAIN.DLL
+ 2007-08-28 23:31:42 785,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONSYNCPC.DLL
+ 2007-09-02 00:55:54 6,540,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OSETUP.DLL
+ 2007-06-07 18:51:00 465,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLFLTR.DLL
+ 2007-08-28 22:20:44 600,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLMIME.DLL
+ 2007-09-06 17:01:10 12,836,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLOOK.EXE
+ 2007-08-28 22:22:04 180,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLPH.DLL
+ 2007-09-06 16:50:34 485,232 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PORTCONN.DLL
+ 2007-08-28 22:06:16 467,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-28 22:06:44 7,990,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2007-08-28 23:38:22 2,016,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPTVIEW.EXE
+ 2007-08-24 02:43:28 138,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-23 00:19:06 79,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PSOM.DLL
+ 2007-08-24 03:51:48 416,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PSTPRX32.DLL
+ 2007-08-28 22:39:14 625,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 02:43:36 593,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-24 04:50:10 41,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\REFEDIT.DLL
+ 2007-08-24 04:43:20 747,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\REGFORM.EXE
+ 2007-08-23 00:19:08 22,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\REVERSE.DLL
+ 2007-08-24 03:52:08 266,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SCNPST32.DLL
+ 2007-08-24 03:52:10 275,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SCNPST64.DLL
+ 2007-09-06 16:55:22 505,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SELFCERT.EXE
+ 2007-09-02 00:55:34 442,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SETUP.EXE
+ 2007-08-24 04:17:54 505,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SOA.DLL
+ 2007-06-07 18:51:00 125,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SSGEN.DLL
+ 2007-08-28 22:28:26 2,330,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\STSLIST.DLL
+ 2007-08-23 00:19:08 32,608 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\THOCRAPI.DLL
+ 2007-08-23 00:19:08 129,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWCUTCHR.DLL
+ 2007-08-23 00:19:10 90,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWCUTLIN.DLL
+ 2007-08-23 00:19:10 60,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWLAY32.DLL
+ 2007-08-23 00:19:12 30,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWORIENT.DLL
+ 2007-08-23 00:19:14 54,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWRECE.DLL
+ 2007-08-23 00:19:14 22,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWRECS.DLL
+ 2007-08-23 00:19:16 79,776 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWSTRUCT.DLL
+ 2007-06-27 19:58:12 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VBE6.DLL
+ 2007-08-24 06:10:14 1,846,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL
+ 2007-08-24 06:10:28 3,735,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWER.DLL
+ 2007-08-28 22:16:00 350,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 17:03:02 4,280,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WRD12CNV.DLL
+ 2007-08-28 23:07:58 24,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WRD12EXE.EXE
+ 2007-09-06 16:56:32 17,490,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-08-23 00:19:18 1,198,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XIMAGE3B.DLL
+ 2007-10-02 19:00:06 14,708,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2007-08-24 04:14:14 13,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XLCALL32.DLL
+ 2007-08-23 00:19:20 535,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XPAGE3C.DLL
- 2007-12-20 06:06:40 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-01-09 20:37:12 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2007-12-20 06:06:40 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-01-09 20:37:13 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-12-20 06:06:40 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-01-09 20:37:12 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2007-12-20 06:06:40 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-01-09 20:37:12 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2007-12-20 06:06:40 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-01-09 20:37:13 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-12-20 06:06:40 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-01-09 20:37:13 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-12-20 06:06:40 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-01-09 20:37:14 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-12-20 06:06:40 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-01-09 20:37:12 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-12-20 06:06:40 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-01-09 20:37:13 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-12-20 06:06:40 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-01-09 20:37:13 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-12-20 06:06:40 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-01-09 20:37:13 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-12-20 06:06:40 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-01-09 20:37:12 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-12-19 22:16:56 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0406-0000-0000000FF1CE}\misc.exe
+ 2008-01-09 20:43:31 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0406-0000-0000000FF1CE}\misc.exe
- 2007-12-19 22:17:12 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-01-09 20:43:54 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2007-12-20 07:10:30 439,608 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-10 09:40:12 439,608 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-10 14:14:00 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_8d4.dat
+ 2008-01-10 14:14:00 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_908.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFB8AD19-47BE-4D96-8E93-DA01414A979E}]
2006-10-18 13:18 671744 --a------ C:\PROGRA~1\ONLYTO~1\ONLYTO~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{A08FB30D-51C4-4E54-AA5E-FF18739802EA}]
@=Mediafour Mac Volume Icons

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06 1318912]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 20:02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [ ]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RoxioEngineUtility"="C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe" [ ]
"NWEReboot"="" []
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38 1757184]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 15:41 45056]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Acrobat Assistant 8.0"="C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46 624248]
"Adobe Version Cue CS2"="C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58 856064]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"Norman ZANDA"="C:\Programmer\TDCpakke\Npm\bin\ZLH.exe" [2007-12-10 09:22 273520]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"RoxioDragToDisc"="C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-24 23:18 868352]
"RoxioAudioCentral"="C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-23 20:12 319488]
"PWRISOVM.EXE"="C:\Programmer\PowerISO\PWRISOVM.EXE" [2006-05-20 11:13 188416]
"MediafourGettingStartedWithMacDrive6"="C:\Programmer\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 12:12 86016]
"Mediafour Mac Volume Notifications"="C:\Programmer\Fælles filer\Mediafour\MACVNTFY.exe" [ ]
"MDDiskProtect.exe"="C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe" [2005-04-15 14:54 106496]
"LVCOMSX"="C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe" [ ]
"LogitechQuickCamRibbon"="C:\Programmer\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"LogitechCommunicationsManager"="C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 16:53 15360]
"DWQueuedReporting"="C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
EPSON Background Monitor.lnk - C:\Programmer\EPSON\ESM2\STMS.exe [1999-06-07 11:11:18]
NkbMonitor.exe.lnk - C:\Programmer\Nikon\PictureProject\NkbMonitor.exe [2007-06-13 12:35:11]
PopChar.lnk - C:\Programmer\ergonis\PopChar\PopChar.exe [2005-05-23 11:47:38]
Windows-pc-s›gning.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2006-04-30 08:57]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 16:31]
R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2006-09-13 19:53]
R2 atalk;Miramar AppleTalk Protocol;C:\WINDOWS\system32\DRIVERS\atalk.sys [2002-11-19 16:22]
R2 atfsd;Miramar AppleTalk File System Client;C:\WINDOWS\system32\DRIVERS\atfsd.sys [2002-11-19 16:28]
R2 ATMsg;AppleTalk Messenger;C:\Programmer\Miramar\PC MACLAN\ATMsg.exe [2002-11-19 16:25]
R2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit;"C:\Programmer\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe" [2007-09-24 16:05]
R2 mi-raysat_VIZ2008_32;mental ray 3.5 Satellite for Autodesk VIZ 2008;C:\Programmer\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe [2007-03-07 14:32]
R2 Miramar AppleTalk File Server;Miramar AppleTalk File Server;"C:\Programmer\Miramar\PC MACLAN\ATSERVER.EXE" [2002-11-19 16:07]
R2 Miramar AppleTalk Print Server;Miramar AppleTalk Print Server;"C:\Programmer\Miramar\PC MACLAN\ATSPOOL.EXE" [2002-11-19 16:16]
R2 Ndiskio;Ndiskio;C:\Programmer\TDCpakke\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R2 NVOY;Norman's Very Own supplY of resources;"C:\Programmer\TDCpakke\npm\bin\nvoy.exe" [2007-09-18 12:01]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 10:45]
R3 nvcoas;Norman Virus Control on-access component;"C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe" [2007-12-10 14:36]
R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE" [2007-09-18 12:41]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-07-26 20:19]
S1 NPROSEC;Norman Security driver;C:\Programmer\TDCpakke\Npm\bin\nprosec.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-10 14:16:52 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
"2008-01-10 02:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Programmer\RegClean\RegClean.ex
- C:\Programmer\RegClean
"2008-01-10 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmer\RegistrySmart\RegistrySmart.ex
- C:\Programmer\RegistrySmart
"2008-01-10 06:45:30 C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F91048F-2705-4C2A-BC56-2F538D219348}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2008-01-10 15:42:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-10 14:41:36
ComboFix2.txt 2008-01-09 12:46:19
.
2008-01-09 06:06:04 --- E O F ---

Synes godt om

oleabirch Nybegynder

12. januar 2008 - 20:15 #11

So Sorry! Jeg kom til at en tidligere Superantivirus rapport, denne skulle være den rigtige?.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/12/2008 at 07:12 PM

Application Version : 3.9.1008

Core Rules Database Version : 3378
Trace Rules Database Version: 1372

Scan type : Complete Scan
Total Scan Time : 01:48:03

Memory items scanned : 767
Memory threats detected : 0
Registry items scanned : 10869
Registry threats detected : 0
File items scanned : 110098
File threats detected : 20

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads9.googleadservices[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads5.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads7.googleadservices[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads6.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@politiken.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads3.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads5.googleadservices[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads3.googleadservices[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads7.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sexblo[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads6.googleadservices[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imageads9.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad1.emediate[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[1].txt

Synes godt om

fromsej Praktikant

12. januar 2008 - 20:36 #12

Start Hijackthis igen, klik på do a system scan only, sæt flueben ved følgende:
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
Luk alle andre vinduer, klik på fix checked.

Åbn Notesblok, kopier teksten mellem ~~~~ linierne ind, præcis som den står med linieskift og hele gøjemøget.
~~~~~~~~~~~~~~~~~~~~~~~~~

Killall::

Snapshot::

File::
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\ope81.exe
C:\WINDOWS\system32\ope8B.exe

Folder::
"C:\Programmer\Fælles filer\Symantec Shared"
C:\Programmer\Onlytorrents

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFB8AD19-47BE-4D96-8E93-DA01414A979E}]

~~~~~~~~~~~~~~~~~~~~~~~~~
Gem dokumentet i samme mappe som Combofix ligger i, giv det navnet CFScript.txt.
Genstart i fejlsikret.
Sæt musepilen henover CFScript.txt, hold så venstre museknap nede, træk dokumentet henover Combofix ikonet, slip museknappen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier den nye Combofixlog der fremkommer herind, sammen med en frisk Hijackthislog, så er vi vist ved at være i mål.

Synes godt om

oleabirch Nybegynder

13. januar 2008 - 00:37 #13

ComboFix 08-01-11.3 - Administrator 2008-01-12 23:46:26.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.576 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Skrivebord\renseværktøj\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Skrivebord\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\ope81.exe
C:\WINDOWS\system32\ope8B.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-12 23:59 . 2008-01-12 23:59 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs
2008-01-09 21:44 . 2008-01-09 21:44 <DIR> d-------- C:\Programmer\Microsoft Expression
2008-01-09 15:11 . 2008-01-09 15:17 3,538 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-09 15:10 . 2008-01-09 15:17 <DIR> d-------- C:\SmitfraudFix
2008-01-09 14:54 . 2008-01-09 14:55 1,048,368 --a------ C:\SmitfraudFix.exe
2008-01-09 14:16 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-09 14:16 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-09 14:16 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-09 14:16 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-09 14:16 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-09 14:16 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-09 13:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 12:39 . 2008-01-09 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-09 12:34 . 2008-01-09 12:34 <DIR> d-------- C:\Programmer\CCleaner
2008-01-09 07:06 . 2008-01-09 07:06 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-08 13:40 . 2008-01-08 13:40 <DIR> d-------- C:\Programmer\Trend Micro
2008-01-08 11:32 . 2008-01-08 11:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-08 09:10 . 2008-01-08 09:10 <DIR> d-------- C:\WINDOWS\Content.IE5
2008-01-08 00:35 . 2008-01-08 01:08 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-08 00:35 . 2008-01-08 01:08 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-08 00:35 . 2008-01-08 01:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-08 00:34 . 2008-01-08 00:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-06 15:25 . 2008-01-06 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 15:25 . 2008-01-06 15:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-06 15:25 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-05 22:05 . 2008-01-06 05:54 <DIR> d-------- C:\Programmer\Enigma Software Group
2008-01-05 16:44 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-05 13:14 . 2008-01-05 13:14 <DIR> d-------- C:\Programmer\Lavasoft
2008-01-05 13:14 . 2008-01-05 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-02 12:44 . 2008-01-02 12:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2007-12-29 17:23 . 2007-12-29 17:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-29 17:23 . 2007-12-29 17:23 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-29 17:13 . 2007-12-29 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-29 17:12 . 2007-12-29 17:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2007-12-25 09:15 . 2007-12-25 09:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\F-Secure
2007-12-25 04:08 . 2007-12-25 04:08 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS
2007-12-25 03:48 . 2007-12-25 10:10 <DIR> d-------- C:\Programmer\F-Secure Internet Security
2007-12-25 03:48 . 2007-12-25 03:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-12-25 03:48 . 2007-12-25 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-12-19 16:26 . 2007-12-19 16:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegistrySmart
2007-12-19 10:31 . 2007-12-19 10:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegClean
2007-12-19 09:17 . 2007-12-19 09:17 <DIR> d-------- C:\Programmer\Microsoft Works
2007-12-19 09:12 . 2007-12-19 09:12 <DIR> d-------- C:\Programmer\Microsoft.NET
2007-12-19 09:07 . 2007-12-19 09:07 <DIR> d-------- C:\Programmer\Microsoft Visual Studio 8
2007-12-19 09:04 . 2008-01-09 21:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-18 21:51 . 2007-12-19 11:46 <DIR> d-------- C:\Programmer\RegClean
2007-12-18 20:27 . 2007-12-23 11:01 <DIR> d-------- C:\Programmer\Mozilla Thunderbird
2007-12-18 20:27 . 2007-12-18 20:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2007-12-17 23:30 . 2007-12-17 23:42 <DIR> d-------- C:\Programmer\VisualRoute
2007-12-17 23:00 . 2007-12-17 23:14 <DIR> d-------- C:\Programmer\VisualRoute Server
2007-12-13 22:57 . 2007-12-13 22:57 3 --a------ C:\WINDOWS\msdbc_7489515.dat
2007-12-13 22:49 . 2008-01-05 23:31 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-13 12:37 . 2007-12-13 12:38 <DIR> d-------- C:\WINDOWS\system32\RPC
2007-12-12 11:31 . <DIR> C:\Programmer\Fælles filer\ChaosGroup
2007-12-12 11:30 . 2007-12-12 11:30 <DIR> d-------- C:\Programmer\Chaos Group

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 23:00 --------- d-----w C:\Programmer\TDCpakke
2008-01-12 22:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-01-12 19:09 --------- d-----w C:\Programmer\SUPERAntiSpyware
2008-01-12 18:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-01-09 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-09 11:34 --------- d-----w C:\Programmer\Yahoo!
2008-01-08 21:45 --------- d-----w C:\Programmer\DarkSim
2008-01-08 21:43 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-01-08 08:40 --------- d-----w C:\Programmer\GXTranscoder.net AWE
2008-01-08 08:38 --------- d-----w C:\Programmer\The Human Genome Project
2008-01-06 00:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2008-01-05 12:13 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2007-12-25 20:05 --------- d-----w C:\Programmer\Apple Software Update
2007-12-19 08:16 --------- d-----w C:\Programmer\MSBuild
2007-12-18 19:22 --------- d-----w C:\Programmer\Mozilla Firefox 3 Beta 1
2007-12-18 11:10 --------- d-----w C:\Programmer\MagicISO
2007-12-17 21:20 --------- d-----w C:\Programmer\Fælles filer\Logitech
2007-12-17 21:16 --------- d-----w C:\Programmer\Fælles filer\LogiShrd
2007-12-17 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-17 21:13 --------- d-----w C:\Programmer\Logitech
2007-12-14 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-09 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-12-06 14:53 --------- d-----w C:\Programmer\MDM
2007-11-23 11:54 --------- d-----w C:\Programmer\Java
2007-11-23 08:08 --------- d-----w C:\Programmer\Google
2007-11-19 17:08 --------- d-----w C:\Programmer\JAlbumWin
2007-11-18 21:31 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-18 21:30 --------- d-----w C:\Programmer\Fælles filer\Skype
2007-11-13 18:22 --------- d-----w C:\Programmer\QuickTime
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-27 10:45 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-27 10:45 233,472 ------w C:\WINDOWS\Setup1.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{A08FB30D-51C4-4E54-AA5E-FF18739802EA}]
@=Mediafour Mac Volume Icons

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06 1318912]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 20:02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [ ]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RoxioEngineUtility"="C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe" [ ]
"NWEReboot"="" []
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38 1757184]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 15:41 45056]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Acrobat Assistant 8.0"="C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46 624248]
"Adobe Version Cue CS2"="C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58 856064]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"Norman ZANDA"="C:\Programmer\TDCpakke\Npm\bin\ZLH.exe" [2007-12-10 09:22 273520]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"RoxioDragToDisc"="C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-24 23:18 868352]
"RoxioAudioCentral"="C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-23 20:12 319488]
"PWRISOVM.EXE"="C:\Programmer\PowerISO\PWRISOVM.EXE" [2006-05-20 11:13 188416]
"MediafourGettingStartedWithMacDrive6"="C:\Programmer\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 12:12 86016]
"Mediafour Mac Volume Notifications"="C:\Programmer\Fælles filer\Mediafour\MACVNTFY.exe" [ ]
"MDDiskProtect.exe"="C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe" [2005-04-15 14:54 106496]
"LVCOMSX"="C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe" [ ]
"LogitechQuickCamRibbon"="C:\Programmer\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"LogitechCommunicationsManager"="C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 16:53 15360]
"DWQueuedReporting"="C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
EPSON Background Monitor.lnk - C:\Programmer\EPSON\ESM2\STMS.exe [1999-06-07 11:11:18]
NkbMonitor.exe.lnk - C:\Programmer\Nikon\PictureProject\NkbMonitor.exe [2007-06-13 12:35:11]
PopChar.lnk - C:\Programmer\ergonis\PopChar\PopChar.exe [2005-05-23 11:47:38]
Windows-pc-s›gning.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2006-04-30 08:57]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 16:31]
R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2006-09-13 19:53]
R2 atalk;Miramar AppleTalk Protocol;C:\WINDOWS\system32\DRIVERS\atalk.sys [2002-11-19 16:22]
R2 atfsd;Miramar AppleTalk File System Client;C:\WINDOWS\system32\DRIVERS\atfsd.sys [2002-11-19 16:28]
R2 ATMsg;AppleTalk Messenger;C:\Programmer\Miramar\PC MACLAN\ATMsg.exe [2002-11-19 16:25]
R2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit;"C:\Programmer\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe" [2007-09-24 16:05]
R2 mi-raysat_VIZ2008_32;mental ray 3.5 Satellite for Autodesk VIZ 2008;C:\Programmer\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe [2007-03-07 14:32]
R2 Miramar AppleTalk File Server;Miramar AppleTalk File Server;"C:\Programmer\Miramar\PC MACLAN\ATSERVER.EXE" [2002-11-19 16:07]
R2 Miramar AppleTalk Print Server;Miramar AppleTalk Print Server;"C:\Programmer\Miramar\PC MACLAN\ATSPOOL.EXE" [2002-11-19 16:16]
R2 Ndiskio;Ndiskio;C:\Programmer\TDCpakke\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R2 NVOY;Norman's Very Own supplY of resources;"C:\Programmer\TDCpakke\npm\bin\nvoy.exe" [2007-09-18 12:01]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 10:45]
R3 nvcoas;Norman Virus Control on-access component;"C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe" [2007-12-10 14:36]
R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE" [2007-09-18 12:41]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-07-26 20:19]
S1 NPROSEC;Norman Security driver;C:\Programmer\TDCpakke\Npm\bin\nprosec.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 23:03:10 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
"2008-01-11 02:31:04 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Programmer\RegClean\RegClean.exe
- C:\Programmer\RegClean
"2008-01-11 02:31:30 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmer\RegistrySmart\RegistrySmart.exe
- C:\Programmer\RegistrySmart
"2008-01-12 11:06:46 C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F91048F-2705-4C2A-BC56-2F538D219348}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2008-01-13 0:31:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-12 23:30:01
ComboFix2.txt 2008-01-12 22:32:42
ComboFix3.txt 2008-01-12 16:13:38
.
2008-01-09 06:06:04 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:36:28, on 13-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\TDCpakke\Npm\Bin\elogsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
C:\Programmer\TDCpakke\npm\bin\nvoy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
C:\Programmer\EPSON\ESM2\eEBSVC.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Programmer\Miramar\PC MACLAN\ATMsg.exe
C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Programmer\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Programmer\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
C:\Programmer\Miramar\PC MACLAN\ATSERVER.EXE
C:\Programmer\Miramar\PC MACLAN\ATSPOOL.EXE
C:\Programmer\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\TDCpakke\Nvc\BIN\NIP.EXE
C:\Programmer\TDCpakke\Nvc\bin\cclaw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Programmer\PowerISO\PWRISOVM.EXE
C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Fælles filer\Mediafour\MACVNTFY.EXE
C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe
C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe
C:\Programmer\Logitech\QuickCam10\QuickCam10.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
C:\Programmer\ergonis\PopChar\PopChar.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll
O3 - Toolbar: Autodesk DWF - {F03966D3-8EA0-47b4-BBE0-85BFE6CBC8AC} - C:\Programmer\Autodesk\Autodesk DWF Writer\DWF Addin\DWFIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Notesbog - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Programmer\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmer\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Programmer\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Programmer\Fælles filer\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmer\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Programmer\Last.fm\LastFMHelper.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmer\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Programmer\EPSON\ESM2\STMS.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: PopChar.lnk = C:\Programmer\ergonis\PopChar\PopChar.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Noter denne side (Google Notesbog) - res://C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll/gn_menu1.html
O8 - Extra context menu item: Noter dette (Google Notesbog) - res://C:\Programmer\Google\Google Notebook\gnotes1.0.2.19-232860187.dll/gn_menu2.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmer\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmer\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programmer\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Programmer\Miramar\PC MACLAN\ATMsg.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\elogsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmer\EPSON\ESM2\eEBSVC.exe
O23 - Service: Flexlm Service 1 - Logitech Inc. - (no file)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmer\fælles filer\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmer\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: mental ray 3.5 Satellite for Autodesk VIZ 2008 (mi-raysat_VIZ2008_32) - Unknown owner - C:\Programmer\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe
O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Programmer\Miramar\PC MACLAN\ATSERVER.EXE
O23 - Service: Miramar AppleTalk Print Server - Miramar Systems Inc. - C:\Programmer\Miramar\PC MACLAN\ATSPOOL.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Unknown owner - (no file)
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programmer\TDCpakke\npm\bin\nvoy.exe

--
End of file - 18217 bytes

Synes godt om

fromsej Praktikant

13. januar 2008 - 10:08 #14

Nyt CFScript.

~~~~~~~~~~~~~~~~~~~

Killall::

File::
C:\WINDOWS\system32\drivers\lvuvc.hs

Driver::
lvuvc

~~~~~~~~~~~~~~~~~~~

Kør det efter vejledningen.
Jeg skal se den nye Combofixlog, men så burde vi være i mål.

Synes godt om

oleabirch Nybegynder

13. januar 2008 - 11:58 #15

ComboFix 08-01-10.2 - Administrator 2008-01-10 14:42:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.58 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\9QQGFAP8\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-09 21:44 . 2008-01-09 21:44 <DIR> d-------- C:\Programmer\Microsoft Expression
2008-01-09 15:11 . 2008-01-09 15:17 3,538 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-09 15:10 . 2008-01-09 15:17 <DIR> d-------- C:\SmitfraudFix
2008-01-09 14:54 . 2008-01-09 14:55 1,048,368 --a------ C:\SmitfraudFix.exe
2008-01-09 14:16 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-09 14:16 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-09 14:16 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-09 14:16 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-09 14:16 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-09 14:16 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-09 13:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 12:39 . 2008-01-09 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-09 12:34 . 2008-01-09 12:34 <DIR> d-------- C:\Programmer\CCleaner
2008-01-09 07:06 . 2008-01-09 07:06 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-08 13:40 . 2008-01-08 13:40 <DIR> d-------- C:\Programmer\Trend Micro
2008-01-08 11:32 . 2008-01-08 11:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-08 09:10 . 2008-01-08 09:10 <DIR> d-------- C:\WINDOWS\Content.IE5
2008-01-08 00:35 . 2008-01-08 01:08 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-08 00:35 . 2008-01-08 01:08 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-08 00:35 . 2008-01-08 01:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-08 00:34 . 2008-01-08 00:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-06 15:25 . 2008-01-06 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 15:25 . 2008-01-06 15:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-06 15:25 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-05 22:05 . 2008-01-06 05:54 <DIR> d-------- C:\Programmer\Enigma Software Group
2008-01-05 16:44 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-05 13:14 . 2008-01-05 13:14 <DIR> d-------- C:\Programmer\Lavasoft
2008-01-05 13:14 . 2008-01-05 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-02 12:44 . 2008-01-02 12:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2007-12-29 17:23 . 2007-12-29 17:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-29 17:23 . 2007-12-29 17:23 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-29 17:13 . 2007-12-29 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-29 17:12 . 2007-12-29 17:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2007-12-25 09:15 . 2007-12-25 09:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\F-Secure
2007-12-25 04:08 . 2007-12-25 04:08 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS
2007-12-25 03:48 . 2007-12-25 10:10 <DIR> d-------- C:\Programmer\F-Secure Internet Security
2007-12-25 03:48 . 2007-12-25 03:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-12-25 03:48 . 2007-12-25 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-12-19 16:26 . 2007-12-19 16:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegistrySmart
2007-12-19 10:31 . 2007-12-19 10:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegClean
2007-12-19 09:17 . 2007-12-19 09:17 <DIR> d-------- C:\Programmer\Microsoft Works
2007-12-19 09:12 . 2007-12-19 09:12 <DIR> d-------- C:\Programmer\Microsoft.NET
2007-12-19 09:07 . 2007-12-19 09:07 <DIR> d-------- C:\Programmer\Microsoft Visual Studio 8
2007-12-19 09:04 . 2008-01-09 21:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-18 21:51 . 2007-12-19 11:46 <DIR> d-------- C:\Programmer\RegClean
2007-12-18 20:27 . 2007-12-23 11:01 <DIR> d-------- C:\Programmer\Mozilla Thunderbird
2007-12-18 20:27 . 2007-12-18 20:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2007-12-17 23:30 . 2007-12-17 23:42 <DIR> d-------- C:\Programmer\VisualRoute
2007-12-17 23:00 . 2007-12-17 23:14 <DIR> d-------- C:\Programmer\VisualRoute Server
2007-12-13 22:57 . 2007-12-13 22:57 3 --a------ C:\WINDOWS\msdbc_7489515.dat
2007-12-13 22:49 . 2008-01-05 23:31 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-13 12:37 . 2007-12-13 12:38 <DIR> d-------- C:\WINDOWS\system32\RPC
2007-12-12 11:31 . <DIR> C:\Programmer\Fælles filer\ChaosGroup
2007-12-12 11:30 . 2007-12-12 11:30 <DIR> d-------- C:\Programmer\Chaos Group

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 14:13 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-01-10 14:13 --------- d-----w C:\Programmer\TDCpakke
2008-01-10 13:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-01-10 11:14 --------- d-----w C:\Programmer\SUPERAntiSpyware
2008-01-10 09:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-01-09 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-09 11:34 --------- d-----w C:\Programmer\Yahoo!
2008-01-08 21:45 --------- d-----w C:\Programmer\DarkSim
2008-01-08 21:43 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-01-08 08:40 --------- d-----w C:\Programmer\GXTranscoder.net AWE
2008-01-08 08:38 --------- d-----w C:\Programmer\The Human Genome Project
2008-01-06 00:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2008-01-05 12:13 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2007-12-25 20:05 --------- d-----w C:\Programmer\Apple Software Update
2007-12-19 08:16 --------- d-----w C:\Programmer\MSBuild
2007-12-18 19:22 --------- d-----w C:\Programmer\Mozilla Firefox 3 Beta 1
2007-12-18 11:10 --------- d-----w C:\Programmer\MagicISO
2007-12-17 21:20 --------- d-----w C:\Programmer\Fælles filer\Logitech
2007-12-17 21:16 --------- d-----w C:\Programmer\Fælles filer\LogiShrd
2007-12-17 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-17 21:13 --------- d-----w C:\Programmer\Logitech
2007-12-14 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-09 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-12-06 14:53 --------- d-----w C:\Programmer\MDM
2007-11-23 11:54 --------- d-----w C:\Programmer\Java
2007-11-23 08:08 --------- d-----w C:\Programmer\Google
2007-11-19 17:08 --------- d-----w C:\Programmer\JAlbumWin
2007-11-18 21:31 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-18 21:30 --------- d-----w C:\Programmer\Fælles filer\Skype
2007-11-13 18:22 --------- d-----w C:\Programmer\QuickTime
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 07:45 --------- d-----w C:\Programmer\Fælles filer\Symantec Shared
2007-11-11 13:24 --------- d-----w C:\Programmer\Onlytorrents
2007-10-27 10:45 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-27 10:45 233,472 ------w C:\WINDOWS\Setup1.exe
2001-03-28 10:02 122,880 -c--a-w C:\WINDOWS\inf\Agfa\message.exe
2006-11-12 07:31 131,145 --sha-r C:\WINDOWS\system32\ope81.exe
2006-11-12 07:35 131,145 --sha-r C:\WINDOWS\system32\ope8B.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-09_13.44.31.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-09 12:01:25 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-10 13:41:54 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-09 12:01:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-10 13:41:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-09 12:01:25 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-10 13:41:54 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-09 12:01:25 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-10 13:41:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-09 12:01:26 13,774,848 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-10 13:41:55 13,791,232 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-09 12:01:26 462,848 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-10 13:41:55 458,752 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-08-28 22:22:36 579,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACACEDAO.DLL
+ 2007-08-24 04:17:04 165,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACCWIZ.DLL
+ 2007-08-28 22:22:30 1,754,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACECORE.DLL
+ 2007-08-28 22:22:36 579,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEDAO.DLL
+ 2007-08-28 22:22:38 50,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEERR.DLL
+ 2007-08-28 22:22:40 193,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEES.DLL
+ 2007-08-24 02:46:10 341,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEEXCH.DLL
+ 2007-08-24 02:46:14 632,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEEXCL.DLL
+ 2007-08-24 02:46:16 210,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACELTS.DLL
+ 2007-08-24 02:46:18 281,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODBC.DLL
+ 2007-08-24 02:46:20 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODDBS.DLL
+ 2007-08-24 02:46:22 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODEXL.DLL
+ 2007-08-24 02:46:22 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODPDX.DLL
+ 2007-08-24 02:46:22 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEODTXT.DLL
+ 2007-08-28 22:22:44 390,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEOLEDB.DLL
+ 2007-08-24 02:46:28 394,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEPDE.DLL
+ 2007-08-24 02:46:30 263,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACER2X.DLL
+ 2007-08-24 02:46:32 292,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACER3X.DLL
+ 2007-08-24 02:46:34 58,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACERCLR.DLL
+ 2007-08-24 02:46:38 554,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEREP.DLL
+ 2007-08-24 02:46:40 226,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACETXT.DLL
+ 2007-08-28 23:52:12 201,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEWSS.DLL
+ 2007-08-24 02:46:44 374,200 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ACEXBE.DLL
+ 2007-08-28 23:53:12 402,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CDLMSO.DLL
+ 2007-08-24 02:45:50 208,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CLVIEW.EXE
+ 2007-08-24 04:38:36 67,952 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\COLLIMP.DLL
+ 2007-08-28 22:19:32 136,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CONTAB32.DLL
+ 2007-08-24 02:36:26 192,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\CONTACTPICKER.DLL
+ 2007-08-24 03:49:12 89,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\DLGSETP.DLL
+ 2007-08-24 05:58:50 237,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\DRAT.EXE
+ 2007-08-24 02:18:14 442,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\DWDCW20.DLL
+ 2007-08-24 02:18:18 437,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\DWTRIG20.EXE
+ 2007-10-05 19:37:38 17,927,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2007-08-23 00:03:38 1,195,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FM20.DLL
+ 2007-08-23 00:19:06 78,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FORM.DLL
+ 2007-08-25 18:11:44 1,685,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FPSRVUTL.DLL
+ 2007-08-28 22:45:00 985,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\FPWEC.DLL
+ 2007-10-02 18:45:34 2,530,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GRAPH.EXE
+ 2007-08-28 23:23:36 340,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVE.EXE
+ 2007-08-28 23:23:52 6,192,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEACCOUNTMGR.DLL
+ 2007-08-28 23:24:06 286,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEAUDIO.DLL
+ 2007-08-24 05:59:20 68,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEAUDITSERVICE.EXE
+ 2007-08-28 23:24:08 36,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEAUTOPROXY.DLL
+ 2007-08-28 23:24:10 301,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECALENDARTOOL.DLL
+ 2007-08-24 05:59:26 36,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECLEAN.EXE
+ 2007-08-28 23:24:24 2,690,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECOMMONCOMPONENTS.DLL
+ 2007-08-28 23:24:52 3,514,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2007-08-28 23:25:00 118,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2007-08-28 23:25:02 769,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECOMPONENTMGR.DLL
+ 2007-08-28 23:25:10 1,362,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVECRYPTO.DLL
+ 2007-08-24 06:00:16 378,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEDATAVIEWERTOOL.DLL
+ 2007-08-28 23:25:22 3,073,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEDOCUMENTSHARETOOL.DLL
+ 2007-08-28 23:25:32 287,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEFETCHSERVICES.DLL
+ 2007-08-24 06:00:36 200,048 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEGAMES.DLL
+ 2007-08-24 06:00:40 320,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEMIGRATOR.EXE
+ 2007-08-24 06:00:46 1,562,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEMISC.DLL
+ 2007-08-24 06:00:48 33,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEMONITOR.EXE
+ 2007-08-24 06:00:50 25,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVENEW.DLL
+ 2007-08-24 06:00:52 225,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEPROJECTTOOLSET.DLL
+ 2007-08-28 23:25:54 7,053,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVERESOURCE.DLL
+ 2007-08-24 06:01:22 2,212,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESHELLEXTENSIONS.DLL
+ 2007-08-24 06:01:28 364,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESKETCHTOOL.DLL
+ 2007-08-24 06:01:30 19,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESTDURLLAUNCHER.EXE
+ 2007-08-28 23:26:12 2,740,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESTORAGEMGR.DLL
+ 2007-08-28 23:26:18 36,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESYSTEMMODE.DLL
+ 2007-08-24 06:01:46 224,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVESYSTEMSERVICES.DLL
+ 2007-08-28 23:26:22 1,165,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVETEXTTOOLS.DLL
+ 2007-08-28 23:26:34 4,747,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVETRANSCEIVER.DLL
+ 2007-08-28 23:26:44 1,398,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEUIFRAMEWORK.DLL
+ 2007-08-24 06:02:24 959,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEUTIL.DLL
+ 2007-08-28 23:26:48 269,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEWEBBROWSERTOOL2.DLL
+ 2007-08-24 06:02:34 573,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEWEBPLATFORMSERVICES.DLL
+ 2007-08-28 23:26:54 632,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\GROOVEWEBSERVICES.DLL
+ 2007-08-24 02:36:58 175,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IEAWSDC.DLL
+ 2007-10-05 19:30:22 1,443,880 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\INFOPATH.EXE
+ 2007-10-05 19:30:40 5,460,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IPDESIGN.DLL
+ 2007-10-05 19:31:06 5,287,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IPEDITOR.DLL
+ 2007-08-24 04:43:06 179,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\IPOLK.DLL
+ 2007-08-28 23:45:54 831,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MEDCAT.DLL
+ 2007-08-24 03:49:40 342,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MIMEDIR.DLL
+ 2007-08-28 22:38:10 500,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MORPH9.DLL
+ 2007-08-28 22:13:52 10,367,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSACCESS.EXE
+ 2007-08-24 04:17:48 69,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSAEXP30.DLL
+ 2007-08-28 23:52:02 120,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSCONV97.DLL
+ 2007-09-14 20:45:58 16,901,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-28 22:20:06 163,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSOCF.DLL
+ 2007-08-28 22:20:12 17,304 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSOCFU.DLL
+ 2007-09-06 16:55:08 431,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSODCW.DLL
+ 2007-08-24 04:50:10 29,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSOEURO.DLL
+ 2007-08-27 19:20:14 6,637,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSORES.DLL
+ 2007-08-28 23:18:20 439,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSORUN.DLL
+ 2007-08-28 22:38:46 9,584,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSPUB.EXE
+ 2007-08-24 02:40:16 674,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSQRY32.EXE
+ 2007-08-23 00:12:20 507,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSSOAP30.DLL
+ 2007-08-28 23:45:58 835,952 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSTORDB.EXE
+ 2007-08-28 23:46:06 542,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\MSTORES.DLL
+ 2007-08-24 02:37:50 68,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\NAME.DLL
+ 2007-10-05 19:44:24 14,168,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OART.DLL
+ 2007-10-02 18:51:22 8,436,776 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-09-02 00:55:16 235,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ODEPLOY.EXE
+ 2007-08-28 23:37:40 7,039,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OFFOWC.DLL
+ 2007-08-28 23:19:24 1,654,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-24 03:06:28 277,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OIS.EXE
+ 2007-08-24 03:06:32 1,000,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OISAPP.DLL
+ 2007-08-24 03:06:38 288,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OISGRAPH.DLL
+ 2007-08-28 22:20:20 2,949,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OLMAPI32.DLL
+ 2007-08-24 04:42:40 663,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OMSMAIN.DLL
+ 2007-08-24 04:42:44 195,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OMSXP32.DLL
+ 2007-08-28 23:49:28 606,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONBTTNIE.DLL
+ 2007-08-28 23:49:34 667,544 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONBTTNOL.DLL
+ 2007-08-28 22:43:30 1,022,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONENOTE.EXE
+ 2007-08-24 03:45:42 101,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONENOTEM.EXE
+ 2007-08-24 03:45:42 75,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONFILTER.DLL
+ 2007-08-24 03:45:46 1,167,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONLIBS.DLL
+ 2007-10-12 20:08:52 6,588,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONMAIN.DLL
+ 2007-08-28 23:31:42 785,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\ONSYNCPC.DLL
+ 2007-09-02 00:55:54 6,540,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OSETUP.DLL
+ 2007-06-07 18:51:00 465,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLFLTR.DLL
+ 2007-08-28 22:20:44 600,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLMIME.DLL
+ 2007-09-06 17:01:10 12,836,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLOOK.EXE
+ 2007-08-28 22:22:04 180,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\OUTLPH.DLL
+ 2007-09-06 16:50:34 485,232 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PORTCONN.DLL
+ 2007-08-28 22:06:16 467,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-28 22:06:44 7,990,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2007-08-28 23:38:22 2,016,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PPTVIEW.EXE
+ 2007-08-24 02:43:28 138,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PRTF9.DLL
+ 2007-08-23 00:19:06 79,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PSOM.DLL
+ 2007-08-24 03:51:48 416,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PSTPRX32.DLL
+ 2007-08-28 22:39:14 625,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PTXT9.DLL
+ 2007-08-24 02:43:36 593,296 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\PUBCONV.DLL
+ 2007-08-24 04:50:10 41,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\REFEDIT.DLL
+ 2007-08-24 04:43:20 747,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\REGFORM.EXE
+ 2007-08-23 00:19:08 22,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\REVERSE.DLL
+ 2007-08-24 03:52:08 266,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SCNPST32.DLL
+ 2007-08-24 03:52:10 275,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SCNPST64.DLL
+ 2007-09-06 16:55:22 505,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SELFCERT.EXE
+ 2007-09-02 00:55:34 442,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SETUP.EXE
+ 2007-08-24 04:17:54 505,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SOA.DLL
+ 2007-06-07 18:51:00 125,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\SSGEN.DLL
+ 2007-08-28 22:28:26 2,330,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\STSLIST.DLL
+ 2007-08-23 00:19:08 32,608 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\THOCRAPI.DLL
+ 2007-08-23 00:19:08 129,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWCUTCHR.DLL
+ 2007-08-23 00:19:10 90,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWCUTLIN.DLL
+ 2007-08-23 00:19:10 60,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWLAY32.DLL
+ 2007-08-23 00:19:12 30,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWORIENT.DLL
+ 2007-08-23 00:19:14 54,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWRECE.DLL
+ 2007-08-23 00:19:14 22,416 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWRECS.DLL
+ 2007-08-23 00:19:16 79,776 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\TWSTRUCT.DLL
+ 2007-06-27 19:58:12 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VBE6.DLL
+ 2007-08-24 06:10:14 1,846,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL
+ 2007-08-24 06:10:28 3,735,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\VVIEWER.DLL
+ 2007-08-28 22:16:00 350,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 17:03:02 4,280,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WRD12CNV.DLL
+ 2007-08-28 23:07:58 24,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WRD12EXE.EXE
+ 2007-09-06 16:56:32 17,490,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\WWLIB.DLL
+ 2007-08-23 00:19:18 1,198,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XIMAGE3B.DLL
+ 2007-10-02 19:00:06 14,708,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2007-08-24 04:14:14 13,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XLCALL32.DLL
+ 2007-08-23 00:19:20 535,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6215\XPAGE3C.DLL
- 2007-12-20 06:06:40 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-01-09 20:37:12 1,165,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2007-12-20 06:06:40 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-01-09 20:37:13 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-12-20 06:06:40 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-01-09 20:37:12 159,504 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2007-12-20 06:06:40 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-01-09 20:37:12 184,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2007-12-20 06:06:40 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-01-09 20:37:13 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2007-12-20 06:06:40 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-01-09 20:37:13 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-12-20 06:06:40 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-01-09 20:37:14 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-12-20 06:06:40 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-01-09 20:37:12 845,584 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2007-12-20 06:06:40 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-01-09 20:37:13 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2007-12-20 06:06:40 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-01-09 20:37:13 272,648 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2007-12-20 06:06:40 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-01-09 20:37:13 888,080 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-12-20 06:06:40 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-01-09 20:37:12 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-12-19 22:16:56 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0406-0000-0000000FF1CE}\misc.exe
+ 2008-01-09 20:43:31 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0406-0000-0000000FF1CE}\misc.exe
- 2007-12-19 22:17:12 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-01-09 20:43:54 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2007-12-20 07:10:30 439,608 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-10 09:40:12 439,608 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-01-10 14:14:00 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_8d4.dat
+ 2008-01-10 14:14:00 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_908.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFB8AD19-47BE-4D96-8E93-DA01414A979E}]
2006-10-18 13:18 671744 --a------ C:\PROGRA~1\ONLYTO~1\ONLYTO~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{A08FB30D-51C4-4E54-AA5E-FF18739802EA}]
@=Mediafour Mac Volume Icons

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06 1318912]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 20:02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [ ]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RoxioEngineUtility"="C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe" [ ]
"NWEReboot"="" []
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38 1757184]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 15:41 45056]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Acrobat Assistant 8.0"="C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46 624248]
"Adobe Version Cue CS2"="C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58 856064]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"Norman ZANDA"="C:\Programmer\TDCpakke\Npm\bin\ZLH.exe" [2007-12-10 09:22 273520]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"RoxioDragToDisc"="C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-24 23:18 868352]
"RoxioAudioCentral"="C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-23 20:12 319488]
"PWRISOVM.EXE"="C:\Programmer\PowerISO\PWRISOVM.EXE" [2006-05-20 11:13 188416]
"MediafourGettingStartedWithMacDrive6"="C:\Programmer\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 12:12 86016]
"Mediafour Mac Volume Notifications"="C:\Programmer\Fælles filer\Mediafour\MACVNTFY.exe" [ ]
"MDDiskProtect.exe"="C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe" [2005-04-15 14:54 106496]
"LVCOMSX"="C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe" [ ]
"LogitechQuickCamRibbon"="C:\Programmer\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"LogitechCommunicationsManager"="C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 16:53 15360]
"DWQueuedReporting"="C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
EPSON Background Monitor.lnk - C:\Programmer\EPSON\ESM2\STMS.exe [1999-06-07 11:11:18]
NkbMonitor.exe.lnk - C:\Programmer\Nikon\PictureProject\NkbMonitor.exe [2007-06-13 12:35:11]
PopChar.lnk - C:\Programmer\ergonis\PopChar\PopChar.exe [2005-05-23 11:47:38]
Windows-pc-s›gning.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2006-04-30 08:57]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 16:31]
R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2006-09-13 19:53]
R2 atalk;Miramar AppleTalk Protocol;C:\WINDOWS\system32\DRIVERS\atalk.sys [2002-11-19 16:22]
R2 atfsd;Miramar AppleTalk File System Client;C:\WINDOWS\system32\DRIVERS\atfsd.sys [2002-11-19 16:28]
R2 ATMsg;AppleTalk Messenger;C:\Programmer\Miramar\PC MACLAN\ATMsg.exe [2002-11-19 16:25]
R2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit;"C:\Programmer\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe" [2007-09-24 16:05]
R2 mi-raysat_VIZ2008_32;mental ray 3.5 Satellite for Autodesk VIZ 2008;C:\Programmer\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe [2007-03-07 14:32]
R2 Miramar AppleTalk File Server;Miramar AppleTalk File Server;"C:\Programmer\Miramar\PC MACLAN\ATSERVER.EXE" [2002-11-19 16:07]
R2 Miramar AppleTalk Print Server;Miramar AppleTalk Print Server;"C:\Programmer\Miramar\PC MACLAN\ATSPOOL.EXE" [2002-11-19 16:16]
R2 Ndiskio;Ndiskio;C:\Programmer\TDCpakke\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R2 NVOY;Norman's Very Own supplY of resources;"C:\Programmer\TDCpakke\npm\bin\nvoy.exe" [2007-09-18 12:01]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 10:45]
R3 nvcoas;Norman Virus Control on-access component;"C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe" [2007-12-10 14:36]
R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE" [2007-09-18 12:41]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-07-26 20:19]
S1 NPROSEC;Norman Security driver;C:\Programmer\TDCpakke\Npm\bin\nprosec.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-10 14:16:52 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
"2008-01-10 02:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Programmer\RegClean\RegClean.ex
- C:\Programmer\RegClean
"2008-01-10 02:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmer\RegistrySmart\RegistrySmart.ex
- C:\Programmer\RegistrySmart
"2008-01-10 06:45:30 C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F91048F-2705-4C2A-BC56-2F538D219348}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2008-01-10 15:42:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-10 14:41:36
ComboFix2.txt 2008-01-09 12:46:19
.
2008-01-09 06:06:04 --- E O F ---

Synes godt om

oleabirch Nybegynder

13. januar 2008 - 12:01 #16

Det skulle være den sidste, selvom datoen undrer mig.

Synes godt om

fromsej Praktikant

13. januar 2008 - 12:22 #17

Det er det ikke, hmm.
Prøv at slette filen C:\combofix.txt
Genstart så og kør CFScript igen.

Synes godt om

oleabirch Nybegynder

13. januar 2008 - 15:54 #18

ComboFix 08-01-11.3 - Administrator 2008-01-13 14:59:18.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.593 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Skrivebord\renseværktøj\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Skrivebord\renseværktøj\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\drivers\lvuvc.hs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LVUVC

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-09 21:44 . 2008-01-09 21:44 <DIR> d-------- C:\Programmer\Microsoft Expression
2008-01-09 15:11 . 2008-01-09 15:17 3,538 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-09 15:10 . 2008-01-09 15:17 <DIR> d-------- C:\SmitfraudFix
2008-01-09 14:54 . 2008-01-09 14:55 1,048,368 --a------ C:\SmitfraudFix.exe
2008-01-09 14:16 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-09 14:16 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-09 14:16 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-09 14:16 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-09 14:16 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-09 14:16 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-09 13:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 12:39 . 2008-01-09 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-09 12:34 . 2008-01-09 12:34 <DIR> d-------- C:\Programmer\CCleaner
2008-01-09 07:06 . 2008-01-09 07:06 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-08 13:40 . 2008-01-08 13:40 <DIR> d-------- C:\Programmer\Trend Micro
2008-01-08 11:32 . 2008-01-08 11:32 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-08 09:10 . 2008-01-08 09:10 <DIR> d-------- C:\WINDOWS\Content.IE5
2008-01-08 00:35 . 2008-01-08 01:08 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-08 00:35 . 2008-01-08 01:08 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-08 00:35 . 2008-01-08 01:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-08 00:34 . 2008-01-08 00:53 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-06 15:25 . 2008-01-06 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 15:25 . 2008-01-06 15:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-06 15:25 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-05 22:05 . 2008-01-06 05:54 <DIR> d-------- C:\Programmer\Enigma Software Group
2008-01-05 16:44 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-05 13:14 . 2008-01-05 13:14 <DIR> d-------- C:\Programmer\Lavasoft
2008-01-05 13:14 . 2008-01-05 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-02 12:44 . 2008-01-02 12:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2007-12-29 17:23 . 2007-12-29 17:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-29 17:23 . 2007-12-29 17:23 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-29 17:13 . 2007-12-29 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-29 17:12 . 2007-12-29 17:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2007-12-25 09:15 . 2007-12-25 09:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\F-Secure
2007-12-25 04:08 . 2007-12-25 04:08 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS
2007-12-25 03:48 . 2007-12-25 10:10 <DIR> d-------- C:\Programmer\F-Secure Internet Security
2007-12-25 03:48 . 2007-12-25 03:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-12-25 03:48 . 2007-12-25 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-12-19 16:26 . 2007-12-19 16:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegistrySmart
2007-12-19 10:31 . 2007-12-19 10:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\RegClean
2007-12-19 09:17 . 2007-12-19 09:17 <DIR> d-------- C:\Programmer\Microsoft Works
2007-12-19 09:12 . 2007-12-19 09:12 <DIR> d-------- C:\Programmer\Microsoft.NET
2007-12-19 09:07 . 2007-12-19 09:07 <DIR> d-------- C:\Programmer\Microsoft Visual Studio 8
2007-12-19 09:04 . 2008-01-09 21:41 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-18 21:51 . 2007-12-19 11:46 <DIR> d-------- C:\Programmer\RegClean
2007-12-18 20:27 . 2007-12-23 11:01 <DIR> d-------- C:\Programmer\Mozilla Thunderbird
2007-12-18 20:27 . 2007-12-18 20:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2007-12-17 23:30 . 2007-12-17 23:42 <DIR> d-------- C:\Programmer\VisualRoute
2007-12-17 23:00 . 2007-12-17 23:14 <DIR> d-------- C:\Programmer\VisualRoute Server
2007-12-13 22:57 . 2007-12-13 22:57 3 --a------ C:\WINDOWS\msdbc_7489515.dat
2007-12-13 22:49 . 2008-01-05 23:31 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-13 12:37 . 2007-12-13 12:38 <DIR> d-------- C:\WINDOWS\system32\RPC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 14:12 --------- d-----w C:\Programmer\TDCpakke
2008-01-13 13:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-01-13 10:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-01-13 08:20 --------- d-----w C:\Programmer\Zattoo
2008-01-13 08:20 --------- d-----w C:\Programmer\Windows Media Connect 2
2008-01-13 08:20 --------- d-----w C:\Programmer\The Palette - Melody Composing Tool 4.4.3
2008-01-13 08:20 --------- d-----w C:\Programmer\DivX
2008-01-13 08:19 --------- d-----w C:\Programmer\Raster Design 2006
2008-01-13 08:19 --------- d-----w C:\Programmer\MagicISO
2008-01-13 08:19 --------- d-----w C:\Programmer\JAlbumWin
2008-01-13 08:19 --------- d-----w C:\Programmer\JAlbum7.2
2008-01-13 08:19 --------- d-----w C:\Programmer\Grabber
2008-01-13 08:19 --------- d-----w C:\Programmer\FLAC
2008-01-13 08:19 --------- d-----w C:\Programmer\blaxxun Contact
2008-01-13 08:19 --------- d-----w C:\Programmer\Babelgum
2008-01-13 08:19 --------- d-----w C:\Programmer\Autodesk Map 2004
2008-01-13 08:19 --------- d-----w C:\Programmer\Autodesk Architectural Desktop 2007
2008-01-13 08:19 --------- d-----w C:\Programmer\AutoCAD Architecture 2008
2008-01-13 08:19 --------- d-----w C:\Programmer\AutoCAD 2008
2008-01-13 08:19 --------- d-----w C:\Programmer\AutoCAD 2007
2008-01-12 19:09 --------- d-----w C:\Programmer\SUPERAntiSpyware
2008-01-09 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-09 11:34 --------- d-----w C:\Programmer\Yahoo!
2008-01-08 21:45 --------- d-----w C:\Programmer\DarkSim
2008-01-08 21:43 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-01-08 08:40 --------- d-----w C:\Programmer\GXTranscoder.net AWE
2008-01-08 08:38 --------- d-----w C:\Programmer\The Human Genome Project
2008-01-06 00:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2008-01-05 12:13 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2007-12-25 20:05 --------- d-----w C:\Programmer\Apple Software Update
2007-12-19 08:16 --------- d-----w C:\Programmer\MSBuild
2007-12-18 19:22 --------- d-----w C:\Programmer\Mozilla Firefox 3 Beta 1
2007-12-17 21:20 --------- d-----w C:\Programmer\Fælles filer\Logitech
2007-12-17 21:16 --------- d-----w C:\Programmer\Fælles filer\LogiShrd
2007-12-17 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-17 21:13 --------- d-----w C:\Programmer\Logitech
2007-12-14 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-12 10:32 --------- d-----w C:\Programmer\Fælles filer\ChaosGroup
2007-12-12 10:30 --------- d-----w C:\Programmer\Chaos Group
2007-12-09 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2007-12-09 08:46 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-12-06 14:53 --------- d-----w C:\Programmer\MDM
2007-11-23 11:54 --------- d-----w C:\Programmer\Java
2007-11-23 08:08 --------- d-----w C:\Programmer\Google
2007-11-18 21:31 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-18 21:30 --------- d-----w C:\Programmer\Fælles filer\Skype
2007-11-13 18:22 --------- d-----w C:\Programmer\QuickTime
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-27 10:45 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-27 10:45 233,472 ------w C:\WINDOWS\Setup1.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-13_14.01.58.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 12:19:28 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-13 13:58:59 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 12:19:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-13 13:58:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 12:19:29 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-13 13:58:59 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 12:19:29 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-13 13:58:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 12:19:29 13,807,616 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-13 13:58:59 13,807,616 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 12:19:29 458,752 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-13 13:58:59 458,752 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-13 14:13:11 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_8e8.dat
+ 2008-01-13 14:13:10 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_948.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{A08FB30D-51C4-4E54-AA5E-FF18739802EA}]
@=Mediafour Mac Volume Icons

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06 1318912]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53 15360]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-19 20:02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [ ]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RoxioEngineUtility"="C:\Programmer\Fælles filer\Roxio Shared\System\EngUtil.exe" [ ]
"NWEReboot"="" []
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2005-04-08 12:38 1757184]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 15:41 45056]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Acrobat Assistant 8.0"="C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 21:46 624248]
"Adobe Version Cue CS2"="C:\Programmer\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58 856064]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"Norman ZANDA"="C:\Programmer\TDCpakke\Npm\bin\ZLH.exe" [2007-12-10 09:22 273520]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"RoxioDragToDisc"="C:\Programmer\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-24 23:18 868352]
"RoxioAudioCentral"="C:\Programmer\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-23 20:12 319488]
"PWRISOVM.EXE"="C:\Programmer\PowerISO\PWRISOVM.EXE" [2006-05-20 11:13 188416]
"MediafourGettingStartedWithMacDrive6"="C:\Programmer\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 12:12 86016]
"Mediafour Mac Volume Notifications"="C:\Programmer\Fælles filer\Mediafour\MACVNTFY.exe" [ ]
"MDDiskProtect.exe"="C:\Programmer\Mediafour\MacDrive\MDDiskProtect.exe" [2005-04-15 14:54 106496]
"LVCOMSX"="C:\Programmer\Fælles filer\Logitech\LComMgr\LVComSX.exe" [ ]
"LogitechQuickCamRibbon"="C:\Programmer\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"LogitechCommunicationsManager"="C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 16:53 15360]
"DWQueuedReporting"="C:\PROGRA~1\FLLESF~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
EPSON Background Monitor.lnk - C:\Programmer\EPSON\ESM2\STMS.exe [1999-06-07 11:11:18]
NkbMonitor.exe.lnk - C:\Programmer\Nikon\PictureProject\NkbMonitor.exe [2007-06-13 12:35:11]
PopChar.lnk - C:\Programmer\ergonis\PopChar\PopChar.exe [2005-05-23 11:47:38]
Windows-pc-s›gning.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2006-04-30 08:57]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 16:31]
R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2006-09-13 19:53]
R2 atalk;Miramar AppleTalk Protocol;C:\WINDOWS\system32\DRIVERS\atalk.sys [2002-11-19 16:22]
R2 atfsd;Miramar AppleTalk File System Client;C:\WINDOWS\system32\DRIVERS\atfsd.sys [2002-11-19 16:28]
R2 ATMsg;AppleTalk Messenger;C:\Programmer\Miramar\PC MACLAN\ATMsg.exe [2002-11-19 16:25]
R2 mi-raysat_3dsMax2008_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit;"C:\Programmer\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe" [2007-09-24 16:05]
R2 mi-raysat_VIZ2008_32;mental ray 3.5 Satellite for Autodesk VIZ 2008;C:\Programmer\Autodesk\VIZ2008\mentalray\satellite\raysat_VIZ2008_32server.exe [2007-03-07 14:32]
R2 Miramar AppleTalk File Server;Miramar AppleTalk File Server;"C:\Programmer\Miramar\PC MACLAN\ATSERVER.EXE" [2002-11-19 16:07]
R2 Miramar AppleTalk Print Server;Miramar AppleTalk Print Server;"C:\Programmer\Miramar\PC MACLAN\ATSPOOL.EXE" [2002-11-19 16:16]
R2 Ndiskio;Ndiskio;C:\Programmer\TDCpakke\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R2 NVOY;Norman's Very Own supplY of resources;"C:\Programmer\TDCpakke\npm\bin\nvoy.exe" [2007-09-18 12:01]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-09-06 10:45]
R3 nvcoas;Norman Virus Control on-access component;"C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe" [2007-12-10 14:36]
R3 NVCScheduler;Norman Virus Control Scheduler;"C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE" [2007-09-18 12:41]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-07-26 20:19]
S1 NPROSEC;Norman Security driver;C:\Programmer\TDCpakke\Npm\bin\nprosec.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 14:15:40 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
"2008-01-11 02:31:04 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Programmer\RegClean\RegClean.exe
- C:\Programmer\RegClean
"2008-01-11 02:31:30 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmer\RegistrySmart\RegistrySmart.ex
- C:\Programmer\RegistrySmart
"2008-01-13 14:28:26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{4F91048F-2705-4C2A-BC56-2F538D219348}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2008-01-13 15:43:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 14:41:55
ComboFix2.txt 2008-01-13 13:04:13
ComboFix3.txt 2008-01-12 23:31:06
ComboFix4.txt 2008-01-12 22:32:42
ComboFix5.txt 2008-01-12 16:13:38
.
2008-01-09 06:06:04 --- E O F ---
jeg mener at jeg har gennemført forrige procedure.

Synes godt om

fromsej Praktikant

13. januar 2008 - 16:59 #19

Din log er ren. Hvis dine problemer er væk, så er det tid til lidt oprydning. Hent denne lille fil og gem den i roden af dit C-drev (C:\SWF_oprydning.exe):
http://www.ctrlaltdel.dk/SWF_oprydning.exe

Dobbeltklik på SWF_oprydning.exe og følg vejledningen som programmet giver. Når programmet er færdigt med at rydde op vil Notesblok åbne en log - kopier indholdet af log'en herind og luk herefter Notesblok.
Genstart din computer for at afslutte oprydningen....

Når det er gjort skal du rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=4&PN=1) - vent et par minutter - aktiver systemgendannelse. Gå herefter i Start -> Programmer -> Tilbehør -> Systemværktøjer -> Systemgendannelse og lav et systemgendannelsespunkt, så du har det at vende tilbage til, hvis noget går galt.

Du får et par gode råd om sikker surfing med på vejen:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Synes godt om

oleabirch Nybegynder

13. januar 2008 - 18:15 #20

Det har været spændende og lærerigt, nu glæder jeg mig til at få et par extra GB Ram
på PCen.

Men Tak Tak Tak for denne gang, jeg vender nok snart tilbage med et office pakke problem, efter et kasseeftersyn skulle der nok blive plads til en lille donation i nærmeste fremtid.

Jeg vil lade mig belære af jeres råd og kaster mig taknemmelig i støvet.

KH.
oleabirch

Synes godt om

fromsej Praktikant

13. januar 2008 - 18:33 #21

Velbekomme. :-)

Donationer kan du ikke i dette forum, og fred også være med det.
Du kan derimod lige markere mit navn i boksen og så klikke på Acceptér, så er spørgsmålet rigtigt afsluttet.

Synes godt om

oleabirch Nybegynder

15. januar 2008 - 11:26 #22

Jeg angav point for sværhedsgrad indledningsvis sammen med mit spørgsmål, hvor og hvorledes kan jeg placere flere point, skal de 60 multipliceres med 21? jeg vil jo meget gerne afslutte den fine behandling jeg har modtaget i god ro og orden, men jeg kan altså ikke efter megen søgning greje hvordan.

Synes godt om

Computer Hjælp (Gratis) Mester

15. januar 2008 - 12:51 #23

http://expfaq.dk/tildel_flere_point#tildel_flere_point

Synes godt om

oleabirch Nybegynder

15. januar 2008 - 21:07 #24

Er vi færdige eller hva?, TDC skkerhedspakken har netop i flæng fundet og karantænesat hele 8 trojanere, 7 stk smalltroy.CFU1 fordelt på forskellige filer samt 1 w32 smalltroy.IBQA, og jeg har ikke været i byen udover at have gennemset nogle af mine sædvanlige fredsommelige ca. 150 daglige mails ( man følger jo med), jeg synes lige jeg ville nævne det og er selvfølgelig spændt på hvad du siger til det.

Synes godt om

oleabirch Nybegynder

15. januar 2008 - 21:14 #25

Er vi færdige eller hva?, TDC sikkerhedspakken har netop i flæng opsnappet hele 8 trojanere, 6 <smallTroy.CFU1 1 w 32 Smalltroj.IBQA samt 1 aooo2150. ax. er det noget der giver dig anledning til videre check.

Og jeg har ikke været i byen men kun gennemset mine ca. 150 daglige fredsommelige mails (man skal jo fælge lidt med)

Synes godt om

fromsej Praktikant

15. januar 2008 - 21:19 #26

Hvor præcis blev de fundet?

Synes godt om

oleabirch Nybegynder

15. januar 2008 - 22:10 #27

i en Acmecad (cadconverter) samt nogle dwg filer jeg har til nu ikke konnet opspore dem, det er gamle ting, jeg har slettet karantænerne

Synes godt om

oleabirch Nybegynder

16. januar 2008 - 06:35 #28

TDC sikkerhedspakke har registreret yderligere 2 Trojanere: placering c\systemvolume information\...\rp6\a0002151.exe Trojan Smalltroy,CFWI
Karantænetekst a0002151.exe Smalltroy.CFWI

Synes godt om

fromsej Praktikant

17. januar 2008 - 17:51 #29

Du har ikke deaktiveret systemgendannelse, så den blev nulstillet.
Så ville det problem også være løst.
Husk at genaktivere den rfter en genstart.

Synes godt om

oleabirch Nybegynder

18. januar 2008 - 10:30 #30

Tilbage på pinden igen, mener jeg at have fulgt proceduren ved systemgendannelse, jeg har da et gendannelsestidspnkt, men noget kan selvfølgelig væra kikset i den afsluttende procedure med flueben og genstart

Synes godt om

fromsej Praktikant

18. januar 2008 - 17:31 #31

Har det hjulpet?

Synes godt om

oleabirch Nybegynder

20. januar 2008 - 17:38 #32

ja, sådan ser det ud,ingen uopfordrede henvendelser siden

Synes godt om

fromsej Praktikant

20. januar 2008 - 19:35 #33

Det lyder godt.
Tak for point :-)

Synes godt om

oleabirch Nybegynder

21. januar 2008 - 20:22 #34

Ja, tak for denne gang, det var et hyggeligt i al uhyggen.

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59
virusscanning Af JetteD i Virus	2	10/11/202312:55	10/11/202316:36

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS