hijack log

hej jeg har en hjlog vis nogen kan fortælle mig lidt om hvad den eventuelt repræsentere, jeg har et problem med min stifinder der afviser en del programmer installering blandt andet emptemp som ikke kan læse stigen til stigfinder, der er også en ændring i min yahoo mail men det er måske yahoo der er på vej med noget nyt. ?.

StartupList report, 16-03-2008, 18:40:30
StartupList version: 1.52.2
Started from : D:\ANTISPY\HIJACKTHIS.2.0.0.2.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16608)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\TDCpakke\npm\bin\ELOGSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
C:\Programmer\TDCpakke\npm\bin\nvoy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\TDCpakke\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\Webroot\Washer\WasherSvc.exe
C:\Programmer\TDCpakke\npm\bin\NVCSCHED.EXE
C:\Programmer\TDCpakke\npc\bin\npcsvc32.exe
C:\Programmer\TDCpakke\npm\bin\NJEEVES.EXE
C:\Programmer\TDCpakke\nvc\bin\nvcoas.exe
C:\Programmer\TDCpakke\npc\bin\nuaa.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\TDCpakke\npm\bin\ZLH.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\TDCpakke\nvc\BIN\NIP.EXE
C:\Programmer\TDCpakke\nvc\bin\cclaw.exe
C:\Programmer\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\ntvdm.exe
D:\ANTISPY\HIJACKTHIS.2.0.0.2.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\hhbuur\Menuen Start\Programmer\Start]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menuen Start\Programmer\Start]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SynTPLpr = C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
Norman ZANDA = "C:\Programmer\TDCpakke\npm\bin\ZLH.EXE" /LOAD /SPLASH
NPCTray = "C:\Programmer\TDCpakke\npc\bin\npc_tray.exe" /LOAD
RemoteControl = C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
SpySweeper = "C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

(Default) = "C:\WINDOWS\system32\notepad.exe" "%1"

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /HideWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registreringseditor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

[Java Plug-in 1.6.0_05]
InProcServer32 = C:\Programmer\Java\jre1.6.0_05\bin\npjpi160_05.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\Programmer\TDCpakke\npc\bin\nlf.dll
Protocol #2: C:\Programmer\TDCpakke\npc\bin\nlf.dll
Protocol #3: C:\Programmer\TDCpakke\npc\bin\nlf.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\rsvpsp.dll
Protocol #8: C:\WINDOWS\system32\rsvpsp.dll
Protocol #9: C:\Programmer\TDCpakke\npc\bin\nlf.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI-driver: system32\DRIVERS\ACPI.sys (system)
Driver til Microsoft Embedded-controller: system32\DRIVERS\ACPIEC.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Gatewaytjeneste til programlaget: %SystemRoot%\System32\alg.exe (manual start)
Programadministration: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP-klientprotokol: system32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS-asynkron mediedriver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI-harddiskcontroller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP-klientprotokol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydstubdriver: system32\DRIVERS\audstub.sys (manual start)
Autodesk Licensing Service: "C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe" (manual start)
Tjenesten Background Intelligent Transfer: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Computerbrowser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Cd-rom-driver: system32\DRIVERS\cdrom.sys (system)
Indekseringstjeneste: %SystemRoot%\system32\cisvc.exe (manual start)
Udklipsbog: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft ACPI Control Method-batteri: system32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
COM+-systemprogram: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Kryptografiske tjenester: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Startprogram til DCOM Serverproces: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP-klientprogram: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Diskdriver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
DNS-klient: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Norman eLogger service 6: "C:\Programmer\TDCpakke\npm\bin\ELOGSVC.EXE" (autostart)
Tjenesten Fejlrapportering: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Hændelseslog: %SystemRoot%\system32\services.exe (autostart)
COM+-hændelsessystem: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Hurtigt brugerskift-kompatibilitet: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Driver til diskenhedsstyring: system32\DRIVERS\ftdisk.sys (system)
Standardpakkeklassificering: system32\DRIVERS\msgpc.sys (manual start)
Microsoft UAA-funktionsdriver til High Definition Audio-tjeneste: system32\drivers\HdAudio.sys (manual start)
Microsoft UAA-busdriver til High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Hjælp og support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID-klassedriver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
Huawei DataCard USB Modem and USB Serial: system32\DRIVERS\ewusbmdm.sys (manual start)
i8042-tastatur og PS/2-museportdriver: system32\DRIVERS\i8042prt.sys (system)
Filterdriver til cd-skrivning: system32\DRIVERS\imapi.sys (system)
COM-tjenesten IMAPI cd-skrivning: C:\WINDOWS\system32\imapi.exe (manual start)
Service for Realtek HD Audio (WDM): system32\drivers\RtkHDAud.sys (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Driver til Intel-processor: system32\DRIVERS\intelppm.sys (system)
IPv6-driver til Windows Firewall: system32\drivers\ip6fw.sys (manual start)
Filterdriver til IP-trafik: system32\DRIVERS\ipfltdrv.sys (manual start)
Driver til IP i IP-tunnel: system32\DRIVERS\ipinip.sys (manual start)
Oversætter til IP-netværksadresser: system32\DRIVERS\ipnat.sys (manual start)
IPSEC-driver: system32\DRIVERS\ipsec.sys (system)
Tjeneste til IR-optælling: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA-busdriver: system32\DRIVERS\isapnp.sys (system)
Klassedriver til tastatur: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave-lydmixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Arbejdsstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Tjenesten TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Machine Debug Manager: "C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting - Deling af fjernskrivebord: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Klassedriver til mus: system32\DRIVERS\mouclass.sys (system)
HID-driver til mus: system32\DRIVERS\mouhid.sys (manual start)
Klientomdirigering for WebDav: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
DTC (Distributed Transaction Coordinator): C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Serviceproxy til Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Kvalitetsstyringsproxy til Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)
Driver til Microsoft System Management BIOS: system32\DRIVERS\mssmbios.sys (manual start)
Ndiskio: \??\C:\Programmer\TDCpakke\nse\bin\NDISKIO.SYS (autostart)
Remote Access NDIS TAPI-driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS-protokol til I/O i brugertilstand: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN-driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-grænseflade: system32\DRIVERS\netbios.sys (system)
NetBIOS over TCP/IP: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Netlogon: %SystemRoot%\system32\lsass.exe (manual start)
Netværksforbindelser: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394-netværksdriver: system32\DRIVERS\nic1394.sys (manual start)
NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Norman NJeeves: "C:\Programmer\TDCpakke\npm\bin\NJEEVES.EXE" (manual start)
Norman ZANDA: "C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe" (autostart)
Norman Parental Control: "C:\Programmer\TDCpakke\npc\bin\npcsvc32.exe" (manual start)
Norman Personal Firewall Service: "C:\Programmer\TDCpakke\npf\bin\npfsvc32.exe" (autostart)
Norman Security driver: \??\C:\Programmer\TDCpakke\Ngs\bin\nprosec.sys (system)
Norman Security service: "C:\Programmer\TDCpakke\Ngs\bin\NPROSEC.EXE" (autostart)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Flytbare lagermedier: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Norman User Activity Agent: C:\Programmer\TDCpakke\npc\bin\nuaa.exe (manual start)
nvcfsr: \??\C:\Programmer\TDCpakke\nvc\bin\nvcfsr.sys (manual start)
NvcMFlt: system32\DRIVERS\nvcw32mf.sys (manual start)
nvcoafl51: \??\C:\Programmer\TDCpakke\nvc\bin\nvcoafl51.sys (manual start)
nvcoaft51: \??\C:\Programmer\TDCpakke\nvc\bin\nvcoaft51.sys (manual start)
nvcoarc51: \??\C:\Programmer\TDCpakke\nvc\bin\nvcoarc51.sys (manual start)
Norman Virus Control on-access component: "C:\Programmer\TDCpakke\nvc\bin\nvcoas.exe" (manual start)
Norman Virus Control Scheduler: "C:\Programmer\TDCpakke\npm\bin\NVCSCHED.EXE" (manual start)
Norman's Very Own supplY of resources: "C:\Programmer\TDCpakke\npm\bin\nvoy.exe" (autostart)
Filterdriver til IPX-trafik: system32\DRIVERS\nwlnkflt.sys (manual start)
Driver til IPX-trafikvideresendelse: system32\DRIVERS\nwlnkfwd.sys (manual start)
Texas Instruments OHCI Compliant IEEE 1394-værtscontroller: system32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
PCI-busdriver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\system32\lsass.exe (autostart)
WAN-miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Beskyttet lager: %SystemRoot%\system32\lsass.exe (autostart)
QoS-pakkeplanlægning: system32\DRIVERS\psched.sys (manual start)
PSI: system32\DRIVERS\psi_mf.sys (manual start)
Driver til direkte, parallel forbindelse: system32\DRIVERS\ptilink.sys (manual start)
Driver til Remote Access Auto Connection: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN-miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE-driver: system32\DRIVERS\raspppoe.sys (manual start)
Direkte parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Hjælp til Sessionsstyring til Fjernskrivebord: C:\WINDOWS\system32\sessmgr.exe (manual start)
Filterdriver til digital cd-lydafspilning: system32\DRIVERS\redbook.sys (system)
Routing og Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
RPC (Remote Procedure Call ): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver: system32\DRIVERS\Rtlnicxp.sys (manual start)
SAM (Security Accounts Manager): %SystemRoot%\system32\lsass.exe (autostart)
Chipkort: %SystemRoot%\System32\SCardSvr.exe (manual start)
Opgavestyring: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Alternativt logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Deling af Internetforbindelse: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Hardwaregenkendelse på brugergrænsefladen: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
smserial: system32\DRIVERS\smserial.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Filterdriver til Systemgendannelse: system32\DRIVERS\sr.sys (system)
Tjenesten Systemgendannelse: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP-genkendelsestjeneste: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Spy Sweeper File System Filer Driver: 0BB9: SYSTEM32\Drivers\SSFS0BB9.SYS (system)
Spy Sweeper Hookrack MiniDriver: SYSTEM32\Drivers\SSHRMD.SYS (system)
Spy Sweeper Interdiction Driver: SYSTEM32\Drivers\SSIDRV.SYS (system)
Webroot Spy Sweeper Keylogger Shield Keyboard Filter: System32\Drivers\sskbfd.sys (manual start)
Windows-billedscanning: %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)
Software-busdriver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable-synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{43DFD990-FF51-476F-9F7A-7CC0B0838A4E} (manual start)
Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start)
Microsoft Kernel System Audio-enhed: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telekommunikation: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP-protokoldriver: system32\DRIVERS\tcpip.sys (system)
Norman Firewall TDI driver: \??\C:\WINDOWS\system32\drivers\TDI_RD.SYS (system)
Driver til terminalenhed: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Temaer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Opdateringsdriver til mikrokode: system32\DRIVERS\update.sys (manual start)
Vært for Universal Plug and Play-enhed: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
UPS (Uninterruptible Power Supply): %SystemRoot%\System32\ups.exe (manual start)
Overordnet Microsoft USB-standarddriver: system32\DRIVERS\usbccgp.sys (manual start)
Miniportdriver til Microsoft USB 2.0-udvidet værtscontroller: system32\DRIVERS\usbehci.sys (manual start)
USB2-aktiveret hub: system32\DRIVERS\usbhub.sys (manual start)
Driver til USB-lagerenhed: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB-universel værtscontroller miniportdriver: system32\DRIVERS\usbuhci.sys (manual start)
VGA-skærmkort.: \SystemRoot\System32\drivers\vga.sys (system)
viamraid: system32\DRIVERS\viamraid.sys (system)
Øjebliksbillede af diskenhed: %SystemRoot%\System32\vssvc.exe (manual start)
Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP: system32\DRIVERS\w29n51.sys (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP-driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINNM WDM-kompatibel lyddriver: system32\drivers\wdmaud.sys (manual start)
Webklient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Webroot Spy Sweeper Engine: "C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Serienummertjenesten for bærbart medie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Windows Management-grænseflade til ACPI: system32\DRIVERS\wmiacpi.sys (system)
WMI-ydelseskort: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0-ikke-IFS-udbydermiljø: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Sikkerhedscenter: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatiske opdateringer: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Window Washer Engine: C:\Programmer\Webroot\Washer\WasherSvc.exe (autostart)
Automatisk konfiguration af trådløse enheder: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tjenesten Netværksadgang: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 33.750 bytes
Report generated in 0,266 seconds

Command line options:
  /verbose  - to add additional info on each section
  /complete - to include empty sections and unsuspicious data
  /full    - to include several rarely-important sections
  /force9x  - to include Win9x-only startups even if running on WinNT
  /forcent  - to include WinNT-only startups even if running on Win9x
  /forceall - to include all Win9x and WinNT startups, regardless of platform
  /history  - to list version history only